delocation: large memory model support.

Large memory models on x86-64 allow the code/data of a shared object / executable to be larger than 2GiB. This is typically impossible because x86-64 code frequently uses int32 offsets from RIP. Consider the following program: int getpid(); int main() { return getpid(); } This is turned into the following assembly under a large memory model: .L0$pb: leaq .L0$pb(%rip), %rax movabsq $_GLOBAL_OFFSET_TABLE_-.L0$pb, %rcx addq %rax, %rcx movabsq $getpid@GOT, %rdx xorl %eax, %eax jmpq *(%rcx,%rdx) # TAILCALL And, with relocations: 0: 48 8d 05 f9 ff ff ff lea -0x7(%rip),%rax # 0 <main> 7: 48 b9 00 00 00 00 00 movabs $0x0,%rcx e: 00 00 00 9: R_X86_64_GOTPC64 _GLOBAL_OFFSET_TABLE_+0x9 11: 48 01 c1 add %rax,%rcx 14: 48 ba 00 00 00 00 00 movabs $0x0,%rdx 1b: 00 00 00 16: R_X86_64_GOT64 getpid 1e: 31 c0 xor %eax,%eax 20: ff 24 11 jmpq *(%rcx,%rdx,1) We can see that, in the large memory model, function calls involve loading the address of _GLOBAL_OFFSET_TABLE_ (using `movabs`, which takes a 64-bit immediate) and then indexing into it. Both cause relocations. If we link the binary and disassemble we get: 0000000000001120 <main>: 1120: 48 8d 05 f9 ff ff ff lea -0x7(%rip),%rax # 1120 <main> 1127: 48 b9 e0 2e 00 00 00 movabs $0x2ee0,%rcx 112e: 00 00 00 1131: 48 01 c1 add %rax,%rcx 1134: 48 ba d8 ff ff ff ff movabs $0xffffffffffffffd8,%rdx 113b: ff ff ff 113e: 31 c0 xor %eax,%eax 1140: ff 24 11 jmpq *(%rcx,%rdx,1) Thus the _GLOBAL_OFFSET_TABLE_ symbol is at 0x1120+0x2ee0 = 0x4000. That's the address of the .got.plt section. But the offset “into” the table is -0x40, putting it at 0x3fd8, in .got: Idx Name Size VMA LMA File off Algn 18 .got 00000030 0000000000003fd0 0000000000003fd0 00002fd0 2**3 19 .got.plt 00000018 0000000000004000 0000000000004000 00003000 2**3 And, indeed, there's a dynamic relocation to setup that address: OFFSET TYPE VALUE 0000000000003fd8 R_X86_64_GLOB_DAT getpid@GLIBC_2.2.5 Accessing data or BSS works the same: the address of the variable is stored relative to _GLOBAL_OFFSET_TABLE_. This is a bit of a pain because we want to delocate the module into a single .text segment so that it moves through linking unaltered. If we took the obvious path and built our own offset table then it would need to contain absolute addresses, but they are only available at runtime and .text segments aren't supposed to be run-time patched. (That's why .rela.dyn is a separate segment.) If we use a different segment then we have the same problem as with the original offset table: the offset to the segment is unknown when compiling the module. Trying to pattern match this two-step lookup to do extensive rewriting seems fragile: I'm sure the compilers will move things around and interleave other work in time, if they don't already. So, in order to handle movabs trying to load _GLOBAL_OFFSET_TABLE_ we define a symbol in the same segment, but outside of the hashed region of the module, that contains the offset from that position to _GLOBAL_OFFSET_TABLE_: .boringssl_got_delta: .quad _GLOBAL_OFFSET_TABLE_-.boringssl_got_delta Then a movabs of $_GLOBAL_OFFSET_TABLE_-.Lfoo turns into: movq .boringssl_got_delta(%rip), %destreg addq $.boringssl_got_delta-.Lfoo, %destreg This works because it's calculating _GLOBAL_OFFSET_TABLE_ - got_delta + (got_delta - .Lfoo) When that value is added to .Lfoo, as the original code will do, the correct address results. Also it doesn't need an extra register because we know that 32-bit offsets are sufficient for offsets within the module. As for the offsets within the offset table, we have to load them from locations outside of the hashed part of the module to get the relocations out of the way. Again, no extra registers are needed. Change-Id: I87b19a2f8886bd9f7ac538fd55754e526bcf3097 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42324 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>
Enforce presence of ALPN when QUIC is in use.
2020-08-10 23:46:33 +00:00 · 2020-07-30 16:41:06 +00:00 · 2020-07-29 21:19:25 +00:00 · 2020-07-29 19:27:59 +00:00 · 2020-07-28 18:16:41 +00:00 · 2020-07-28 15:36:02 +00:00
2771 changed files with 667700 additions and 217019 deletions
@@ -4,4 +4,8 @@ AllowShortIfStatementsOnASingleLine: false
 AllowShortLoopsOnASingleLine: false
 DerivePointerAlignment: false
 PointerAlignment: Right
+# TODO(davidben): The default for Google style is now Regroup, but the default
+# IncludeCategories does not recognize <openssl/header.h>. We should
+# reconfigure IncludeCategories to match. For now, keep it at Preserve.
+IncludeBlocks: Preserve

@@ -1,12 +1,15 @@
 build/
+build32/
+build64/
 ssl/test/runner/runner
+*.pyc
 *.swp
 *.swo
 doc/*.html
 doc/doc.css

 util/bot/android_ndk
-util/bot/android_tools
+util/bot/android_sdk/public
 util/bot/cmake-linux64
 util/bot/cmake-linux64.tar.gz
 util/bot/cmake-mac
@@ -15,12 +18,15 @@ util/bot/cmake-win32
 util/bot/cmake-win32.zip
 util/bot/golang
 util/bot/gyp
-util/bot/libFuzzer
+util/bot/libcxx
+util/bot/libcxxabi
 util/bot/llvm-build
 util/bot/nasm-win32.exe
 util/bot/perl-win32
 util/bot/perl-win32.zip
 util/bot/sde-linux64
 util/bot/sde-linux64.tar.bz2
+util/bot/sde-win32
+util/bot/sde-win32.tar.bz2
 util/bot/win_toolchain.json
 util/bot/yasm-win32.exe
@@ -98,7 +98,10 @@ objects. `bssl::UniquePtr<T>`, like other types, is forward-declared in
 `openssl/base.h`. Code that needs access to the free functions, such as code
 which destroys a `bssl::UniquePtr`, must include the corresponding module's
 header. (This matches `std::unique_ptr`'s relationship with forward
-declarations.)
+declarations.) Note, despite the name, `bssl::UniquePtr` is also used with
+reference-counted types. It owns a single reference to the object. To take an
+additional reference, use the `bssl::UpRef` function, which will return a
+separate `bssl::UniquePtr`.


 ### Stack-allocated types
@@ -175,6 +178,67 @@ These are usually for low-level cryptographic operations. These types may be
 used freely without special cleanup conventions.


+### Ownership and lifetime
+
+When working with allocated objects, it is important to think about *ownership*
+of each object, or what code is responsible for releasing it. This matches the
+corresponding notion in higher-level languages like C++ and Rust.
+
+Ownership applies to both uniquely-owned types and reference-counted types. For
+the latter, ownership means the code is responsible for releasing one
+reference. Note a *reference* in BoringSSL refers to an increment (and eventual
+decrement) of an object's reference count, not `T&` in C++. Thus, to "take a
+reference" means to increment the reference count and take ownership of
+decrementing it.
+
+As BoringSSL's APIs are primarily in C, ownership and lifetime obligations are
+not rigorously annotated in the type signatures or checked at compile-time.
+Instead, they are described in
+[API documentation](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html).
+This section describes some conventions.
+
+Unless otherwise documented, functions do not take ownership of pointer
+arguments. The pointer typically must remain valid for the duration of the
+function call. The function may internally copy information from the argument or
+take a reference, but the caller is free to release its copy or reference at any
+point after the call completes.
+
+A function may instead be documented to *take* or *transfer* ownership of a
+pointer. The caller must own the object before the function call and, after
+transfer, no longer owns it. As a corollary, the caller may no longer reference
+the object without a separate guarantee on the lifetime. The function may even
+release the object before returning. Callers that wish to independently retain a
+transfered object must therefore take a reference or make a copy before
+transferring. Callers should also take note of whether the function is
+documented to transfer pointers unconditionally or only on success. Unlike C++
+and Rust, functions in BoringSSL typically only transfer on success.
+
+Likewise, output pointers may be owning or non-owning. Unless otherwise
+documented, functions output non-owning pointers. The caller is not responsible
+for releasing the output pointer, but it must not use the pointer beyond its
+lifetime. The pointer may be released when the parent object is released or even
+sooner on state change in the parent object.
+
+If documented to output a *newly-allocated* object or a *reference* or *copy* of
+one, the caller is responsible for releasing the object when it is done.
+
+By convention, functions named `get0` return non-owning pointers. Functions
+named `new` or `get1` return owning pointers. Functions named `set0` take
+ownership of arguments. Functions named `set1` do not. They typically take a
+reference or make a copy internally. These names originally referred to the
+effect on a reference count, but the convention applies equally to
+non-reference-counted types.
+
+API documentation may also describe more complex obligations. For instance, an
+object may borrow a pointer for longer than the duration of a single function
+call, in which case the caller must ensure the lifetime extends accordingly.
+
+Memory errors are one of the most common and dangerous bugs in C and C++, so
+callers are encouraged to make use of tools such as
+[AddressSanitizer](https://clang.llvm.org/docs/AddressSanitizer.html) and
+higher-level languages.
+
+
 ## Thread safety

 BoringSSL is internally aware of the platform threading library and calls into
@@ -2,9 +2,17 @@

 ## Build Prerequisites

-  * [CMake](https://cmake.org/download/) 2.8.11 or later is required.
+The standalone CMake build is primarily intended for developers. If embedding
+BoringSSL into another project with a pre-existing build system, see
+[INCORPORATING.md](/INCORPORATING.md).

-  * Perl 5.6.1 or later is required. On Windows,
+Unless otherwise noted, build tools must at most five years old, matching
+[Abseil guidelines](https://abseil.io/about/compatibility). If in doubt, use the
+most recent stable version of each tool.
+
+  * [CMake](https://cmake.org/download/) 3.0 or later is required.
+
+  * A recent version of Perl is required. On Windows,
    [Active State Perl](http://www.activestate.com/activeperl/) has been
    reported to work, as has MSYS Perl.
    [Strawberry Perl](http://strawberryperl.com/) also works but it adds GCC
@@ -13,27 +21,27 @@
    If Perl is not found by CMake, it may be configured explicitly by setting
    `PERL_EXECUTABLE`.

-  * On Windows you currently must use [Ninja](https://ninja-build.org/)
-    to build; on other platforms, it is not required, but recommended, because
-    it makes builds faster.
+  * Building with [Ninja](https://ninja-build.org/) instead of Make is
+    recommended, because it makes builds faster. On Windows, CMake's Visual
+    Studio generator may also work, but it not tested regularly and requires
+    recent versions of CMake for assembly support.

-  * If you need to build Ninja from source, then a recent version of
-    [Python](https://www.python.org/downloads/) is required (Python 2.7.5 works).
-
-  * On Windows only, [Yasm](http://yasm.tortall.net/) is required. If not found
+  * On Windows only, [NASM](https://www.nasm.us/) is required. If not found
    by CMake, it may be configured explicitly by setting
    `CMAKE_ASM_NASM_COMPILER`.

-  * A C compiler is required. On Windows, MSVC 14 (Visual Studio 2015) or later
-    with Platform SDK 8.1 or later are supported. Recent versions of GCC (4.8+)
-    and Clang should work on non-Windows platforms, and maybe on Windows too.
-    To build the tests, you also need a C++ compiler with C++11 support.
+  * C and C++ compilers with C++11 support are required. On Windows, MSVC 14
+    (Visual Studio 2015) or later with Platform SDK 8.1 or later are supported.
+    Recent versions of GCC (4.8+) and Clang should work on non-Windows
+    platforms, and maybe on Windows too.

-  * [Go](https://golang.org/dl/) is required. If not found by CMake, the go
-    executable may be configured explicitly by setting `GO_EXECUTABLE`.
+  * The most recent stable version of [Go](https://golang.org/dl/) is required.
+    Note Go is exempt from the five year support window. If not found by CMake,
+    the go executable may be configured explicitly by setting `GO_EXECUTABLE`.

-  * To build the x86 and x86\_64 assembly, your assembler must support AVX2
-    instructions and MOVBE. If using GNU binutils, you must have 2.22 or later
+  * On x86_64 Linux, the tests have an optional
+    [libunwind](https://www.nongnu.org/libunwind/) dependency to test the
+    assembly more thoroughly.

 ## Building

@@ -95,12 +103,23 @@ Once you've run that, Ninja should produce Android-compatible binaries.  You
 can replace `armeabi-v7a` in the above with `arm64-v8a` and use API level 21 or
 higher to build aarch64 binaries.

-For older NDK versions, BoringSSL ships a third-party CMake toolchain file. Use
-`../third_party/android-cmake/android.toolchain.cmake` for
-`CMAKE_TOOLCHAIN_FILE` instead.
-
 For other options, see the documentation in the toolchain file.

+To debug the resulting binaries on an Android device with `gdb`, run the
+commands below. Replace `ARCH` with the architecture of the target device, e.g.
+`arm` or `arm64`.
+
+    adb push ${ANDROID_NDK}/prebuilt/android-ARCH/gdbserver/gdbserver \
+        /data/local/tmp
+    adb forward tcp:5039 tcp:5039
+    adb shell /data/local/tmp/gdbserver :5039 /path/on/device/to/binary
+
+Then run the following in a separate shell. Replace `HOST` with the OS and
+architecture of the host machine, e.g. `linux-x86_64`.
+
+    ${ANDROID_NDK}/prebuilt/HOST/bin/gdb
+    target remote :5039  # in gdb
+
 ### Building for iOS

 To build for iOS, pass `-DCMAKE_OSX_SYSROOT=iphoneos` and
@@ -110,6 +129,32 @@ architecture, matching values used in the `-arch` flag in Apple's toolchain.
 Passing multiple architectures for a multiple-architecture build is not
 supported.

+### Building with Prefixed Symbols
+
+BoringSSL's build system has experimental support for adding a custom prefix to
+all symbols. This can be useful when linking multiple versions of BoringSSL in
+the same project to avoid symbol conflicts.
+
+In order to build with prefixed symbols, the `BORINGSSL_PREFIX` CMake variable
+should specify the prefix to add to all symbols, and the
+`BORINGSSL_PREFIX_SYMBOLS` CMake variable should specify the path to a file
+which contains a list of symbols which should be prefixed (one per line;
+comments are supported with `#`). In other words, `cmake ..
+-DBORINGSSL_PREFIX=MY_CUSTOM_PREFIX
+-DBORINGSSL_PREFIX_SYMBOLS=/path/to/symbols.txt` will configure the build to add
+the prefix `MY_CUSTOM_PREFIX` to all of the symbols listed in
+`/path/to/symbols.txt`.
+
+It is currently the caller's responsibility to create and maintain the list of
+symbols to be prefixed. Alternatively, `util/read_symbols.go` reads the list of
+exported symbols from a `.a` file, and can be used in a build script to generate
+the symbol list on the fly (by building without prefixing, using
+`read_symbols.go` to construct a symbol list, and then building again with
+prefixing).
+
+This mechanism is under development and may change over time. Please contact the
+BoringSSL maintainers if making use of it.
+
 ## Known Limitations on Windows

  * Versions of CMake since 3.0.2 have a bug in its Ninja generator that causes
@@ -1,13 +1,7 @@
-cmake_minimum_required (VERSION 2.8.11)
-
-# Report AppleClang separately from Clang. Their version numbers are different.
-# https://cmake.org/cmake/help/v3.0/policy/CMP0025.html
-if(POLICY CMP0025)
-  cmake_policy(SET CMP0025 NEW)
-endif()
+cmake_minimum_required(VERSION 3.3)

 # Defer enabling C and CXX languages.
-project (BoringSSL NONE)
+project(BoringSSL NONE)

 if(WIN32)
  # On Windows, prefer cl over gcc if both are available. By default most of
@@ -20,6 +14,11 @@ include(sources.cmake)
 enable_language(C)
 enable_language(CXX)

+# This is a dummy target which all other targets depend on (manually - see other
+# CMakeLists.txt files). This gives us a hook to add any targets which need to
+# run before all other targets.
+add_custom_target(global_target)
+
 if(ANDROID)
  # Android-NDK CMake files reconfigure the path and so Go and Perl won't be
  # found. However, ninja will still find them in $PATH if we just name them.
@@ -34,22 +33,91 @@ else()
  find_program(GO_EXECUTABLE go)
 endif()

-if (NOT GO_EXECUTABLE)
+if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING)
+  find_package(PkgConfig QUIET)
+  if (PkgConfig_FOUND)
+    pkg_check_modules(LIBUNWIND libunwind-generic)
+    if(LIBUNWIND_FOUND)
+      add_definitions(-DBORINGSSL_HAVE_LIBUNWIND)
+    else()
+      message("libunwind not found. Disabling unwind tests.")
+    endif()
+  else()
+    message("pkgconfig not found. Disabling unwind tests.")
+  endif()
+endif()
+
+if(NOT GO_EXECUTABLE)
  message(FATAL_ERROR "Could not find Go")
 endif()

-if (BORINGSSL_ALLOW_CXX_RUNTIME)
+if(USE_CUSTOM_LIBCXX)
+  set(BORINGSSL_ALLOW_CXX_RUNTIME 1)
+endif()
+
+if(BORINGSSL_ALLOW_CXX_RUNTIME)
  add_definitions(-DBORINGSSL_ALLOW_CXX_RUNTIME)
 endif()

+string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
+if(NOT FIPS)
+  if(CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithassert" OR
+     NOT CMAKE_BUILD_TYPE_LOWER MATCHES "rel")
+    add_definitions(-DBORINGSSL_DISPATCH_TEST)
+    # CMake automatically connects include_directories to the NASM
+    # command-line, but not add_definitions.
+    set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_DISPATCH_TEST")
+  endif()
+endif()
+
+# Add a RelWithAsserts build configuration. It is the same as Release, except it
+# does not define NDEBUG, so asserts run.
+foreach(VAR CMAKE_C_FLAGS CMAKE_CXX_FLAGS CMAKE_ASM_FLAGS)
+  string(REGEX REPLACE "(^| )[/-]DNDEBUG( |$)" " " "${VAR}_RELWITHASSERTS"
+         "${${VAR}_RELEASE}")
+endforeach()
+
+if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS)
+  add_definitions(-DBORINGSSL_PREFIX=${BORINGSSL_PREFIX})
+  # CMake automatically connects include_directories to the NASM command-line,
+  # but not add_definitions.
+  set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}")
+
+  # Use "symbol_prefix_include" to store generated header files
+  include_directories(${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include)
+  add_custom_command(
+    OUTPUT symbol_prefix_include/boringssl_prefix_symbols.h
+           symbol_prefix_include/boringssl_prefix_symbols_asm.h
+           symbol_prefix_include/boringssl_prefix_symbols_nasm.inc
+    COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include
+    COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include ${BORINGSSL_PREFIX_SYMBOLS}
+    DEPENDS util/make_prefix_headers.go
+            ${CMAKE_BINARY_DIR}/${BORINGSSL_PREFIX_SYMBOLS})
+
+  # add_dependencies needs a target, not a file, so we add an intermediate
+  # target.
+  add_custom_target(
+    boringssl_prefix_symbols
+    DEPENDS symbol_prefix_include/boringssl_prefix_symbols.h
+            symbol_prefix_include/boringssl_prefix_symbols_asm.h
+            symbol_prefix_include/boringssl_prefix_symbols_nasm.inc)
+  add_dependencies(global_target boringssl_prefix_symbols)
+elseif(BORINGSSL_PREFIX OR BORINGSSL_PREFIX_SYMBOLS)
+  message(FATAL_ERROR "Must specify both or neither of BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS")
+endif()
+
 if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
  set(CLANG 1)
 endif()

+if(CMAKE_SYSTEM_NAME STREQUAL "Emscripten")
+  set(EMSCRIPTEN 1)
+endif()
+
 if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
  # Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration
  # primarily on our normal Clang one.
-  set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wmissing-field-initializers -Wwrite-strings")
+  set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wmissing-field-initializers -Wwrite-strings -Wvla")
  if(MSVC)
    # clang-cl sets different default warnings than clang. It also treats -Wall
    # as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall.
@@ -59,7 +127,14 @@ if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
    # honor it. Suppress it here to compensate. See https://crbug.com/772117.
    set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-deprecated-declarations")
  else()
-    set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wall -ggdb -fvisibility=hidden -fno-common")
+    if(EMSCRIPTEN)
+      # emscripten's emcc/clang does not accept the "-ggdb" flag.
+      set(C_CXX_FLAGS "${C_CXX_FLAGS} -g")
+    else()
+      set(C_CXX_FLAGS "${C_CXX_FLAGS} -ggdb")
+    endif()
+
+    set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wall -fvisibility=hidden -fno-common")
  endif()

  if(CLANG)
@@ -140,6 +215,7 @@ elseif(MSVC)
              # copy constructor is inaccessible or deleted
      "C4626" # assignment operator could not be generated because a base class
              # assignment operator is inaccessible or deleted
+      "C4628" # digraphs not supported with -Ze
      "C4668" # 'symbol' is not defined as a preprocessor macro, replacing with
              # '0' for 'directives'
              # Disable this because GTest uses it everywhere.
@@ -172,11 +248,10 @@ if(WIN32)
  add_definitions(-DNOMINMAX)
  # Allow use of fopen.
  add_definitions(-D_CRT_SECURE_NO_WARNINGS)
-  # VS 2017 and higher supports STL-only warning suppressions. Manually add to
-  # C++ only to work around a CMake quoting bug when using NASM with the Visual
-  # Studio generator. This will be fixed in CMake 3.13.0. See
-  # https://gitlab.kitware.com/cmake/cmake/merge_requests/2179
-  add_compile_options($<$<COMPILE_LANGUAGE:CXX>:-D_STL_EXTRA_DISABLED_WARNINGS=4774\ 4987>)
+  # VS 2017 and higher supports STL-only warning suppressions.
+  # A bug in CMake < 3.13.0 may cause the space in this value to
+  # cause issues when building with NASM. In that case, update CMake.
+  add_definitions("-D_STL_EXTRA_DISABLED_WARNINGS=4774 4987")
 endif()

 if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.7.99") OR
@@ -186,7 +261,7 @@ if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.7.9
 endif()

 if(CMAKE_COMPILER_IS_GNUCXX)
-  if ((CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.8.99") OR CLANG)
+  if((CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.8.99") OR CLANG)
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11")
  else()
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
@@ -203,6 +278,10 @@ if(FUZZ)
    message(FATAL_ERROR "You need to build with Clang for fuzzing to work")
  endif()

+  if(CMAKE_C_COMPILER_VERSION VERSION_LESS "6.0.0")
+    message(FATAL_ERROR "You need Clang ≥ 6.0.0")
+  endif()
+
  add_definitions(-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE)
  set(RUNNER_ARGS "-deterministic")

@@ -211,43 +290,40 @@ if(FUZZ)
    set(RUNNER_ARGS ${RUNNER_ARGS} "-fuzzer" "-shim-config" "fuzzer_mode.json")
  endif()

-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-pc-guard")
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-pc-guard")
-  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address")
-  link_directories(.)
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls")
 endif()

 add_definitions(-DBORINGSSL_IMPLEMENTATION)

-if (BUILD_SHARED_LIBS)
+if(BUILD_SHARED_LIBS)
  add_definitions(-DBORINGSSL_SHARED_LIBRARY)
  # Enable position-independent code globally. This is needed because
  # some library targets are OBJECT libraries.
  set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
 endif()

-if (MSAN)
+if(MSAN)
  if(NOT CLANG)
    message(FATAL_ERROR "Cannot enable MSAN unless using Clang")
  endif()

-  if (ASAN)
+  if(ASAN)
    message(FATAL_ERROR "ASAN and MSAN are mutually exclusive")
  endif()

  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer")
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer")
-  set(OPENSSL_NO_ASM "1")
+  set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer")
 endif()

-if (ASAN)
+if(ASAN)
  if(NOT CLANG)
    message(FATAL_ERROR "Cannot enable ASAN unless using Clang")
  endif()

  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer")
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer")
-  set(OPENSSL_NO_ASM "1")
 endif()

 if(CFI)
@@ -255,9 +331,8 @@ if(CFI)
    message(FATAL_ERROR "Cannot enable CFI unless using Clang")
  endif()

-  # TODO(crbug.com/785442): Remove -fsanitize-cfi-icall-generalize-pointers.
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -fsanitize-cfi-icall-generalize-pointers -flto")
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -fsanitize-cfi-icall-generalize-pointers -flto")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin")
  # We use Chromium's copy of clang, which requires -fuse-ld=lld if building
  # with -flto. That, in turn, can't handle -ggdb.
  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld")
@@ -268,7 +343,33 @@ if(CFI)
  set(OPENSSL_NO_ASM "1")
 endif()

-if (GCOV)
+if(TSAN)
+  if(NOT CLANG)
+    message(FATAL_ERROR "Cannot enable TSAN unless using Clang")
+  endif()
+
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=thread")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=thread")
+  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=thread")
+endif()
+
+if(UBSAN)
+  if(NOT CLANG)
+    message(FATAL_ERROR "Cannot enable UBSAN unless using Clang")
+  endif()
+
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined")
+  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=undefined")
+
+  if(NOT UBSAN_RECOVER)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize-recover=undefined")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-sanitize-recover=undefined")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fno-sanitize-recover=undefined")
+  endif()
+endif()
+
+if(GCOV)
  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage")
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage")
 endif()
@@ -278,9 +379,21 @@ if(FIPS)
  if(FIPS_BREAK_TEST)
    add_definitions("-DBORINGSSL_FIPS_BREAK_${FIPS_BREAK_TEST}=1")
  endif()
-  # Delocate does not work for ASan and MSan builds.
+  # The FIPS integrity check does not work for ASan and MSan builds.
  if(NOT ASAN AND NOT MSAN)
-    set(FIPS_DELOCATE "1")
+    if(BUILD_SHARED_LIBS)
+      set(FIPS_SHARED "1")
+    else()
+      set(FIPS_DELOCATE "1")
+    endif()
+  endif()
+  if(FIPS_SHARED)
+    # The Android CMake files set -ffunction-sections and -fdata-sections,
+    # which is incompatible with FIPS_SHARED.
+    set(CMAKE_C_FLAGS
+        "${CMAKE_C_FLAGS} -fno-function-sections -fno-data-sections")
+    set(CMAKE_CXX_FLAGS
+        "${CMAKE_CXX_FLAGS} -fno-function-sections -fno-data-sections")
  endif()
 endif()

@@ -288,67 +401,165 @@ if(OPENSSL_SMALL)
  add_definitions(-DOPENSSL_SMALL)
 endif()

+if(CONSTANT_TIME_VALIDATION)
+  add_definitions(-DBORINGSSL_CONSTANT_TIME_VALIDATION)
+  # Asserts will often test secret data.
+  add_definitions(-DNDEBUG)
+endif()
+
+function(go_executable dest package)
+  set(godeps "${CMAKE_SOURCE_DIR}/util/godeps.go")
+  if(${CMAKE_VERSION} VERSION_LESS "3.7" OR
+     NOT ${CMAKE_GENERATOR} STREQUAL "Ninja")
+    # The DEPFILE parameter to add_custom_command is new as of CMake 3.7 and
+    # only works with Ninja. Query the sources at configure time. Additionally,
+    # everything depends on go.mod. That affects what external packages to use.
+    execute_process(COMMAND ${GO_EXECUTABLE} run ${godeps} -format cmake
+                            -pkg ${package}
+                    WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+                    OUTPUT_VARIABLE sources
+                    RESULT_VARIABLE godeps_result)
+    add_custom_command(OUTPUT ${dest}
+                       COMMAND ${GO_EXECUTABLE} build
+                               -o ${CMAKE_CURRENT_BINARY_DIR}/${dest} ${package}
+                       WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+                       DEPENDS ${sources} ${CMAKE_SOURCE_DIR}/go.mod)
+  else()
+    # Ninja expects the target in the depfile to match the output. This is a
+    # relative path from the build directory.
+    string(LENGTH "${CMAKE_BINARY_DIR}" root_dir_length)
+    math(EXPR root_dir_length "${root_dir_length} + 1")
+    string(SUBSTRING "${CMAKE_CURRENT_BINARY_DIR}" ${root_dir_length} -1 target)
+    set(target "${target}/${dest}")
+
+    set(depfile "${CMAKE_CURRENT_BINARY_DIR}/${dest}.d")
+    add_custom_command(OUTPUT ${dest}
+                       COMMAND ${GO_EXECUTABLE} build
+                               -o ${CMAKE_CURRENT_BINARY_DIR}/${dest} ${package}
+                       COMMAND ${GO_EXECUTABLE} run ${godeps} -format depfile
+                               -target ${target} -pkg ${package} -out ${depfile}
+                       WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+                       DEPENDS ${godeps} ${CMAKE_SOURCE_DIR}/go.mod
+                       DEPFILE ${depfile})
+  endif()
+endfunction()
+
 # CMake's iOS support uses Apple's multiple-architecture toolchain. It takes an
 # architecture list from CMAKE_OSX_ARCHITECTURES, leaves CMAKE_SYSTEM_PROCESSOR
 # alone, and expects all architecture-specific logic to be conditioned within
 # the source files rather than the build. This does not work for our assembly
 # files, so we fix CMAKE_SYSTEM_PROCESSOR and only support single-architecture
 # builds.
-if (NOT OPENSSL_NO_ASM AND CMAKE_OSX_ARCHITECTURES)
+if(NOT OPENSSL_NO_ASM AND CMAKE_OSX_ARCHITECTURES)
  list(LENGTH CMAKE_OSX_ARCHITECTURES NUM_ARCHES)
-  if (NOT ${NUM_ARCHES} EQUAL 1)
+  if(NOT ${NUM_ARCHES} EQUAL 1)
    message(FATAL_ERROR "Universal binaries not supported.")
  endif()
  list(GET CMAKE_OSX_ARCHITECTURES 0 CMAKE_SYSTEM_PROCESSOR)
 endif()

-if (OPENSSL_NO_ASM)
+if(OPENSSL_NO_SSE2_FOR_TESTING)
+  add_definitions(-DOPENSSL_NO_SSE2_FOR_TESTING)
+endif()
+
+if(OPENSSL_NO_ASM)
  add_definitions(-DOPENSSL_NO_ASM)
  set(ARCH "generic")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86_64")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86_64")
  set(ARCH "x86_64")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64")
  set(ARCH "x86_64")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64")
  # cmake reports AMD64 on Windows, but we might be building for 32-bit.
-  if (CMAKE_CL_64)
+  if(CMAKE_SIZEOF_VOID_P EQUAL 8)
    set(ARCH "x86_64")
  else()
    set(ARCH "x86")
  endif()
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86")
  set(ARCH "x86")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i386")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i386")
  set(ARCH "x86")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i686")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i686")
  set(ARCH "x86")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64")
  set(ARCH "aarch64")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64")
  set(ARCH "aarch64")
-elseif (${CMAKE_SYSTEM_PROCESSOR} MATCHES "^arm*")
+# Apple A12 Bionic chipset which is added in iPhone XS/XS Max/XR uses arm64e architecture.
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64e")
+  set(ARCH "aarch64")
+elseif(${CMAKE_SYSTEM_PROCESSOR} MATCHES "^arm*")
  set(ARCH "arm")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "mips")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "mips")
  # Just to avoid the “unknown processor” error.
  set(ARCH "generic")
-elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "ppc64le")
+elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "ppc64le")
  set(ARCH "ppc64le")
 else()
  message(FATAL_ERROR "Unknown processor:" ${CMAKE_SYSTEM_PROCESSOR})
 endif()

-if (ANDROID AND NOT ANDROID_NDK_REVISION AND ${ARCH} STREQUAL "arm")
+if(ANDROID AND NOT ANDROID_NDK_REVISION AND ${ARCH} STREQUAL "arm")
  # The third-party Android-NDK CMake files somehow fail to set the -march flag
  # for assembly files. Without this flag, the compiler believes that it's
  # building for ARMv5.
  set(CMAKE_ASM_FLAGS "-march=${CMAKE_SYSTEM_PROCESSOR} ${CMAKE_ASM_FLAGS}")
 endif()

-if (${ARCH} STREQUAL "x86" AND APPLE AND ${CMAKE_VERSION} VERSION_LESS "3.0")
-  # With CMake 2.8.x, ${CMAKE_SYSTEM_PROCESSOR} evalutes to i386 on OS X,
-  # but clang defaults to 64-bit builds on OS X unless otherwise told.
-  # Set ARCH to x86_64 so clang and CMake agree. This is fixed in CMake 3.
-  set(ARCH "x86_64")
+if(USE_CUSTOM_LIBCXX)
+  if(NOT CLANG)
+    message(FATAL_ERROR "USE_CUSTOM_LIBCXX only supported with Clang")
+  endif()
+
+  # CMAKE_CXX_FLAGS ends up in the linker flags as well, so use
+  # add_compile_options. There does not appear to be a way to set
+  # language-specific compile-only flags.
+  add_compile_options("-nostdinc++")
+  set(CMAKE_CXX_LINK_FLAGS "${CMAKE_CXX_LINK_FLAGS} -nostdlib++")
+  include_directories(
+    SYSTEM
+    util/bot/libcxx/include
+    util/bot/libcxxabi/include
+  )
+
+  # This is patterned after buildtools/third_party/libc++/BUILD.gn and
+  # buildtools/third_party/libc++abi/BUILD.gn in Chromium.
+
+  file(GLOB LIBCXX_SOURCES "util/bot/libcxx/src/*.cpp")
+  file(GLOB LIBCXXABI_SOURCES "util/bot/libcxxabi/src/*.cpp")
+
+  # This file is meant for exception-less builds.
+  list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_noexception.cpp")
+  # libc++ also defines new and delete.
+  list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/stdlib_new_delete.cpp")
+  if(TSAN)
+    # ThreadSanitizer tries to intercept these symbols. Skip them to avoid
+    # symbol conflicts.
+    list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_guard.cpp")
+  endif()
+
+  add_library(libcxxabi ${LIBCXXABI_SOURCES})
+  target_compile_definitions(
+    libcxxabi PRIVATE
+    -D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS
+  )
+  set_target_properties(libcxxabi PROPERTIES COMPILE_FLAGS "-Wno-missing-prototypes -Wno-implicit-fallthrough")
+
+  add_library(libcxx ${LIBCXX_SOURCES})
+  if(ASAN OR MSAN OR TSAN)
+    # Sanitizers try to intercept new and delete.
+    target_compile_definitions(
+      libcxx PRIVATE
+      -D_LIBCPP_DISABLE_NEW_DELETE_DEFINITIONS
+    )
+  endif()
+  target_compile_definitions(
+    libcxx PRIVATE
+    -D_LIBCPP_BUILDING_LIBRARY
+    -DLIBCXX_BUILDING_LIBCXXABI
+  )
+  target_link_libraries(libcxx libcxxabi)
 endif()

 # Add minimal googletest targets. The provided one has many side-effects, and
@@ -362,21 +573,32 @@ include_directories(third_party/googletest/include)
 # themselves as dependencies next to the target definition.
 add_custom_target(all_tests)

+# On Windows, CRYPTO_TEST_DATA is too long to fit in command-line limits.
+# TODO(davidben): CMake 3.12 has a list(JOIN) command. Use that when we've
+# updated the minimum version.
+set(EMBED_TEST_DATA_ARGS "")
+foreach(arg ${CRYPTO_TEST_DATA})
+  set(EMBED_TEST_DATA_ARGS "${EMBED_TEST_DATA_ARGS}${arg}\n")
+endforeach()
+file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/embed_test_data_args.txt"
+     "${EMBED_TEST_DATA_ARGS}")
+
 add_custom_command(
  OUTPUT crypto_test_data.cc
-  COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go ${CRYPTO_TEST_DATA} >
-  ${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc
+  COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go -file-list
+          "${CMAKE_CURRENT_BINARY_DIR}/embed_test_data_args.txt" >
+          "${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc"
  DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA}
  WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})

 add_library(crypto_test_data OBJECT crypto_test_data.cc)

 add_subdirectory(crypto)
-add_subdirectory(third_party/fiat)
 add_subdirectory(ssl)
 add_subdirectory(ssl/test)
-add_subdirectory(fipstools)
 add_subdirectory(tool)
+add_subdirectory(util/fipstools/cavp)
+add_subdirectory(util/fipstools/acvp/modulewrapper)
 add_subdirectory(decrepit)

 if(FUZZ)
@@ -391,9 +613,8 @@ if(FUZZ)
  add_subdirectory(fuzz)
 endif()

-if (NOT ${CMAKE_VERSION} VERSION_LESS "3.2")
-  # USES_TERMINAL is only available in CMake 3.2 or later.
-  set(MAYBE_USES_TERMINAL USES_TERMINAL)
+if(UNIX AND NOT APPLE AND NOT ANDROID)
+  set(HANDSHAKER_ARGS "-handshaker-path" $<TARGET_FILE:handshaker>)
 endif()

 add_custom_target(
@@ -402,7 +623,7 @@ add_custom_target(
            ${CMAKE_BINARY_DIR}
    COMMAND cd ssl/test/runner &&
            ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim>
-              ${RUNNER_ARGS}
+              ${HANDSHAKER_ARGS} ${RUNNER_ARGS}
    WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
-    DEPENDS all_tests bssl_shim
-    ${MAYBE_USES_TERMINAL})
+    DEPENDS all_tests bssl_shim handshaker
+    USES_TERMINAL)
@@ -2,23 +2,17 @@

 Modern fuzz testers are very effective and we wish to use them to ensure that no silly bugs creep into BoringSSL.

-We primarily use Clang's [libFuzzer](http://llvm.org/docs/LibFuzzer.html) for fuzz testing and there are a number of fuzz testing functions in `fuzz/`. They are not built by default because they require libFuzzer at build time.
+We use Clang's [libFuzzer](http://llvm.org/docs/LibFuzzer.html) for fuzz testing and there are a number of fuzz testing functions in `fuzz/`. They are not built by default because they require that the rest of BoringSSL be built with some changes that make fuzzing much more effective, but are completely unsafe for real use.

-In order to build the fuzz tests you will need at least Clang 3.7. Pass `-DFUZZ=1` on the CMake command line to enable building BoringSSL with coverage and AddressSanitizer, and to build the fuzz test binaries. You'll probably need to set the `CC` and `CXX` environment variables too, like this:
+In order to build the fuzz tests you will need at least Clang 6.0. Pass `-DFUZZ=1` on the CMake command line to enable building BoringSSL with coverage and AddressSanitizer, and to build the fuzz test binaries. You'll probably need to set the `CC` and `CXX` environment variables too, like this:

 ```
+mkdir build
+cd build
 CC=clang CXX=clang++ cmake -GNinja -DFUZZ=1 ..
+ninja
 ```

-In order for the fuzz tests to link, the linker needs to find libFuzzer. This is not commonly provided and you may need to download the [Clang source code](http://llvm.org/releases/download.html) and do the following:
-
-```
-svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
-clang++ -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
-ar ruv libFuzzer.a Fuzzer*.o
-```
-
-Then copy `libFuzzer.a` to the top-level of your BoringSSL source directory.

 From the `build/` directory, you can then run the fuzzers. For example:

@@ -32,6 +26,8 @@ The recommended values of `max_len` for each test are:

 | Test          | `max_len` value |
 |---------------|-----------------|
+| `bn_div`      | 384             |
+| `bn_mod_exp`  | 4096            |
 | `cert`        | 10000           |
 | `client`      | 20000           |
 | `pkcs8`       | 2048            |
@@ -37,7 +37,7 @@ updating things more complex.

 BoringSSL is designed to work with many different build systems. Currently,
 different projects use [GYP](https://gyp.gsrc.io/),
-[GN](https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/quick_start.md),
+[GN](https://gn.googlesource.com/gn/+/master/docs/quick_start.md),
 [Bazel](https://bazel.build/) and [Make](https://www.gnu.org/software/make/)  to
 build BoringSSL, without too much pain.

@@ -21,6 +21,13 @@ these patches in multiple places was growing steadily.
 Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's
 not part of the NDK) and a number of other apps/programs.

+Project links:
+
+  * [API documentation](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html)
+  * [Bug tracker](https://bugs.chromium.org/p/boringssl/issues/list)
+  * [CI](https://ci.chromium.org/p/boringssl/g/main/console)
+  * [Code review](https://boringssl-review.googlesource.com)
+
 There are other files in this directory which might be helpful:

  * [PORTING.md](/PORTING.md): how to port OpenSSL-using code to BoringSSL.
@@ -32,3 +39,4 @@ There are other files in this directory which might be helpful:
  * [FUZZING.md](/FUZZING.md): information about fuzzing BoringSSL.
  * [CONTRIBUTING.md](/CONTRIBUTING.md): how to contribute to BoringSSL.
  * [BREAKING-CHANGES.md](/BREAKING-CHANGES.md): notes on potentially-breaking changes.
+  * [SANDBOXING.md](/SANDBOXING.md): notes on using BoringSSL in a sandboxed environment.
@@ -0,0 +1,138 @@
+# Using BoringSSL in a Sandbox
+
+Sandboxes are a valuable tool for securing applications, so BoringSSL aims to
+support them. However, it is difficult to make concrete API guarantees with
+sandboxes. Sandboxes remove low-level OS resources and system calls, which
+breaks platform abstractions. A syscall-filtering sandbox may, for instance, be
+sensitive to otherwise non-breaking changes to use newer syscalls
+in either BoringSSL or the C library.
+
+Some functions in BoringSSL, such as `BIO_new_file`, inherently need OS
+resources like the filesystem. We assume that sandboxed consumers either avoid
+those functions or make necessary resources available. Other functions like
+`RSA_sign` are purely computational, but still have some baseline OS
+dependencies.
+
+Sandboxes which drop privileges partway through a process's lifetime are
+additionally sensitive to OS resources retained across the transitions. For
+instance, if a library function internally opened and retained a handle to the
+user's home directory, and then the application called `chroot`, that handle
+would be a sandbox escape.
+
+This document attempts to describe these baseline OS dependencies and long-lived
+internal resources. These dependencies may change over time, but we aim to
+[work with sandboxed consumers](/BREAKING-CHANGES.md) when they do. However,
+each sandbox imposes different constraints, so, above all, sandboxed consumers
+must have ample test coverage to detect issues as they arise.
+
+## Baseline dependencies
+
+Callers must assume that any BoringSSL function may perform one of the following
+operations:
+
+### Memory allocation
+
+Any BoringSSL function may allocate memory via `malloc` and related functions.
+
+### Thread synchronization
+
+Any BoringSSL function may call into the platform's thread synchronization
+primitives, including read/write locks and the equivalent of `pthread_once`.
+These must succeed, or BoringSSL will abort the process. Callers, however, can
+assume that BoringSSL functions will not spawn internal threads, unless
+otherwise documented.
+
+Syscall-filtering sandboxes should note that BoringSSL uses `pthread_rwlock_t`
+on POSIX systems, which is less common and may not be part of other libraries'
+syscall surface. Additionally, thread synchronization primitives usually have an
+atomics-based fast path. If a sandbox blocks a necessary pthreads syscall, it
+may not show up in testing without lock contention.
+
+### Standard error
+
+Any BoringSSL function may write to `stderr` or file descriptor
+`STDERR_FILENO` (2), either via `FILE` APIs or low-level functions like `write`.
+Writes to `stderr` may fail, but there must some file at `STDERR_FILENO` which
+will tolerate error messages from BoringSSL. (The file descriptor must be
+allocated so calls to `open` do not accidentally open something else there.)
+
+Note some C standard library implementations also log to `stderr`, so callers
+should ensure this regardless.
+
+### Entropy
+
+Any BoringSSL function may draw entropy from the OS. On Windows, this uses
+`RtlGenRandom` and, on POSIX systems, this uses `getrandom`, `getentropy`, or a
+`read` from a file descriptor to `/dev/urandom`. These operations must succeed
+or BoringSSL will abort the process. BoringSSL only probes for `getrandom`
+support once and assumes support is consistent for the lifetime of the address
+space (and any copies made via `fork`). If a syscall-filtering sandbox is
+enabled partway through this lifetime and changes whether `getrandom` works,
+BoringSSL may abort the process. Sandboxes are recommended to allow
+`getrandom`.
+
+Note even deterministic algorithms may require OS entropy. For example,
+RSASSA-PKCS1-v1_5 is deterministic, but BoringSSL draws entropy to implement
+RSA blinding.
+
+Entropy gathering additionally has some initialization dependencies described in
+the following section.
+
+## Initialization
+
+BoringSSL has some uncommon OS dependencies which are only used once to
+initialize some state. Sandboxes which drop privileges after some setup work may
+use `CRYPTO_pre_sandbox_init` to initialize this state ahead of time. Otherwise,
+callers must assume any BoringSSL function may depend on these resources, in
+addition to the operations above.
+
+### CPU capabilities
+
+On Linux ARM platforms, BoringSSL depends on OS APIs to query CPU capabilities.
+32-bit and 64-bit ARM both depend on the `getauxval` function. 32-bit ARM, to
+work around bugs in older Android devices, may additionally read `/proc/cpuinfo`
+and `/proc/self/auxv`.
+
+If querying CPU capabilities fails, BoringSSL will still function, but may not
+perform as well.
+
+### Entropy
+
+On Linux systems without a working `getrandom`, drawing entropy from the OS
+additionally requires opening `/dev/urandom`. If this fails, BoringSSL will
+abort the process. BoringSSL retains the resulting file descriptor, even across
+privilege transitions.
+
+### Fork protection
+
+On Linux, BoringSSL allocates a page and calls `madvise` with `MADV_WIPEONFORK`
+to protect single-use state from `fork`. This operation must not crash, but if
+it fails, BoringSSL will use alternate fork-safety strategies, potentially at a
+performance cost. If it succeeds, BoringSSL assumes `MADV_WIPEONFORK` is
+functional and relies on it for fork-safety. Sandboxes must not report success
+if they ignore the `MADV_WIPEONFORK` flag. As of writing, QEMU will ignore
+`madvise` calls and report success, so BoringSSL detects this by calling
+`madvise` with -1. Sandboxes must cleanly report an error instead of crashing.
+
+Once initialized, this mechanism does not require system calls in the steady
+state, though note the configured page will be inherited across privilege
+transitions.
+
+## C and C++ standard library
+
+BoringSSL depends on the C and C++ standard libraries which, themselves, do not
+make any guarantees about sandboxes. If it produces the correct answer and has
+no observable invalid side effects, it is possible, though unreasonable, for
+`memcmp` to create and close a socket.
+
+BoringSSL assumes that functions in the C and C++ library only have the platform
+dependencies which would be "reasonable". For instance, a function in BoringSSL
+which aims not to open files will still freely call any libc memory and
+string functions.
+
+Note some C functions, such as `strerror`, may read files relating to the user's
+locale. BoringSSL may trigger these paths and assumes the sandbox environment
+will tolerate this. BoringSSL additionally cannot make guarantees about which
+system calls are used by standard library's syscall wrappers. In some cases, the
+compiler may add dependencies. (Some C++ language features emit locking code.)
+Syscall-filtering sandboxes may need updates as these dependencies change.
@@ -1,4 +1,4 @@
-# This file is used by gcl to get repository specific information. 
+# This file is used by "git cl" to get repository specific information.
 GERRIT_HOST: True
 GERRIT_PORT: True
 CODE_REVIEW_SERVER: https://boringssl-review.googlesource.com
@@ -2,27 +2,27 @@ include_directories(../include)

 if(NOT OPENSSL_NO_ASM)
  if(UNIX)
-    if (${ARCH} STREQUAL "aarch64")
+    if(${ARCH} STREQUAL "aarch64")
      # The "armx" Perl scripts look for "64" in the style argument
      # in order to decide whether to generate 32- or 64-bit asm.
-      if (APPLE)
+      if(APPLE)
        set(PERLASM_STYLE ios64)
      else()
        set(PERLASM_STYLE linux64)
      endif()
-    elseif (${ARCH} STREQUAL "arm")
-      if (APPLE)
+    elseif(${ARCH} STREQUAL "arm")
+      if(APPLE)
        set(PERLASM_STYLE ios32)
      else()
        set(PERLASM_STYLE linux32)
      endif()
-    elseif (${ARCH} STREQUAL "ppc64le")
+    elseif(${ARCH} STREQUAL "ppc64le")
      set(PERLASM_STYLE linux64le)
    else()
-      if (${ARCH} STREQUAL "x86")
+      if(${ARCH} STREQUAL "x86")
        set(PERLASM_FLAGS "-fPIC -DOPENSSL_IA32_SSE2")
      endif()
-      if (APPLE)
+      if(APPLE)
        set(PERLASM_STYLE macosx)
      else()
        set(PERLASM_STYLE elf)
@@ -38,8 +38,8 @@ if(NOT OPENSSL_NO_ASM)
    endif()

    # CMake does not add -isysroot and -arch flags to assembly.
-    if (APPLE)
-      if (CMAKE_OSX_SYSROOT)
+    if(APPLE)
+      if(CMAKE_OSX_SYSROOT)
        set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -isysroot \"${CMAKE_OSX_SYSROOT}\"")
      endif()
      foreach(arch ${CMAKE_OSX_ARCHITECTURES})
@@ -47,13 +47,13 @@ if(NOT OPENSSL_NO_ASM)
      endforeach()
    endif()
  else()
-    if (${ARCH} STREQUAL "x86_64")
+    if(${ARCH} STREQUAL "x86_64")
      set(PERLASM_STYLE nasm)
    else()
      set(PERLASM_STYLE win32n)
      set(PERLASM_FLAGS "-DOPENSSL_IA32_SSE2")
    endif()
-    set(CMAKE_ASM_NASM_FLAGS "-gcv8")
+    set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -gcv8")

    # On Windows, we use the NASM output, specifically built with Yasm.
    set(ASM_EXT asm)
@@ -62,8 +62,14 @@ if(NOT OPENSSL_NO_ASM)
 endif()

 function(perlasm dest src)
+  get_filename_component(dir ${dest} DIRECTORY)
+  if ("${dir}" STREQUAL "")
+    set(dir ".")
+  endif()
+
  add_custom_command(
    OUTPUT ${dest}
+    COMMAND ${CMAKE_COMMAND} -E make_directory ${dir}
    COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/${src} ${PERLASM_STYLE} ${PERLASM_FLAGS} ${ARGN} ${dest}
    DEPENDS
    ${src}
@@ -78,80 +84,10 @@ function(perlasm dest src)
  )
 endfunction()

-# Level 0.1 - depends on nothing outside this set.
-add_subdirectory(stack)
-add_subdirectory(lhash)
-add_subdirectory(err)
-add_subdirectory(buf)
-add_subdirectory(base64)
-add_subdirectory(bytestring)
-add_subdirectory(pool)
-
-# Level 0.2 - depends on nothing but itself
-add_subdirectory(rc4)
-add_subdirectory(conf)
-add_subdirectory(chacha)
-add_subdirectory(poly1305)
-add_subdirectory(curve25519)
-
-# Level 1, depends only on 0.*
-add_subdirectory(digest_extra)
-add_subdirectory(cipher_extra)
-add_subdirectory(rand_extra)
-add_subdirectory(bio)
-add_subdirectory(bn_extra)
-add_subdirectory(obj)
-add_subdirectory(asn1)
-
-# Level 2
-add_subdirectory(engine)
-add_subdirectory(dh)
-add_subdirectory(dsa)
-add_subdirectory(rsa_extra)
-add_subdirectory(ec_extra)
-add_subdirectory(ecdh)
-add_subdirectory(ecdsa_extra)
-
-# Level 3
-add_subdirectory(cmac)
-add_subdirectory(evp)
-add_subdirectory(hkdf)
-add_subdirectory(pem)
-add_subdirectory(x509)
-add_subdirectory(x509v3)
-
-# Level 4
-add_subdirectory(pkcs7)
-add_subdirectory(pkcs8)
-
-# Test support code
+add_subdirectory(fipsmodule)
 add_subdirectory(test)

-add_subdirectory(fipsmodule)
-
-add_library(
-  crypto_base
-
-  OBJECT
-
-  cpu-aarch64-fuchsia.c
-  cpu-aarch64-linux.c
-  cpu-arm.c
-  cpu-arm-linux.c
-  cpu-intel.c
-  cpu-ppc64le.c
-  crypto.c
-  ex_data.c
-  mem.c
-  refcount_c11.c
-  refcount_lock.c
-  thread.c
-  thread_none.c
-  thread_pthread.c
-  thread_win.c
-)
-
-if(FIPS_DELOCATE)
+if(FIPS_DELOCATE OR FIPS_SHARED)
  SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES EXTERNAL_OBJECT true)
  SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES GENERATED true)

@@ -162,64 +98,393 @@ if(FIPS_DELOCATE)
  )
 endif()

+if(${ARCH} STREQUAL "arm")
+  set(
+    CRYPTO_ARCH_SOURCES
+
+    chacha/chacha-armv4.${ASM_EXT}
+    curve25519/asm/x25519-asm-arm.S
+    poly1305/poly1305_arm_asm.S
+    test/trampoline-armv4.${ASM_EXT}
+  )
+endif()
+
+if(${ARCH} STREQUAL "aarch64")
+  set(
+    CRYPTO_ARCH_SOURCES
+
+    chacha/chacha-armv8.${ASM_EXT}
+    test/trampoline-armv8.${ASM_EXT}
+  )
+endif()
+
+if(${ARCH} STREQUAL "ppc64le")
+  set(
+    CRYPTO_ARCH_SOURCES
+
+    test/trampoline-ppc.${ASM_EXT}
+  )
+endif()
+
+if(${ARCH} STREQUAL "x86")
+  set(
+    CRYPTO_ARCH_SOURCES
+
+    chacha/chacha-x86.${ASM_EXT}
+    test/trampoline-x86.${ASM_EXT}
+  )
+endif()
+
+if(${ARCH} STREQUAL "x86_64")
+  set(
+    CRYPTO_ARCH_SOURCES
+
+    chacha/chacha-x86_64.${ASM_EXT}
+    cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT}
+    cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT}
+    hrss/asm/poly_rq_mul.S
+    test/trampoline-x86_64.${ASM_EXT}
+  )
+endif()
+
+perlasm(chacha/chacha-armv4.${ASM_EXT} chacha/asm/chacha-armv4.pl)
+perlasm(chacha/chacha-armv8.${ASM_EXT} chacha/asm/chacha-armv8.pl)
+perlasm(chacha/chacha-x86.${ASM_EXT} chacha/asm/chacha-x86.pl)
+perlasm(chacha/chacha-x86_64.${ASM_EXT} chacha/asm/chacha-x86_64.pl)
+perlasm(cipher_extra/aes128gcmsiv-x86_64.${ASM_EXT} cipher_extra/asm/aes128gcmsiv-x86_64.pl)
+perlasm(cipher_extra/chacha20_poly1305_x86_64.${ASM_EXT} cipher_extra/asm/chacha20_poly1305_x86_64.pl)
+perlasm(test/trampoline-armv4.${ASM_EXT} test/asm/trampoline-armv4.pl)
+perlasm(test/trampoline-armv8.${ASM_EXT} test/asm/trampoline-armv8.pl)
+perlasm(test/trampoline-ppc.${ASM_EXT} test/asm/trampoline-ppc.pl)
+perlasm(test/trampoline-x86.${ASM_EXT} test/asm/trampoline-x86.pl)
+perlasm(test/trampoline-x86_64.${ASM_EXT} test/asm/trampoline-x86_64.pl)
+
+add_custom_command(
+  OUTPUT err_data.c
+  COMMAND ${GO_EXECUTABLE} run err_data_generate.go > ${CMAKE_CURRENT_BINARY_DIR}/err_data.c
+  DEPENDS
+  err/err_data_generate.go
+  err/asn1.errordata
+  err/bio.errordata
+  err/bn.errordata
+  err/cipher.errordata
+  err/conf.errordata
+  err/dh.errordata
+  err/digest.errordata
+  err/dsa.errordata
+  err/ecdh.errordata
+  err/ecdsa.errordata
+  err/ec.errordata
+  err/engine.errordata
+  err/evp.errordata
+  err/hkdf.errordata
+  err/obj.errordata
+  err/pem.errordata
+  err/pkcs7.errordata
+  err/pkcs8.errordata
+  err/rsa.errordata
+  err/ssl.errordata
+  err/trust_token.errordata
+  err/x509.errordata
+  err/x509v3.errordata
+  WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/err
+)
+
 add_library(
  crypto

-  $<TARGET_OBJECTS:crypto_base>
-  $<TARGET_OBJECTS:stack>
-  $<TARGET_OBJECTS:lhash>
-  $<TARGET_OBJECTS:err>
-  $<TARGET_OBJECTS:base64>
-  $<TARGET_OBJECTS:bytestring>
-  $<TARGET_OBJECTS:pool>
-  $<TARGET_OBJECTS:fipsmodule>
-  $<TARGET_OBJECTS:digest_extra>
-  $<TARGET_OBJECTS:cipher_extra>
-  $<TARGET_OBJECTS:rc4>
-  $<TARGET_OBJECTS:conf>
-  $<TARGET_OBJECTS:chacha>
-  $<TARGET_OBJECTS:poly1305>
-  $<TARGET_OBJECTS:curve25519>
-  $<TARGET_OBJECTS:fiat>
-  $<TARGET_OBJECTS:buf>
-  $<TARGET_OBJECTS:bn_extra>
-  $<TARGET_OBJECTS:bio>
-  $<TARGET_OBJECTS:rand_extra>
-  $<TARGET_OBJECTS:obj>
-  $<TARGET_OBJECTS:asn1>
-  $<TARGET_OBJECTS:engine>
-  $<TARGET_OBJECTS:dh>
-  $<TARGET_OBJECTS:dsa>
-  $<TARGET_OBJECTS:rsa_extra>
-  $<TARGET_OBJECTS:ec_extra>
-  $<TARGET_OBJECTS:ecdh>
-  $<TARGET_OBJECTS:ecdsa_extra>
-  $<TARGET_OBJECTS:cmac>
-  $<TARGET_OBJECTS:evp>
-  $<TARGET_OBJECTS:hkdf>
-  $<TARGET_OBJECTS:pem>
-  $<TARGET_OBJECTS:x509>
-  $<TARGET_OBJECTS:x509v3>
-  $<TARGET_OBJECTS:pkcs7>
-  $<TARGET_OBJECTS:pkcs8_lib>
+  asn1/a_bitstr.c
+  asn1/a_bool.c
+  asn1/a_d2i_fp.c
+  asn1/a_dup.c
+  asn1/a_enum.c
+  asn1/a_gentm.c
+  asn1/a_i2d_fp.c
+  asn1/a_int.c
+  asn1/a_mbstr.c
+  asn1/a_object.c
+  asn1/a_octet.c
+  asn1/a_print.c
+  asn1/a_strnid.c
+  asn1/a_time.c
+  asn1/a_type.c
+  asn1/a_utctm.c
+  asn1/a_utf8.c
+  asn1/asn1_lib.c
+  asn1/asn1_par.c
+  asn1/asn_pack.c
+  asn1/f_enum.c
+  asn1/f_int.c
+  asn1/f_string.c
+  asn1/tasn_dec.c
+  asn1/tasn_enc.c
+  asn1/tasn_fre.c
+  asn1/tasn_new.c
+  asn1/tasn_typ.c
+  asn1/tasn_utl.c
+  asn1/time_support.c
+  base64/base64.c
+  bio/bio.c
+  bio/bio_mem.c
+  bio/connect.c
+  bio/fd.c
+  bio/file.c
+  bio/hexdump.c
+  bio/pair.c
+  bio/printf.c
+  bio/socket.c
+  bio/socket_helper.c
+  bn_extra/bn_asn1.c
+  bn_extra/convert.c
+  buf/buf.c
+  bytestring/asn1_compat.c
+  bytestring/ber.c
+  bytestring/cbb.c
+  bytestring/cbs.c
+  bytestring/unicode.c
+  chacha/chacha.c
+  cipher_extra/cipher_extra.c
+  cipher_extra/derive_key.c
+  cipher_extra/e_aesccm.c
+  cipher_extra/e_aesctrhmac.c
+  cipher_extra/e_aesgcmsiv.c
+  cipher_extra/e_chacha20poly1305.c
+  cipher_extra/e_null.c
+  cipher_extra/e_rc2.c
+  cipher_extra/e_rc4.c
+  cipher_extra/e_tls.c
+  cipher_extra/tls_cbc.c
+  cmac/cmac.c
+  conf/conf.c
+  cpu-aarch64-fuchsia.c
+  cpu-aarch64-linux.c
+  cpu-arm-linux.c
+  cpu-arm.c
+  cpu-intel.c
+  cpu-ppc64le.c
+  crypto.c
+  curve25519/curve25519.c
+  curve25519/spake25519.c
+  dh/dh.c
+  dh/params.c
+  dh/check.c
+  dh/dh_asn1.c
+  digest_extra/digest_extra.c
+  dsa/dsa.c
+  dsa/dsa_asn1.c
+  ecdh_extra/ecdh_extra.c
+  ecdsa_extra/ecdsa_asn1.c
+  ec_extra/ec_asn1.c
+  ec_extra/ec_derive.c
+  ec_extra/hash_to_curve.c
+  err/err.c
+  err_data.c
+  engine/engine.c
+  evp/digestsign.c
+  evp/evp.c
+  evp/evp_asn1.c
+  evp/evp_ctx.c
+  evp/p_dsa_asn1.c
+  evp/p_ec.c
+  evp/p_ec_asn1.c
+  evp/p_ed25519.c
+  evp/p_ed25519_asn1.c
+  evp/p_rsa.c
+  evp/p_rsa_asn1.c
+  evp/p_x25519.c
+  evp/p_x25519_asn1.c
+  evp/pbkdf.c
+  evp/print.c
+  evp/scrypt.c
+  evp/sign.c
+  ex_data.c
+  hkdf/hkdf.c
+  hpke/hpke.c
+  hrss/hrss.c
+  lhash/lhash.c
+  mem.c
+  obj/obj.c
+  obj/obj_xref.c
+  pem/pem_all.c
+  pem/pem_info.c
+  pem/pem_lib.c
+  pem/pem_oth.c
+  pem/pem_pk8.c
+  pem/pem_pkey.c
+  pem/pem_x509.c
+  pem/pem_xaux.c
+  pkcs7/pkcs7.c
+  pkcs7/pkcs7_x509.c
+  pkcs8/pkcs8.c
+  pkcs8/pkcs8_x509.c
+  pkcs8/p5_pbev2.c
+  poly1305/poly1305.c
+  poly1305/poly1305_arm.c
+  poly1305/poly1305_vec.c
+  pool/pool.c
+  rand_extra/deterministic.c
+  rand_extra/forkunsafe.c
+  rand_extra/fuchsia.c
+  rand_extra/rand_extra.c
+  rand_extra/windows.c
+  rc4/rc4.c
+  refcount_c11.c
+  refcount_lock.c
+  rsa_extra/rsa_asn1.c
+  rsa_extra/rsa_print.c
+  stack/stack.c
+  siphash/siphash.c
+  thread.c
+  thread_none.c
+  thread_pthread.c
+  thread_win.c
+  trust_token/pmbtoken.c
+  trust_token/trust_token.c
+  x509/a_digest.c
+  x509/a_sign.c
+  x509/a_strex.c
+  x509/a_verify.c
+  x509/algorithm.c
+  x509/asn1_gen.c
+  x509/by_dir.c
+  x509/by_file.c
+  x509/i2d_pr.c
+  x509/rsa_pss.c
+  x509/t_crl.c
+  x509/t_req.c
+  x509/t_x509.c
+  x509/t_x509a.c
+  x509/x509.c
+  x509/x509_att.c
+  x509/x509_cmp.c
+  x509/x509_d2.c
+  x509/x509_def.c
+  x509/x509_ext.c
+  x509/x509_lu.c
+  x509/x509_obj.c
+  x509/x509_r2x.c
+  x509/x509_req.c
+  x509/x509_set.c
+  x509/x509_trs.c
+  x509/x509_txt.c
+  x509/x509_v3.c
+  x509/x509_vfy.c
+  x509/x509_vpm.c
+  x509/x509cset.c
+  x509/x509name.c
+  x509/x509rset.c
+  x509/x509spki.c
+  x509/x_algor.c
+  x509/x_all.c
+  x509/x_attrib.c
+  x509/x_crl.c
+  x509/x_exten.c
+  x509/x_info.c
+  x509/x_name.c
+  x509/x_pkey.c
+  x509/x_pubkey.c
+  x509/x_req.c
+  x509/x_sig.c
+  x509/x_spki.c
+  x509/x_val.c
+  x509/x_x509.c
+  x509/x_x509a.c
+  x509v3/pcy_cache.c
+  x509v3/pcy_data.c
+  x509v3/pcy_lib.c
+  x509v3/pcy_map.c
+  x509v3/pcy_node.c
+  x509v3/pcy_tree.c
+  x509v3/v3_akey.c
+  x509v3/v3_akeya.c
+  x509v3/v3_alt.c
+  x509v3/v3_bcons.c
+  x509v3/v3_bitst.c
+  x509v3/v3_conf.c
+  x509v3/v3_cpols.c
+  x509v3/v3_crld.c
+  x509v3/v3_enum.c
+  x509v3/v3_extku.c
+  x509v3/v3_genn.c
+  x509v3/v3_ia5.c
+  x509v3/v3_info.c
+  x509v3/v3_int.c
+  x509v3/v3_lib.c
+  x509v3/v3_ncons.c
+  x509v3/v3_ocsp.c
+  x509v3/v3_pci.c
+  x509v3/v3_pcia.c
+  x509v3/v3_pcons.c
+  x509v3/v3_pku.c
+  x509v3/v3_pmaps.c
+  x509v3/v3_prn.c
+  x509v3/v3_purp.c
+  x509v3/v3_skey.c
+  x509v3/v3_sxnet.c
+  x509v3/v3_utl.c

+  $<TARGET_OBJECTS:fipsmodule>
+
+  ${CRYPTO_ARCH_SOURCES}
  ${CRYPTO_FIPS_OBJECTS}
 )

-if(FIPS_DELOCATE)
+if(FIPS_SHARED)
+  set(EXTRA_INJECT_HASH_ARGS)
+  if(ANDROID)
+    set(EXTRA_INJECT_HASH_ARGS "-sha256")
+  endif()
+  # Rewrite libcrypto.so to inject the correct module hash value. This assumes
+  # UNIX-style library naming, but we only support FIPS mode on Linux anyway.
+  add_custom_command(
+    TARGET crypto POST_BUILD
+    COMMAND ${GO_EXECUTABLE} run
+    ${CMAKE_CURRENT_SOURCE_DIR}/../util/fipstools/inject_hash/inject_hash.go
+    -o libcrypto.so -in-object libcrypto.so ${EXTRA_INJECT_HASH_ARGS}
+    # The DEPENDS argument to a POST_BUILD rule appears to be ignored. Thus
+    # go_executable isn't used (as it doesn't get built), but we list this
+    # dependency anyway in case it starts working in some CMake version.
+    DEPENDS ../util/fipstools/inject_hash/inject_hash.go
+    WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+  )
+endif()
+
+add_dependencies(crypto global_target)
+
+if(FIPS_DELOCATE OR FIPS_SHARED)
  add_dependencies(crypto bcm_o_target)
 endif()

 SET_TARGET_PROPERTIES(crypto PROPERTIES LINKER_LANGUAGE C)

-if(NOT MSVC AND NOT ANDROID)
+if(NOT WIN32 AND NOT ANDROID)
  target_link_libraries(crypto pthread)
 endif()

-# TODO(davidben): Convert the remaining tests to GTest.
+# Every target depends on crypto, so we add libcxx as a dependency here to
+# simplify injecting it everywhere.
+if(USE_CUSTOM_LIBCXX)
+  target_link_libraries(crypto libcxx)
+endif()
+
+# urandom_test is a separate binary because it needs to be able to observe the
+# PRNG initialisation, which means that it can't have other tests running before
+# it does.
+add_executable(
+  urandom_test
+
+  fipsmodule/rand/urandom_test.cc
+)
+
+target_link_libraries(urandom_test test_support_lib boringssl_gtest crypto)
+
+add_dependencies(urandom_test global_target)
+add_dependencies(all_tests urandom_test)
+
 add_executable(
  crypto_test

+  abi_self_test.cc
  asn1/asn1_test.cc
  base64/base64_test.cc
  buf/buf_test.cc
@@ -231,10 +496,11 @@ add_executable(
  cmac/cmac_test.cc
  compiler_test.cc
  constant_time_test.cc
+  cpu-arm-linux_test.cc
  curve25519/ed25519_test.cc
  curve25519/spake25519_test.cc
  curve25519/x25519_test.cc
-  ecdh/ecdh_test.cc
+  ecdh_extra/ecdh_test.cc
  dh/dh_test.cc
  digest_extra/digest_test.cc
  dsa/dsa_test.cc
@@ -248,22 +514,33 @@ add_executable(
  fipsmodule/ec/ec_test.cc
  fipsmodule/ec/p256-x86_64_test.cc
  fipsmodule/ecdsa/ecdsa_test.cc
+  fipsmodule/md5/md5_test.cc
  fipsmodule/modes/gcm_test.cc
  fipsmodule/rand/ctrdrbg_test.cc
+  fipsmodule/rand/fork_detect_test.cc
+  fipsmodule/sha/sha_test.cc
  hkdf/hkdf_test.cc
+  hpke/hpke_test.cc
  hmac_extra/hmac_test.cc
+  hrss/hrss_test.cc
+  impl_dispatch_test.cc
  lhash/lhash_test.cc
  obj/obj_test.cc
+  pem/pem_test.cc
  pkcs7/pkcs7_test.cc
  pkcs8/pkcs8_test.cc
  pkcs8/pkcs12_test.cc
  poly1305/poly1305_test.cc
  pool/pool_test.cc
+  rand_extra/rand_test.cc
  refcount_test.cc
  rsa_extra/rsa_test.cc
  self_test.cc
+  stack/stack_test.cc
+  siphash/siphash_test.cc
  test/file_test_gtest.cc
  thread_test.cc
+  trust_token/trust_token_test.cc
  x509/x509_test.cc
  x509/x509_time_test.cc
  x509v3/tab_test.cc
@@ -271,11 +548,12 @@ add_executable(

  $<TARGET_OBJECTS:crypto_test_data>
  $<TARGET_OBJECTS:boringssl_gtest_main>
-  $<TARGET_OBJECTS:test_support>
 )

-target_link_libraries(crypto_test crypto boringssl_gtest)
-if (WIN32)
+add_dependencies(crypto_test global_target)
+
+target_link_libraries(crypto_test test_support_lib boringssl_gtest crypto)
+if(WIN32)
  target_link_libraries(crypto_test ws2_32)
 endif()
 add_dependencies(all_tests crypto_test)
@@ -0,0 +1,808 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <gtest/gtest.h>
+#include <gtest/gtest-spi.h>
+
+#include <openssl/rand.h>
+
+#include "test/abi_test.h"
+
+
+static bool test_function_ok;
+static int TestFunction(int a1, int a2, int a3, int a4, int a5, int a6, int a7,
+                        int a8) {
+  test_function_ok = a1 == 1 || a2 == 2 || a3 == 3 || a4 == 4 || a5 == 5 ||
+                     a6 == 6 || a7 == 7 || a8 == 8;
+  return 42;
+}
+
+TEST(ABITest, SanityCheck) {
+  EXPECT_NE(0, CHECK_ABI_NO_UNWIND(strcmp, "hello", "world"));
+
+  test_function_ok = false;
+  EXPECT_EQ(42, CHECK_ABI_SEH(TestFunction, 1, 2, 3, 4, 5, 6, 7, 8));
+  EXPECT_TRUE(test_function_ok);
+
+#if defined(SUPPORTS_ABI_TEST)
+  abi_test::internal::CallerState state;
+  RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
+  crypto_word_t argv[] = {
+      1, 2, 3, 4, 5, 6, 7, 8,
+  };
+  CHECK_ABI_SEH(abi_test_trampoline,
+                reinterpret_cast<crypto_word_t>(TestFunction), &state, argv, 8,
+                0 /* no breakpoint */);
+
+#if defined(OPENSSL_X86_64)
+  if (abi_test::UnwindTestsEnabled()) {
+    EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_wrong_register),
+                            "was not recovered");
+    EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_temporary),
+                            "was not recovered");
+
+    CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_wrong_register);
+    CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_temporary);
+
+#if defined(OPENSSL_WINDOWS)
+    // The invalid epilog makes Windows believe the epilog starts later than it
+    // actually does. As a result, immediately after the popq, it does not
+    // realize the stack has been unwound and repeats the work.
+    EXPECT_NONFATAL_FAILURE(CHECK_ABI_SEH(abi_test_bad_unwind_epilog),
+                            "unwound past starting frame");
+    CHECK_ABI_NO_UNWIND(abi_test_bad_unwind_epilog);
+#endif  // OPENSSL_WINDOWS
+  }
+#endif  // OPENSSL_X86_64
+#endif  // SUPPORTS_ABI_TEST
+}
+
+#if defined(OPENSSL_X86_64) && defined(SUPPORTS_ABI_TEST)
+extern "C" {
+void abi_test_clobber_rax(void);
+void abi_test_clobber_rbx(void);
+void abi_test_clobber_rcx(void);
+void abi_test_clobber_rdx(void);
+void abi_test_clobber_rsi(void);
+void abi_test_clobber_rdi(void);
+void abi_test_clobber_rbp(void);
+void abi_test_clobber_r8(void);
+void abi_test_clobber_r9(void);
+void abi_test_clobber_r10(void);
+void abi_test_clobber_r11(void);
+void abi_test_clobber_r12(void);
+void abi_test_clobber_r13(void);
+void abi_test_clobber_r14(void);
+void abi_test_clobber_r15(void);
+void abi_test_clobber_xmm0(void);
+void abi_test_clobber_xmm1(void);
+void abi_test_clobber_xmm2(void);
+void abi_test_clobber_xmm3(void);
+void abi_test_clobber_xmm4(void);
+void abi_test_clobber_xmm5(void);
+void abi_test_clobber_xmm6(void);
+void abi_test_clobber_xmm7(void);
+void abi_test_clobber_xmm8(void);
+void abi_test_clobber_xmm9(void);
+void abi_test_clobber_xmm10(void);
+void abi_test_clobber_xmm11(void);
+void abi_test_clobber_xmm12(void);
+void abi_test_clobber_xmm13(void);
+void abi_test_clobber_xmm14(void);
+void abi_test_clobber_xmm15(void);
+}  // extern "C"
+
+TEST(ABITest, X86_64) {
+  // abi_test_trampoline hides unsaved registers from the caller, so we can
+  // safely call the abi_test_clobber_* functions below.
+  abi_test::internal::CallerState state;
+  RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
+  CHECK_ABI_NO_UNWIND(abi_test_trampoline,
+                      reinterpret_cast<crypto_word_t>(abi_test_clobber_rbx),
+                      &state, nullptr, 0, 0 /* no breakpoint */);
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_rax);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rbx),
+                          "rbx was not restored after return");
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_rcx);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_rdx);
+#if defined(OPENSSL_WINDOWS)
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rdi),
+                          "rdi was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rsi),
+                          "rsi was not restored after return");
+#else
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_rdi);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_rsi);
+#endif
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_rbp),
+                          "rbp was not restored after return");
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r8);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r9);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r10);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r11);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r12),
+                          "r12 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r13),
+                          "r13 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r14),
+                          "r14 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r15),
+                          "r15 was not restored after return");
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm1);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm3);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm4);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm5);
+#if defined(OPENSSL_WINDOWS)
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6),
+                          "xmm6 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7),
+                          "xmm7 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm8),
+                          "xmm8 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm9),
+                          "xmm9 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm10),
+                          "xmm10 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm11),
+                          "xmm11 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm12),
+                          "xmm12 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm13),
+                          "xmm13 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm14),
+                          "xmm14 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm15),
+                          "xmm15 was not restored after return");
+#else
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm8);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm9);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm10);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm11);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm12);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm13);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm14);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm15);
+#endif
+
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_set_direction_flag),
+                          "Direction flag set after return");
+  EXPECT_EQ(0, abi_test_get_and_clear_direction_flag())
+      << "CHECK_ABI did not insulate the caller from direction flag errors";
+}
+#endif   // OPENSSL_X86_64 && SUPPORTS_ABI_TEST
+
+#if defined(OPENSSL_X86) && defined(SUPPORTS_ABI_TEST)
+extern "C" {
+void abi_test_clobber_eax(void);
+void abi_test_clobber_ebx(void);
+void abi_test_clobber_ecx(void);
+void abi_test_clobber_edx(void);
+void abi_test_clobber_esi(void);
+void abi_test_clobber_edi(void);
+void abi_test_clobber_ebp(void);
+void abi_test_clobber_xmm0(void);
+void abi_test_clobber_xmm1(void);
+void abi_test_clobber_xmm2(void);
+void abi_test_clobber_xmm3(void);
+void abi_test_clobber_xmm4(void);
+void abi_test_clobber_xmm5(void);
+void abi_test_clobber_xmm6(void);
+void abi_test_clobber_xmm7(void);
+}  // extern "C"
+
+TEST(ABITest, X86) {
+  // abi_test_trampoline hides unsaved registers from the caller, so we can
+  // safely call the abi_test_clobber_* functions below.
+  abi_test::internal::CallerState state;
+  RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
+  CHECK_ABI_NO_UNWIND(abi_test_trampoline,
+                      reinterpret_cast<crypto_word_t>(abi_test_clobber_ebx),
+                      &state, nullptr, 0, 0 /* no breakpoint */);
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_eax);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_ebx),
+                          "ebx was not restored after return");
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_ecx);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_edx);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_edi),
+                          "edi was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_esi),
+                          "esi was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_ebp),
+                          "ebp was not restored after return");
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm1);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm3);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm4);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm5);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_xmm7);
+
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_set_direction_flag),
+                          "Direction flag set after return");
+  EXPECT_EQ(0, abi_test_get_and_clear_direction_flag())
+      << "CHECK_ABI did not insulate the caller from direction flag errors";
+}
+#endif   // OPENSSL_X86 && SUPPORTS_ABI_TEST
+
+#if defined(OPENSSL_ARM) && defined(SUPPORTS_ABI_TEST)
+extern "C" {
+void abi_test_clobber_r0(void);
+void abi_test_clobber_r1(void);
+void abi_test_clobber_r2(void);
+void abi_test_clobber_r3(void);
+void abi_test_clobber_r4(void);
+void abi_test_clobber_r5(void);
+void abi_test_clobber_r6(void);
+void abi_test_clobber_r7(void);
+void abi_test_clobber_r8(void);
+void abi_test_clobber_r9(void);
+void abi_test_clobber_r10(void);
+void abi_test_clobber_r11(void);
+void abi_test_clobber_r12(void);
+// r13, r14, and r15, are sp, lr, and pc, respectively.
+
+void abi_test_clobber_d0(void);
+void abi_test_clobber_d1(void);
+void abi_test_clobber_d2(void);
+void abi_test_clobber_d3(void);
+void abi_test_clobber_d4(void);
+void abi_test_clobber_d5(void);
+void abi_test_clobber_d6(void);
+void abi_test_clobber_d7(void);
+void abi_test_clobber_d8(void);
+void abi_test_clobber_d9(void);
+void abi_test_clobber_d10(void);
+void abi_test_clobber_d11(void);
+void abi_test_clobber_d12(void);
+void abi_test_clobber_d13(void);
+void abi_test_clobber_d14(void);
+void abi_test_clobber_d15(void);
+}  // extern "C"
+
+TEST(ABITest, ARM) {
+  // abi_test_trampoline hides unsaved registers from the caller, so we can
+  // safely call the abi_test_clobber_* functions below.
+  abi_test::internal::CallerState state;
+  RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
+  CHECK_ABI_NO_UNWIND(abi_test_trampoline,
+                      reinterpret_cast<crypto_word_t>(abi_test_clobber_r4),
+                      &state, nullptr, 0, 0 /* no breakpoint */);
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r1);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r3);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r4),
+                          "r4 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r5),
+                          "r5 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r6),
+                          "r6 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r7),
+                          "r7 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r8),
+                          "r8 was not restored after return");
+#if defined(OPENSSL_APPLE)
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r9);
+#else
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r9),
+                          "r9 was not restored after return");
+#endif
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r10),
+                          "r10 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r11),
+                          "r11 was not restored after return");
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r12);
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d1);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d3);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d4);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d5);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d7);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d8),
+                          "d8 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d9),
+                          "d9 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d10),
+                          "d10 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d11),
+                          "d11 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d12),
+                          "d12 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d13),
+                          "d13 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d14),
+                          "d14 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d15),
+                          "d15 was not restored after return");
+}
+#endif   // OPENSSL_ARM && SUPPORTS_ABI_TEST
+
+#if defined(OPENSSL_AARCH64) && defined(SUPPORTS_ABI_TEST)
+extern "C" {
+void abi_test_clobber_x0(void);
+void abi_test_clobber_x1(void);
+void abi_test_clobber_x2(void);
+void abi_test_clobber_x3(void);
+void abi_test_clobber_x4(void);
+void abi_test_clobber_x5(void);
+void abi_test_clobber_x6(void);
+void abi_test_clobber_x7(void);
+void abi_test_clobber_x8(void);
+void abi_test_clobber_x9(void);
+void abi_test_clobber_x10(void);
+void abi_test_clobber_x11(void);
+void abi_test_clobber_x12(void);
+void abi_test_clobber_x13(void);
+void abi_test_clobber_x14(void);
+void abi_test_clobber_x15(void);
+void abi_test_clobber_x16(void);
+void abi_test_clobber_x17(void);
+// x18 is the platform register and off limits.
+void abi_test_clobber_x19(void);
+void abi_test_clobber_x20(void);
+void abi_test_clobber_x21(void);
+void abi_test_clobber_x22(void);
+void abi_test_clobber_x23(void);
+void abi_test_clobber_x24(void);
+void abi_test_clobber_x25(void);
+void abi_test_clobber_x26(void);
+void abi_test_clobber_x27(void);
+void abi_test_clobber_x28(void);
+void abi_test_clobber_x29(void);
+
+void abi_test_clobber_d0(void);
+void abi_test_clobber_d1(void);
+void abi_test_clobber_d2(void);
+void abi_test_clobber_d3(void);
+void abi_test_clobber_d4(void);
+void abi_test_clobber_d5(void);
+void abi_test_clobber_d6(void);
+void abi_test_clobber_d7(void);
+void abi_test_clobber_d8(void);
+void abi_test_clobber_d9(void);
+void abi_test_clobber_d10(void);
+void abi_test_clobber_d11(void);
+void abi_test_clobber_d12(void);
+void abi_test_clobber_d13(void);
+void abi_test_clobber_d14(void);
+void abi_test_clobber_d15(void);
+void abi_test_clobber_d16(void);
+void abi_test_clobber_d17(void);
+void abi_test_clobber_d18(void);
+void abi_test_clobber_d19(void);
+void abi_test_clobber_d20(void);
+void abi_test_clobber_d21(void);
+void abi_test_clobber_d22(void);
+void abi_test_clobber_d23(void);
+void abi_test_clobber_d24(void);
+void abi_test_clobber_d25(void);
+void abi_test_clobber_d26(void);
+void abi_test_clobber_d27(void);
+void abi_test_clobber_d28(void);
+void abi_test_clobber_d29(void);
+void abi_test_clobber_d30(void);
+void abi_test_clobber_d31(void);
+
+void abi_test_clobber_v8_upper(void);
+void abi_test_clobber_v9_upper(void);
+void abi_test_clobber_v10_upper(void);
+void abi_test_clobber_v11_upper(void);
+void abi_test_clobber_v12_upper(void);
+void abi_test_clobber_v13_upper(void);
+void abi_test_clobber_v14_upper(void);
+void abi_test_clobber_v15_upper(void);
+}  // extern "C"
+
+TEST(ABITest, AArch64) {
+  // abi_test_trampoline hides unsaved registers from the caller, so we can
+  // safely call the abi_test_clobber_* functions below.
+  abi_test::internal::CallerState state;
+  RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
+  CHECK_ABI_NO_UNWIND(abi_test_trampoline,
+                      reinterpret_cast<crypto_word_t>(abi_test_clobber_x19),
+                      &state, nullptr, 0, 0 /* no breakpoint */);
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x1);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x3);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x4);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x5);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x7);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x8);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x9);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x10);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x11);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x12);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x13);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x14);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x15);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x16);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_x17);
+
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x19),
+                          "x19 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x20),
+                          "x20 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x21),
+                          "x21 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x22),
+                          "x22 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x23),
+                          "x23 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x24),
+                          "x24 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x25),
+                          "x25 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x26),
+                          "x26 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x27),
+                          "x27 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x28),
+                          "x28 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_x29),
+                          "x29 was not restored after return");
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d1);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d3);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d4);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d5);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d7);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d8),
+                          "d8 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d9),
+                          "d9 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d10),
+                          "d10 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d11),
+                          "d11 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d12),
+                          "d12 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d13),
+                          "d13 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d14),
+                          "d14 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_d15),
+                          "d15 was not restored after return");
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d16);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d18);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d19);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d20);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d21);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d22);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d23);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d24);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d25);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d26);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d27);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d28);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d29);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d30);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_d31);
+
+  // The lower halves of v8-v15 (accessed as d8-d15) must be preserved, but not
+  // the upper halves.
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v8_upper);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v9_upper);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v10_upper);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v11_upper);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v12_upper);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v13_upper);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v14_upper);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v15_upper);
+}
+#endif   // OPENSSL_AARCH64 && SUPPORTS_ABI_TEST
+
+#if defined(OPENSSL_PPC64LE) && defined(SUPPORTS_ABI_TEST)
+extern "C" {
+void abi_test_clobber_r0(void);
+// r1 is the stack pointer.
+void abi_test_clobber_r2(void);
+void abi_test_clobber_r3(void);
+void abi_test_clobber_r4(void);
+void abi_test_clobber_r5(void);
+void abi_test_clobber_r6(void);
+void abi_test_clobber_r7(void);
+void abi_test_clobber_r8(void);
+void abi_test_clobber_r9(void);
+void abi_test_clobber_r10(void);
+void abi_test_clobber_r11(void);
+void abi_test_clobber_r12(void);
+// r13 is the thread pointer.
+void abi_test_clobber_r14(void);
+void abi_test_clobber_r15(void);
+void abi_test_clobber_r16(void);
+void abi_test_clobber_r17(void);
+void abi_test_clobber_r18(void);
+void abi_test_clobber_r19(void);
+void abi_test_clobber_r20(void);
+void abi_test_clobber_r21(void);
+void abi_test_clobber_r22(void);
+void abi_test_clobber_r23(void);
+void abi_test_clobber_r24(void);
+void abi_test_clobber_r25(void);
+void abi_test_clobber_r26(void);
+void abi_test_clobber_r27(void);
+void abi_test_clobber_r28(void);
+void abi_test_clobber_r29(void);
+void abi_test_clobber_r30(void);
+void abi_test_clobber_r31(void);
+
+void abi_test_clobber_f0(void);
+void abi_test_clobber_f1(void);
+void abi_test_clobber_f2(void);
+void abi_test_clobber_f3(void);
+void abi_test_clobber_f4(void);
+void abi_test_clobber_f5(void);
+void abi_test_clobber_f6(void);
+void abi_test_clobber_f7(void);
+void abi_test_clobber_f8(void);
+void abi_test_clobber_f9(void);
+void abi_test_clobber_f10(void);
+void abi_test_clobber_f11(void);
+void abi_test_clobber_f12(void);
+void abi_test_clobber_f13(void);
+void abi_test_clobber_f14(void);
+void abi_test_clobber_f15(void);
+void abi_test_clobber_f16(void);
+void abi_test_clobber_f17(void);
+void abi_test_clobber_f18(void);
+void abi_test_clobber_f19(void);
+void abi_test_clobber_f20(void);
+void abi_test_clobber_f21(void);
+void abi_test_clobber_f22(void);
+void abi_test_clobber_f23(void);
+void abi_test_clobber_f24(void);
+void abi_test_clobber_f25(void);
+void abi_test_clobber_f26(void);
+void abi_test_clobber_f27(void);
+void abi_test_clobber_f28(void);
+void abi_test_clobber_f29(void);
+void abi_test_clobber_f30(void);
+void abi_test_clobber_f31(void);
+
+void abi_test_clobber_v0(void);
+void abi_test_clobber_v1(void);
+void abi_test_clobber_v2(void);
+void abi_test_clobber_v3(void);
+void abi_test_clobber_v4(void);
+void abi_test_clobber_v5(void);
+void abi_test_clobber_v6(void);
+void abi_test_clobber_v7(void);
+void abi_test_clobber_v8(void);
+void abi_test_clobber_v9(void);
+void abi_test_clobber_v10(void);
+void abi_test_clobber_v11(void);
+void abi_test_clobber_v12(void);
+void abi_test_clobber_v13(void);
+void abi_test_clobber_v14(void);
+void abi_test_clobber_v15(void);
+void abi_test_clobber_v16(void);
+void abi_test_clobber_v17(void);
+void abi_test_clobber_v18(void);
+void abi_test_clobber_v19(void);
+void abi_test_clobber_v20(void);
+void abi_test_clobber_v21(void);
+void abi_test_clobber_v22(void);
+void abi_test_clobber_v23(void);
+void abi_test_clobber_v24(void);
+void abi_test_clobber_v25(void);
+void abi_test_clobber_v26(void);
+void abi_test_clobber_v27(void);
+void abi_test_clobber_v28(void);
+void abi_test_clobber_v29(void);
+void abi_test_clobber_v30(void);
+void abi_test_clobber_v31(void);
+
+void abi_test_clobber_cr0(void);
+void abi_test_clobber_cr1(void);
+void abi_test_clobber_cr2(void);
+void abi_test_clobber_cr3(void);
+void abi_test_clobber_cr4(void);
+void abi_test_clobber_cr5(void);
+void abi_test_clobber_cr6(void);
+void abi_test_clobber_cr7(void);
+
+void abi_test_clobber_ctr(void);
+void abi_test_clobber_lr(void);
+
+}  // extern "C"
+
+TEST(ABITest, PPC64LE) {
+  // abi_test_trampoline hides unsaved registers from the caller, so we can
+  // safely call the abi_test_clobber_* functions below.
+  abi_test::internal::CallerState state;
+  RAND_bytes(reinterpret_cast<uint8_t *>(&state), sizeof(state));
+  CHECK_ABI_NO_UNWIND(abi_test_trampoline,
+                      reinterpret_cast<crypto_word_t>(abi_test_clobber_r14),
+                      &state, nullptr, 0, 0 /* no breakpoint */);
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r3);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r4);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r5);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r7);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r8);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r9);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r10);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r11);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_r12);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r14),
+                          "r14 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r15),
+                          "r15 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r16),
+                          "r16 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r17),
+                          "r17 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r18),
+                          "r18 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r19),
+                          "r19 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r20),
+                          "r20 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r21),
+                          "r21 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r22),
+                          "r22 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r23),
+                          "r23 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r24),
+                          "r24 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r25),
+                          "r25 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r26),
+                          "r26 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r27),
+                          "r27 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r28),
+                          "r28 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r29),
+                          "r29 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r30),
+                          "r30 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_r31),
+                          "r31 was not restored after return");
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f1);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f3);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f4);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f5);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f7);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f8);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f9);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f10);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f11);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f12);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_f13);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f14),
+                          "f14 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f15),
+                          "f15 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f16),
+                          "f16 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f17),
+                          "f17 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f18),
+                          "f18 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f19),
+                          "f19 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f20),
+                          "f20 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f21),
+                          "f21 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f22),
+                          "f22 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f23),
+                          "f23 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f24),
+                          "f24 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f25),
+                          "f25 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f26),
+                          "f26 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f27),
+                          "f27 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f28),
+                          "f28 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f29),
+                          "f29 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f30),
+                          "f30 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_f31),
+                          "f31 was not restored after return");
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v1);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v2);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v3);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v4);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v5);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v7);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v8);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v9);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v10);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v11);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v12);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v13);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v14);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v15);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v16);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v17);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v18);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_v19);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v20),
+                          "v20 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v21),
+                          "v21 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v22),
+                          "v22 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v23),
+                          "v23 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v24),
+                          "v24 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v25),
+                          "v25 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v26),
+                          "v26 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v27),
+                          "v27 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v28),
+                          "v28 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v29),
+                          "v29 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v30),
+                          "v30 was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_v31),
+                          "v31 was not restored after return");
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_cr0);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_cr1);
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_cr2),
+                          "cr was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_cr3),
+                          "cr was not restored after return");
+  EXPECT_NONFATAL_FAILURE(CHECK_ABI_NO_UNWIND(abi_test_clobber_cr4),
+                          "cr was not restored after return");
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_cr5);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_cr6);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_cr7);
+
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_ctr);
+  CHECK_ABI_NO_UNWIND(abi_test_clobber_lr);
+}
+#endif   // OPENSSL_PPC64LE && SUPPORTS_ABI_TEST
@@ -1,38 +0,0 @@
-include_directories(../../include)
-
-add_library(
-  asn1
-
-  OBJECT
-
-  a_bitstr.c
-  a_bool.c
-  a_d2i_fp.c
-  a_dup.c
-  a_enum.c
-  a_gentm.c
-  a_i2d_fp.c
-  a_int.c
-  a_mbstr.c
-  a_object.c
-  a_octet.c
-  a_print.c
-  a_strnid.c
-  a_time.c
-  a_type.c
-  a_utctm.c
-  a_utf8.c
-  asn1_lib.c
-  asn1_par.c
-  asn_pack.c
-  f_enum.c
-  f_int.c
-  f_string.c
-  tasn_dec.c
-  tasn_enc.c
-  tasn_fre.c
-  tasn_new.c
-  tasn_typ.c
-  tasn_utl.c
-  time_support.c
-)
@@ -70,7 +70,7 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
    return M_ASN1_BIT_STRING_set(x, d, len);
 }

-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, unsigned char **pp)
 {
    int ret, j, bits, len;
    unsigned char *p, *d;
@@ -233,7 +233,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
    return (1);
 }

-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 {
    int w, v;

@@ -250,7 +250,7 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
 * which is not specified in 'flags', 1 otherwise.
 * 'len' is the length of 'flags'.
 */
-int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
                          unsigned char *flags, int flags_len)
 {
    int i, ok;
@@ -62,17 +62,30 @@
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 {
    int r;
-    unsigned char *p;
+    unsigned char *p, *allocated = NULL;

    r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
    if (pp == NULL)
        return (r);
-    p = *pp;
+
+    if (*pp == NULL) {
+        if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
+            OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        p = *pp;
+    }

    ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
-    *(p++) = (unsigned char)a;
-    *pp = p;
-    return (r);
+    *p = (unsigned char)a;
+
+    /*
+     * If a new buffer was allocated, just return it back.
+     * If not, return the incremented buffer pointer.
+     */
+    *pp = allocated != NULL ? allocated : p + 1;
+    return r;
 }

 int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
@@ -58,240 +58,36 @@

 #include <limits.h>

-#include <openssl/buf.h>
+#include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>

-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
-
-#ifndef NO_OLD_ASN1
-# ifndef OPENSSL_NO_FP_API
-
-void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
-{
-    BIO *b;
-    void *ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
-        return (NULL);
-    }
-    BIO_set_fp(b, in, BIO_NOCLOSE);
-    ret = ASN1_d2i_bio(xnew, d2i, b, x);
-    BIO_free(b);
-    return (ret);
-}
-# endif
-
-void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
-{
-    BUF_MEM *b = NULL;
-    const unsigned char *p;
-    void *ret = NULL;
-    int len;
-
-    len = asn1_d2i_read_bio(in, &b);
-    if (len < 0)
-        goto err;
-
-    p = (unsigned char *)b->data;
-    ret = d2i(x, &p, len);
- err:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return (ret);
-}
-
-#endif

 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
 {
-    BUF_MEM *b = NULL;
-    const unsigned char *p;
-    void *ret = NULL;
-    int len;
-
-    len = asn1_d2i_read_bio(in, &b);
-    if (len < 0)
-        goto err;
-
-    p = (const unsigned char *)b->data;
-    ret = ASN1_item_d2i(x, &p, len, it);
- err:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return (ret);
+    uint8_t *data;
+    size_t len;
+    // Historically, this function did not impose a limit in OpenSSL and is used
+    // to read CRLs, so we leave this without an external bound.
+    if (!BIO_read_asn1(in, &data, &len, INT_MAX)) {
+        return NULL;
+    }
+    const uint8_t *ptr = data;
+    void *ret = ASN1_item_d2i(x, &ptr, len, it);
+    OPENSSL_free(data);
+    return ret;
 }

 #ifndef OPENSSL_NO_FP_API
 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 {
-    BIO *b;
-    char *ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
+    BIO *b = BIO_new_fp(in, BIO_NOCLOSE);
+    if (b == NULL) {
        OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
-        return (NULL);
+        return NULL;
    }
-    BIO_set_fp(b, in, BIO_NOCLOSE);
-    ret = ASN1_item_d2i_bio(it, b, x);
+    void *ret = ASN1_item_d2i_bio(it, b, x);
    BIO_free(b);
-    return (ret);
+    return ret;
 }
 #endif
-
-typedef struct asn1_const_ctx_st
-    {
-    const unsigned char *p;/* work char pointer */
-    int eos;    /* end of sequence read for indefinite encoding */
-    int error;  /* error code to use when returning an error */
-    int inf;    /* constructed if 0x20, indefinite is 0x21 */
-    int tag;    /* tag from last 'get object' */
-    int xclass; /* class from last 'get object' */
-    long slen;  /* length of last 'get object' */
-    const unsigned char *max; /* largest value of p allowed */
-    const unsigned char *q;/* temporary variable */
-    const unsigned char **pp;/* variable */
-    int line;   /* used in error processing */
-    } ASN1_const_CTX;
-
-#define HEADER_SIZE   8
-#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
-{
-    BUF_MEM *b;
-    unsigned char *p;
-    int i;
-    ASN1_const_CTX c;
-    size_t want = HEADER_SIZE;
-    int eos = 0;
-    size_t off = 0;
-    size_t len = 0;
-
-    b = BUF_MEM_new();
-    if (b == NULL) {
-        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-        return -1;
-    }
-
-    ERR_clear_error();
-    for (;;) {
-        if (want >= (len - off)) {
-            want -= (len - off);
-
-            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
-                OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-                goto err;
-            }
-            i = BIO_read(in, &(b->data[len]), want);
-            if ((i < 0) && ((len - off) == 0)) {
-                OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
-                goto err;
-            }
-            if (i > 0) {
-                if (len + i < len) {
-                    OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
-                    goto err;
-                }
-                len += i;
-            }
-        }
-        /* else data already loaded */
-
-        p = (unsigned char *)&(b->data[off]);
-        c.p = p;
-        c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
-                                len - off);
-        if (c.inf & 0x80) {
-            uint32_t e;
-
-            e = ERR_GET_REASON(ERR_peek_error());
-            if (e != ASN1_R_TOO_LONG)
-                goto err;
-            else
-                ERR_clear_error(); /* clear error */
-        }
-        i = c.p - p;            /* header length */
-        off += i;               /* end of data */
-
-        if (c.inf & 1) {
-            /* no data body so go round again */
-            eos++;
-            if (eos < 0) {
-                OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
-                goto err;
-            }
-            want = HEADER_SIZE;
-        } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
-            /* eos value, so go back and read another header */
-            eos--;
-            if (eos <= 0)
-                break;
-            else
-                want = HEADER_SIZE;
-        } else {
-            /* suck in c.slen bytes of data */
-            want = c.slen;
-            if (want > (len - off)) {
-                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
-                want -= (len - off);
-                if (want > INT_MAX /* BIO_read takes an int length */  ||
-                    len + want < len) {
-                    OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
-                    goto err;
-                }
-                while (want > 0) {
-                    /*
-                     * Read content in chunks of increasing size
-                     * so we can return an error for EOF without
-                     * having to allocate the entire content length
-                     * in one go.
-                     */
-                    size_t chunk = want > chunk_max ? chunk_max : want;
-
-                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
-                        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                    }
-                    want -= chunk;
-                    while (chunk > 0) {
-                        i = BIO_read(in, &(b->data[len]), chunk);
-                        if (i <= 0) {
-                            OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
-                            goto err;
-                        }
-                        /*
-                         * This can't overflow because |len+want| didn't
-                         * overflow.
-                         */
-                        len += i;
-                        chunk -= i;
-                    }
-                    if (chunk_max < INT_MAX/2)
-                        chunk_max *= 2;
-                }
-            }
-            if (off + c.slen < off) {
-                OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
-                goto err;
-            }
-            off += c.slen;
-            if (eos <= 0) {
-                break;
-            } else
-                want = HEADER_SIZE;
-        }
-    }
-
-    if (off > INT_MAX) {
-        OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
-        goto err;
-    }
-
-    *pb = b;
-    return off;
- err:
-    if (b != NULL)
-        BUF_MEM_free(b);
-    return -1;
-}
@@ -59,30 +59,6 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>

-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
-{
-    unsigned char *b, *p;
-    const unsigned char *p2;
-    int i;
-    char *ret;
-
-    if (x == NULL)
-        return (NULL);
-
-    i = i2d(x, NULL);
-    b = OPENSSL_malloc(i + 10);
-    if (b == NULL) {
-        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-        return (NULL);
-    }
-    p = b;
-    i = i2d(x, &p);
-    p2 = b;
-    ret = d2i(NULL, &p2, i);
-    OPENSSL_free(b);
-    return (ret);
-}
-
 /*
 * ASN1_ITEM version of dup: this follows the model above except we don't
 * need to allocate the buffer. At some point this could be rewritten to
@@ -108,7 +108,7 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
    return (1);
 }

-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
 {
    int neg = 0, i;

@@ -120,8 +120,8 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
    else if (i != V_ASN1_ENUMERATED)
        return -1;

-    OPENSSL_COMPILE_ASSERT(sizeof(uint64_t) >= sizeof(long),
-                           long_larger_than_uint64_t);
+    OPENSSL_STATIC_ASSERT(sizeof(uint64_t) >= sizeof(long),
+                          "long larger than uint64_t");

    if (a->length > (int)sizeof(uint64_t)) {
        /* hmm... a bit ugly */
@@ -147,7 +147,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
    return r;
 }

-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
 {
    ASN1_ENUMERATED *ret;
    int len, j;
@@ -183,7 +183,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
    return (NULL);
 }

-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
 {
    BIGNUM *ret;

@@ -56,95 +56,33 @@

 #include <openssl/asn1.h>

+#include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>

-int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
-{
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
-        OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
-        return (0);
-    }
-    BIO_set_fp(b, out, BIO_NOCLOSE);
-    ret = ASN1_i2d_bio(i2d, b, x);
-    BIO_free(b);
-    return (ret);
-}
-
-int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, void *x)
-{
-    char *b;
-    unsigned char *p;
-    int i, j = 0, n, ret = 1;
-
-    n = i2d(x, NULL);
-    if (n <= 0)
-        return 0;
-
-    b = (char *)OPENSSL_malloc(n);
-    if (b == NULL) {
-        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-        return (0);
-    }
-
-    p = (unsigned char *)b;
-    i2d(x, &p);
-
-    for (;;) {
-        i = BIO_write(out, &(b[j]), n);
-        if (i == n)
-            break;
-        if (i <= 0) {
-            ret = 0;
-            break;
-        }
-        j += i;
-        n -= i;
-    }
-    OPENSSL_free(b);
-    return (ret);
-}

 int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
 {
-    BIO *b;
-    int ret;
-
-    if ((b = BIO_new(BIO_s_file())) == NULL) {
+    BIO *b = BIO_new_fp(out, BIO_NOCLOSE);
+    if (b == NULL) {
        OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
-        return (0);
+        return 0;
    }
-    BIO_set_fp(b, out, BIO_NOCLOSE);
-    ret = ASN1_item_i2d_bio(it, b, x);
+    int ret = ASN1_item_i2d_bio(it, b, x);
    BIO_free(b);
-    return (ret);
+    return ret;
 }

 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
 {
    unsigned char *b = NULL;
-    int i, j = 0, n, ret = 1;
-
-    n = ASN1_item_i2d(x, &b, it);
+    int n = ASN1_item_i2d(x, &b, it);
    if (b == NULL) {
        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-        return (0);
+        return 0;
    }

-    for (;;) {
-        i = BIO_write(out, &(b[j]), n);
-        if (i == n)
-            break;
-        if (i <= 0) {
-            ret = 0;
-            break;
-        }
-        j += i;
-        n -= i;
-    }
+    int ret = BIO_write_all(out, b, n);
    OPENSSL_free(b);
-    return (ret);
+    return ret;
 }
@@ -115,7 +115,7 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
 * followed by optional zeros isn't padded.
 */

-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+int i2c_ASN1_INTEGER(const ASN1_INTEGER *a, unsigned char **pp)
 {
    int pad = 0, ret, i, neg;
    unsigned char *p, *n, pb = 0;
@@ -195,6 +195,16 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
    unsigned char *to, *s;
    int i;

+    /*
+     * This function can handle lengths up to INT_MAX - 1, but the rest of the
+     * legacy ASN.1 code mixes integer types, so avoid exposing it to
+     * ASN1_INTEGERS with larger lengths.
+     */
+    if (len < 0 || len > INT_MAX / 2) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
+        return NULL;
+    }
+
    if ((a == NULL) || ((*a) == NULL)) {
        if ((ret = M_ASN1_INTEGER_new()) == NULL)
            return (NULL);
@@ -276,75 +286,6 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
    return (NULL);
 }

-/*
- * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
- * integers: some broken software can encode a positive INTEGER with its MSB
- * set as negative (it doesn't add a padding zero).
- */
-
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-                                long length)
-{
-    ASN1_INTEGER *ret = NULL;
-    const unsigned char *p;
-    unsigned char *s;
-    long len;
-    int inf, tag, xclass;
-    int i;
-
-    if ((a == NULL) || ((*a) == NULL)) {
-        if ((ret = M_ASN1_INTEGER_new()) == NULL)
-            return (NULL);
-        ret->type = V_ASN1_INTEGER;
-    } else
-        ret = (*a);
-
-    p = *pp;
-    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
-    if (inf & 0x80) {
-        i = ASN1_R_BAD_OBJECT_HEADER;
-        goto err;
-    }
-
-    if (tag != V_ASN1_INTEGER) {
-        i = ASN1_R_EXPECTING_AN_INTEGER;
-        goto err;
-    }
-
-    /*
-     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
-     * a missing NULL parameter.
-     */
-    s = (unsigned char *)OPENSSL_malloc((int)len + 1);
-    if (s == NULL) {
-        i = ERR_R_MALLOC_FAILURE;
-        goto err;
-    }
-    ret->type = V_ASN1_INTEGER;
-    if (len) {
-        if ((*p == 0) && (len != 1)) {
-            p++;
-            len--;
-        }
-        OPENSSL_memcpy(s, p, (int)len);
-        p += len;
-    }
-
-    if (ret->data != NULL)
-        OPENSSL_free(ret->data);
-    ret->data = s;
-    ret->length = (int)len;
-    if (a != NULL)
-        (*a) = ret;
-    *pp = p;
-    return (ret);
- err:
-    OPENSSL_PUT_ERROR(ASN1, i);
-    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-        M_ASN1_INTEGER_free(ret);
-    return (NULL);
-}
-
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
 {
    if (v >= 0) {
@@ -400,8 +341,8 @@ long ASN1_INTEGER_get(const ASN1_INTEGER *a)
    else if (i != V_ASN1_INTEGER)
        return -1;

-    OPENSSL_COMPILE_ASSERT(sizeof(uint64_t) >= sizeof(long),
-                           long_larger_than_uint64_t);
+    OPENSSL_STATIC_ASSERT(sizeof(uint64_t) >= sizeof(long),
+                          "long larger than uint64_t");

    if (a->length > (int)sizeof(uint64_t)) {
        /* hmm... a bit ugly, return all ones */
@@ -66,9 +66,9 @@
 #include "../internal.h"


-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
 {
-    unsigned char *p;
+    unsigned char *p, *allocated = NULL;
    int objsize;

    if ((a == NULL) || (a->data == NULL))
@@ -78,21 +78,32 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
    if (pp == NULL || objsize == -1)
        return objsize;

-    p = *pp;
+    if (*pp == NULL) {
+        if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
+            OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        p = *pp;
+    }
+
    ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
    OPENSSL_memcpy(p, a->data, a->length);
-    p += a->length;

-    *pp = p;
-    return (objsize);
+    /*
+     * If a new buffer was allocated, just return it back.
+     * If not, return the incremented buffer pointer.
+     */
+    *pp = allocated != NULL ? allocated : p + a->length;
+    return objsize;
 }

-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
 {
    return OBJ_obj2txt(buf, buf_len, a, 0);
 }

-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
 {
    char buf[80], *p = buf;
    int i;
@@ -60,7 +60,6 @@
 #include <time.h>

 #include <openssl/asn1t.h>
-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>

@@ -101,7 +100,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
    return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
 }

-int ASN1_TIME_check(ASN1_TIME *t)
+int ASN1_TIME_check(const ASN1_TIME *t)
 {
    if (t->type == V_ASN1_GENERALIZEDTIME)
        return ASN1_GENERALIZEDTIME_check(t);
@@ -111,7 +110,7 @@ int ASN1_TIME_check(ASN1_TIME *t)
 }

 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
                                                   ASN1_GENERALIZEDTIME **out)
 {
    ASN1_GENERALIZEDTIME *ret = NULL;
@@ -143,11 +142,11 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
    str = (char *)ret->data;
    /* Work out the century and prepend */
    if (t->data[0] >= '5')
-        BUF_strlcpy(str, "19", newlen);
+        OPENSSL_strlcpy(str, "19", newlen);
    else
-        BUF_strlcpy(str, "20", newlen);
+        OPENSSL_strlcpy(str, "20", newlen);

-    BUF_strlcat(str, (char *)t->data, newlen);
+    OPENSSL_strlcat(str, (char *)t->data, newlen);

 done:
   if (out != NULL && *out == NULL)
@@ -61,7 +61,7 @@
 #include <openssl/mem.h>
 #include <openssl/obj.h>

-int ASN1_TYPE_get(ASN1_TYPE *a)
+int ASN1_TYPE_get(const ASN1_TYPE *a)
 {
    if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
        return (a->type);
@@ -205,7 +205,11 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
        } else
            ret = i;
    }
-    if (ret > LONG_MAX)
+    /*
+     * Bound the length to comfortably fit in an int. Lengths in this module
+     * often switch between int and long without overflow checks.
+     */
+    if (ret > INT_MAX / 2)
        return 0;
    *pp = p;
    *rl = (long)ret;
@@ -426,7 +430,7 @@ void ASN1_STRING_length_set(ASN1_STRING *x, int len)
    return;
 }

-int ASN1_STRING_type(ASN1_STRING *x)
+int ASN1_STRING_type(const ASN1_STRING *x)
 {
    return M_ASN1_STRING_type(x);
 }
@@ -24,6 +24,8 @@
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
+#include <openssl/obj.h>
+#include <openssl/span.h>

 #include "../test/test_util.h"

@@ -148,3 +150,37 @@ TEST(ASN1Test, Recursive) {
  // is too deep, so the |ASN1_R_NESTED_TOO_DEEP| entry drops off the queue.
  ASN1_LINKED_LIST_free(list);
 }
+
+template <typename T>
+void TestSerialize(T obj, int (*i2d_func)(T a, uint8_t **pp),
+                   bssl::Span<const uint8_t> expected) {
+  int len = static_cast<int>(expected.size());
+  ASSERT_EQ(i2d_func(obj, nullptr), len);
+
+  std::vector<uint8_t> buf(expected.size());
+  uint8_t *ptr = buf.data();
+  ASSERT_EQ(i2d_func(obj, &ptr), len);
+  EXPECT_EQ(ptr, buf.data() + buf.size());
+  EXPECT_EQ(Bytes(expected), Bytes(buf));
+
+  // Test the allocating version.
+  ptr = nullptr;
+  ASSERT_EQ(i2d_func(obj, &ptr), len);
+  EXPECT_EQ(Bytes(expected), Bytes(ptr, expected.size()));
+  OPENSSL_free(ptr);
+}
+
+TEST(ASN1Test, SerializeObject) {
+  static const uint8_t kDER[] = {0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+                                 0xf7, 0x0d, 0x01, 0x01, 0x01};
+  const ASN1_OBJECT *obj = OBJ_nid2obj(NID_rsaEncryption);
+  TestSerialize(obj, i2d_ASN1_OBJECT, kDER);
+}
+
+TEST(ASN1Test, SerializeBoolean) {
+  static const uint8_t kTrue[] = {0x01, 0x01, 0xff};
+  TestSerialize(0xff, i2d_ASN1_BOOLEAN, kTrue);
+
+  static const uint8_t kFalse[] = {0x01, 0x01, 0x00};
+  TestSerialize(0x00, i2d_ASN1_BOOLEAN, kFalse);
+}
@@ -93,7 +93,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)

 /* Extract an ASN1 object from an ASN1_STRING */

-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
 {
    const unsigned char *p;
    void *ret;
@@ -60,7 +60,7 @@

 /* Based on a_int.c: equivalent ENUMERATED functions */

-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
 {
    int i, n = 0;
    static const char *h = "0123456789ABCDEF";
@@ -58,7 +58,7 @@

 #include <openssl/bio.h>

-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
 {
    int i, n = 0;
    static const char *h = "0123456789ABCDEF";
@@ -58,7 +58,7 @@

 #include <openssl/bio.h>

-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
 {
    int i, n = 0;
    static const char *h = "0123456789ABCDEF";
@@ -192,7 +192,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
        /* Use indefinite length constructed if requested */
        if (aclass & ASN1_TFLG_NDEF)
            ndef = 2;
-        /* fall through */
+        OPENSSL_FALLTHROUGH;

    case ASN1_ITYPE_SEQUENCE:
        i = asn1_enc_restore(&seqcontlen, out, pval, it);
@@ -1,9 +0,0 @@
-include_directories(../../include)
-
-add_library(
-  base64
-
-  OBJECT
-
-  base64.c
-)
@@ -98,8 +98,8 @@ static uint8_t conv_bin2ascii(uint8_t a) {
  return ret;
 }

-OPENSSL_COMPILE_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
-                       data_length_must_be_multiple_of_base64_chunk_size);
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
+                      "data length must be a multiple of base64 chunk size");

 int EVP_EncodedLength(size_t *out_len, size_t len) {
  if (len + 2 < len) {
@@ -39,14 +39,14 @@ enum encoding_relation {
  invalid,
 };

-struct TestVector {
+struct Base64TestVector {
  enum encoding_relation relation;
  const char *decoded;
  const char *encoded;
 };

 // Test vectors from RFC 4648.
-static const TestVector kTestVectors[] = {
+static const Base64TestVector kTestVectors[] = {
    {canonical, "", ""},
    {canonical, "f", "Zg==\n"},
    {canonical, "fo", "Zm8=\n"},
@@ -103,9 +103,9 @@ static const TestVector kTestVectors[] = {
     "=======\n"},
 };

-class Base64Test : public testing::TestWithParam<TestVector> {};
+class Base64Test : public testing::TestWithParam<Base64TestVector> {};

-INSTANTIATE_TEST_CASE_P(, Base64Test, testing::ValuesIn(kTestVectors));
+INSTANTIATE_TEST_SUITE_P(All, Base64Test, testing::ValuesIn(kTestVectors));

 // RemoveNewlines returns a copy of |in| with all '\n' characters removed.
 static std::string RemoveNewlines(const char *in) {
@@ -122,7 +122,7 @@ static std::string RemoveNewlines(const char *in) {
 }

 TEST_P(Base64Test, EncodeBlock) {
-  const TestVector &t = GetParam();
+  const Base64TestVector &t = GetParam();
  if (t.relation != canonical) {
    return;
  }
@@ -140,7 +140,7 @@ TEST_P(Base64Test, EncodeBlock) {
 }

 TEST_P(Base64Test, DecodeBase64) {
-  const TestVector &t = GetParam();
+  const Base64TestVector &t = GetParam();
  if (t.relation == valid) {
    // The non-canonical encodings will generally have odd whitespace etc
    // that |EVP_DecodeBase64| will reject.
@@ -164,7 +164,7 @@ TEST_P(Base64Test, DecodeBase64) {
 }

 TEST_P(Base64Test, DecodeBlock) {
-  const TestVector &t = GetParam();
+  const Base64TestVector &t = GetParam();
  if (t.relation != canonical) {
    return;
  }
@@ -188,7 +188,7 @@ TEST_P(Base64Test, DecodeBlock) {
 }

 TEST_P(Base64Test, EncodeDecode) {
-  const TestVector &t = GetParam();
+  const Base64TestVector &t = GetParam();

  EVP_ENCODE_CTX ctx;
  const size_t decoded_len = strlen(t.decoded);
@@ -246,7 +246,7 @@ TEST_P(Base64Test, EncodeDecode) {
 }

 TEST_P(Base64Test, DecodeUpdateStreaming) {
-  const TestVector &t = GetParam();
+  const Base64TestVector &t = GetParam();
  if (t.relation == invalid) {
    return;
  }
@@ -1,18 +0,0 @@
-include_directories(../../include)
-
-add_library(
-  bio
-
-  OBJECT
-
-  bio.c
-  bio_mem.c
-  connect.c
-  fd.c
-  file.c
-  hexdump.c
-  pair.c
-  printf.c
-  socket.c
-  socket_helper.c
-)
@@ -61,6 +61,7 @@
 #include <limits.h>
 #include <string.h>

+#include <openssl/asn1.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
 #include <openssl/thread.h>
@@ -177,6 +178,19 @@ int BIO_write(BIO *bio, const void *in, int inl) {
  return ret;
 }

+int BIO_write_all(BIO *bio, const void *data, size_t len) {
+  const uint8_t *data_u8 = data;
+  while (len > 0) {
+    int ret = BIO_write(bio, data_u8, len > INT_MAX ? INT_MAX : (int)len);
+    if (ret <= 0) {
+      return 0;
+    }
+    data_u8 += ret;
+    len -= ret;
+  }
+  return 1;
+}
+
 int BIO_puts(BIO *bio, const char *in) {
  return BIO_write(bio, in, strlen(in));
 }
@@ -468,11 +482,52 @@ static int bio_read_all(BIO *bio, uint8_t **out, size_t *out_len,
  }
 }

+// bio_read_full reads |len| bytes |bio| and writes them into |out|. It
+// tolerates partial reads from |bio| and returns one on success or zero if a
+// read fails before |len| bytes are read. On failure, it additionally sets
+// |*out_eof_on_first_read| to whether the error was due to |bio| returning zero
+// on the first read. |out_eof_on_first_read| may be NULL to discard the value.
+static int bio_read_full(BIO *bio, uint8_t *out, int *out_eof_on_first_read,
+                         size_t len) {
+  int first_read = 1;
+  while (len > 0) {
+    int todo = len <= INT_MAX ? (int)len : INT_MAX;
+    int ret = BIO_read(bio, out, todo);
+    if (ret <= 0) {
+      if (out_eof_on_first_read != NULL) {
+        *out_eof_on_first_read = first_read && ret == 0;
+      }
+      return 0;
+    }
+    out += ret;
+    len -= (size_t)ret;
+    first_read = 0;
+  }
+
+  return 1;
+}
+
+// For compatibility with existing |d2i_*_bio| callers, |BIO_read_asn1| uses
+// |ERR_LIB_ASN1| errors.
+OPENSSL_DECLARE_ERROR_REASON(ASN1, ASN1_R_DECODE_ERROR)
+OPENSSL_DECLARE_ERROR_REASON(ASN1, ASN1_R_HEADER_TOO_LONG)
+OPENSSL_DECLARE_ERROR_REASON(ASN1, ASN1_R_NOT_ENOUGH_DATA)
+OPENSSL_DECLARE_ERROR_REASON(ASN1, ASN1_R_TOO_LONG)
+
 int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
  uint8_t header[6];

  static const size_t kInitialHeaderLen = 2;
-  if (BIO_read(bio, header, kInitialHeaderLen) != (int) kInitialHeaderLen) {
+  int eof_on_first_read;
+  if (!bio_read_full(bio, header, &eof_on_first_read, kInitialHeaderLen)) {
+    if (eof_on_first_read) {
+      // Historically, OpenSSL returned |ASN1_R_HEADER_TOO_LONG| when
+      // |d2i_*_bio| could not read anything. CPython conditions on this to
+      // determine if |bio| was empty.
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
+    } else {
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
+    }
    return 0;
  }

@@ -481,6 +536,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {

  if ((tag & 0x1f) == 0x1f) {
    // Long form tags are not supported.
+    OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
    return 0;
  }

@@ -494,34 +550,40 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {

    if ((tag & 0x20 /* constructed */) != 0 && num_bytes == 0) {
      // indefinite length.
-      return bio_read_all(bio, out, out_len, header, kInitialHeaderLen,
-                          max_len);
+      if (!bio_read_all(bio, out, out_len, header, kInitialHeaderLen,
+                        max_len)) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
+        return 0;
+      }
+      return 1;
    }

    if (num_bytes == 0 || num_bytes > 4) {
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
      return 0;
    }

-    if (BIO_read(bio, header + kInitialHeaderLen, num_bytes) !=
-        (int)num_bytes) {
+    if (!bio_read_full(bio, header + kInitialHeaderLen, NULL, num_bytes)) {
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
      return 0;
    }
    header_len = kInitialHeaderLen + num_bytes;

    uint32_t len32 = 0;
-    unsigned i;
-    for (i = 0; i < num_bytes; i++) {
+    for (unsigned i = 0; i < num_bytes; i++) {
      len32 <<= 8;
      len32 |= header[kInitialHeaderLen + i];
    }

    if (len32 < 128) {
      // Length should have used short-form encoding.
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
      return 0;
    }

    if ((len32 >> ((num_bytes-1)*8)) == 0) {
      // Length should have been at least one byte shorter.
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
      return 0;
    }

@@ -531,6 +593,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
  if (len + header_len < len ||
      len + header_len > max_len ||
      len > INT_MAX) {
+    OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
    return 0;
  }
  len += header_len;
@@ -538,11 +601,12 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {

  *out = OPENSSL_malloc(len);
  if (*out == NULL) {
+    OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
    return 0;
  }
  OPENSSL_memcpy(*out, header, header_len);
-  if (BIO_read(bio, (*out) + header_len, len - header_len) !=
-      (int) (len - header_len)) {
+  if (!bio_read_full(bio, (*out) + header_len, NULL, len - header_len)) {
+    OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
    OPENSSL_free(*out);
    return 0;
  }
@@ -220,7 +220,7 @@ TEST_P(BIOASN1Test, ReadASN1) {
  }
 }

-INSTANTIATE_TEST_CASE_P(, BIOASN1Test, testing::ValuesIn(kASN1TestParams));
+INSTANTIATE_TEST_SUITE_P(All, BIOASN1Test, testing::ValuesIn(kASN1TestParams));

 // Run through the tests twice, swapping |bio1| and |bio2|, for symmetry.
 class BIOPairTest : public testing::TestWithParam<bool> {};
@@ -322,4 +322,4 @@ TEST_P(BIOPairTest, TestPair) {
  EXPECT_EQ(Bytes("12345"), Bytes(buf, 5));
 }

-INSTANTIATE_TEST_CASE_P(, BIOPairTest, testing::Values(false, true));
+INSTANTIATE_TEST_SUITE_P(All, BIOPairTest, testing::Values(false, true));
@@ -74,7 +74,6 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 OPENSSL_MSVC_PRAGMA(warning(pop))
 #endif

-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>

@@ -149,7 +148,7 @@ static int split_host_and_port(char **out_host, char **out_port, const char *nam
    }
  }

-  *out_host = BUF_strndup(host, host_len);
+  *out_host = OPENSSL_strndup(host, host_len);
  if (*out_host == NULL) {
    return 0;
  }
@@ -429,13 +428,13 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) {
        bio->init = 1;
        if (num == 0) {
          OPENSSL_free(data->param_hostname);
-          data->param_hostname = BUF_strdup(ptr);
+          data->param_hostname = OPENSSL_strdup(ptr);
          if (data->param_hostname == NULL) {
            ret = 0;
          }
        } else if (num == 1) {
          OPENSSL_free(data->param_port);
-          data->param_port = BUF_strdup(ptr);
+          data->param_port = OPENSSL_strdup(ptr);
          if (data->param_port == NULL) {
            ret = 0;
          }
@@ -70,7 +70,6 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
 OPENSSL_MSVC_PRAGMA(warning(pop))
 #endif

-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>

@@ -79,7 +79,6 @@
 #include <stdio.h>
 #include <string.h>

-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>

@@ -107,13 +106,12 @@ BIO *BIO_new_file(const char *filename, const char *mode) {
    return NULL;
  }

-  ret = BIO_new(BIO_s_file());
+  ret = BIO_new_fp(file, BIO_CLOSE);
  if (ret == NULL) {
    fclose(file);
    return NULL;
  }

-  BIO_set_fp(ret, file, BIO_CLOSE);
  return ret;
 }

@@ -209,16 +207,16 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) {
      b->shutdown = (int)num & BIO_CLOSE;
      if (num & BIO_FP_APPEND) {
        if (num & BIO_FP_READ) {
-          BUF_strlcpy(p, "a+", sizeof(p));
+          OPENSSL_strlcpy(p, "a+", sizeof(p));
        } else {
-          BUF_strlcpy(p, "a", sizeof(p));
+          OPENSSL_strlcpy(p, "a", sizeof(p));
        }
      } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) {
-        BUF_strlcpy(p, "r+", sizeof(p));
+        OPENSSL_strlcpy(p, "r+", sizeof(p));
      } else if (num & BIO_FP_WRITE) {
-        BUF_strlcpy(p, "w", sizeof(p));
+        OPENSSL_strlcpy(p, "w", sizeof(p));
      } else if (num & BIO_FP_READ) {
-        BUF_strlcpy(p, "r", sizeof(p));
+        OPENSSL_strlcpy(p, "r", sizeof(p));
      } else {
        OPENSSL_PUT_ERROR(BIO, BIO_R_BAD_FOPEN_MODE);
        ret = 0;
@@ -55,7 +55,6 @@
 #include <assert.h>
 #include <string.h>

-#include <openssl/buf.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>

@@ -1,10 +0,0 @@
-include_directories(../../include)
-
-add_library(
-  bn_extra
-
-  OBJECT
-
-  bn_asn1.c
-  convert.c
-)
@@ -367,17 +367,13 @@ end:
 }

 int BN_print_fp(FILE *fp, const BIGNUM *a) {
-  BIO *b;
-  int ret;
-
-  b = BIO_new(BIO_s_file());
+  BIO *b = BIO_new_fp(fp, BIO_NOCLOSE);
  if (b == NULL) {
    return 0;
  }
-  BIO_set_fp(b, fp, BIO_NOCLOSE);
-  ret = BN_print(b, a);
-  BIO_free(b);

+  int ret = BN_print(b, a);
+  BIO_free(b);
  return ret;
 }

@@ -464,3 +460,11 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) {
  }
  return out;
 }
+
+int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len) {
+  if (len < 0 ||
+      !BN_bn2bin_padded(out, (size_t)len, in)) {
+    return -1;
+  }
+  return len;
+}
@@ -1,9 +0,0 @@
-include_directories(../../include)
-
-add_library(
-  buf
-
-  OBJECT
-
-  buf.c
-)
@@ -132,6 +132,10 @@ size_t BUF_MEM_grow_clean(BUF_MEM *buf, size_t len) {
 }

 int BUF_MEM_append(BUF_MEM *buf, const void *in, size_t len) {
+  // Work around a C language bug. See https://crbug.com/1019588.
+  if (len == 0) {
+    return 1;
+  }
  size_t new_len = buf->length + len;
  if (new_len < len) {
    OPENSSL_PUT_ERROR(BUF, ERR_R_OVERFLOW);
@@ -145,87 +149,24 @@ int BUF_MEM_append(BUF_MEM *buf, const void *in, size_t len) {
  return 1;
 }

-char *BUF_strdup(const char *str) {
-  if (str == NULL) {
-    return NULL;
-  }
-
-  return BUF_strndup(str, strlen(str));
-}
+char *BUF_strdup(const char *str) { return OPENSSL_strdup(str); }

 size_t BUF_strnlen(const char *str, size_t max_len) {
-  size_t i;
-
-  for (i = 0; i < max_len; i++) {
-    if (str[i] == 0) {
-      break;
-    }
-  }
-
-  return i;
+  return OPENSSL_strnlen(str, max_len);
 }

 char *BUF_strndup(const char *str, size_t size) {
-  char *ret;
-  size_t alloc_size;
-
-  if (str == NULL) {
-    return NULL;
-  }
-
-  size = BUF_strnlen(str, size);
-
-  alloc_size = size + 1;
-  if (alloc_size < size) {
-    // overflow
-    OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-  ret = OPENSSL_malloc(alloc_size);
-  if (ret == NULL) {
-    OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-
-  OPENSSL_memcpy(ret, str, size);
-  ret[size] = '\0';
-  return ret;
+  return OPENSSL_strndup(str, size);
 }

 size_t BUF_strlcpy(char *dst, const char *src, size_t dst_size) {
-  size_t l = 0;
-
-  for (; dst_size > 1 && *src; dst_size--) {
-    *dst++ = *src++;
-    l++;
-  }
-
-  if (dst_size) {
-    *dst = 0;
-  }
-
-  return l + strlen(src);
+  return OPENSSL_strlcpy(dst, src, dst_size);
 }

 size_t BUF_strlcat(char *dst, const char *src, size_t dst_size) {
-  size_t l = 0;
-  for (; dst_size > 0 && *dst; dst_size--, dst++) {
-    l++;
-  }
-  return l + BUF_strlcpy(dst, src, dst_size);
+  return OPENSSL_strlcat(dst, src, dst_size);
 }

 void *BUF_memdup(const void *data, size_t size) {
-  if (size == 0) {
-    return NULL;
-  }
-
-  void *ret = OPENSSL_malloc(size);
-  if (ret == NULL) {
-    OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-
-  OPENSSL_memcpy(ret, data, size);
-  return ret;
+  return OPENSSL_memdup(data, size);
 }
@@ -1,13 +0,0 @@
-include_directories(../../include)
-
-add_library(
-  bytestring
-
-  OBJECT
-
-  asn1_compat.c
-  ber.c
-  cbs.c
-  cbb.c
-  unicode.c
-)
@@ -12,10 +12,6 @@
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

-#if !defined(__STDC_CONSTANT_MACROS)
-#define __STDC_CONSTANT_MACROS
-#endif
-
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -46,10 +42,12 @@ TEST(CBSTest, Skip) {
 }

 TEST(CBSTest, GetUint) {
-  static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
+  static const uint8_t kData[] = {1,  2,  3,  4,  5,  6,  7,  8,  9,  10,
+                                  11, 12, 13, 14, 15, 16, 17, 18, 19, 20};
  uint8_t u8;
  uint16_t u16;
  uint32_t u32;
+  uint64_t u64;
  CBS data;

  CBS_init(&data, kData, sizeof(kData));
@@ -61,12 +59,22 @@ TEST(CBSTest, GetUint) {
  EXPECT_EQ(0x40506u, u32);
  ASSERT_TRUE(CBS_get_u32(&data, &u32));
  EXPECT_EQ(0x708090au, u32);
+  ASSERT_TRUE(CBS_get_u64(&data, &u64));
+  EXPECT_EQ(0xb0c0d0e0f101112u, u64);
  ASSERT_TRUE(CBS_get_last_u8(&data, &u8));
-  EXPECT_EQ(0xcu, u8);
+  EXPECT_EQ(0x14u, u8);
  ASSERT_TRUE(CBS_get_last_u8(&data, &u8));
-  EXPECT_EQ(0xbu, u8);
+  EXPECT_EQ(0x13u, u8);
  EXPECT_FALSE(CBS_get_u8(&data, &u8));
  EXPECT_FALSE(CBS_get_last_u8(&data, &u8));
+
+  CBS_init(&data, kData, sizeof(kData));
+  ASSERT_TRUE(CBS_get_u16le(&data, &u16));
+  EXPECT_EQ(0x0201u, u16);
+  ASSERT_TRUE(CBS_get_u32le(&data, &u32));
+  EXPECT_EQ(0x06050403u, u32);
+  ASSERT_TRUE(CBS_get_u64le(&data, &u64));
+  EXPECT_EQ(0x0e0d0c0b0a090807u, u64);
 }

 TEST(CBSTest, GetPrefixed) {
@@ -314,7 +322,11 @@ TEST(CBBTest, InitUninitialized) {
 }

 TEST(CBBTest, Basic) {
-  static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc};
+  static const uint8_t kExpected[] = {1,   2,    3,    4,    5,    6,   7,
+                                      8,   9,    0xa,  0xb,  0xc,  0xd, 0xe,
+                                      0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 3, 2,
+                                      10,  9,    8,    7,    0x12, 0x11, 0x10,
+                                      0xf, 0xe,  0xd,  0xc,  0xb};
  uint8_t *buf;
  size_t buf_len;

@@ -327,7 +339,11 @@ TEST(CBBTest, Basic) {
  ASSERT_TRUE(CBB_add_u16(cbb.get(), 0x203));
  ASSERT_TRUE(CBB_add_u24(cbb.get(), 0x40506));
  ASSERT_TRUE(CBB_add_u32(cbb.get(), 0x708090a));
-  ASSERT_TRUE(CBB_add_bytes(cbb.get(), (const uint8_t *)"\x0b\x0c", 2));
+  ASSERT_TRUE(CBB_add_u64(cbb.get(), 0xb0c0d0e0f101112));
+  ASSERT_TRUE(CBB_add_bytes(cbb.get(), (const uint8_t *)"\x13\x14", 2));
+  ASSERT_TRUE(CBB_add_u16le(cbb.get(), 0x203));
+  ASSERT_TRUE(CBB_add_u32le(cbb.get(), 0x708090a));
+  ASSERT_TRUE(CBB_add_u64le(cbb.get(), 0xb0c0d0e0f101112));
  ASSERT_TRUE(CBB_finish(cbb.get(), &buf, &buf_len));

  bssl::UniquePtr<uint8_t> scoper(buf);
@@ -751,6 +767,79 @@ TEST(CBSTest, ASN1Uint64) {
  }
 }

+struct ASN1Int64Test {
+  int64_t value;
+  const char *encoding;
+  size_t encoding_len;
+};
+
+static const ASN1Int64Test kASN1Int64Tests[] = {
+    {0, "\x02\x01\x00", 3},
+    {1, "\x02\x01\x01", 3},
+    {-1, "\x02\x01\xff", 3},
+    {127, "\x02\x01\x7f", 3},
+    {-127, "\x02\x01\x81", 3},
+    {128, "\x02\x02\x00\x80", 4},
+    {-128, "\x02\x01\x80", 3},
+    {129, "\x02\x02\x00\x81", 4},
+    {-129, "\x02\x02\xff\x7f", 4},
+    {0xdeadbeef, "\x02\x05\x00\xde\xad\xbe\xef", 7},
+    {INT64_C(0x0102030405060708), "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08",
+     10},
+    {INT64_MIN, "\x02\x08\x80\x00\x00\x00\x00\x00\x00\x00", 10},
+    {INT64_MAX, "\x02\x08\x7f\xff\xff\xff\xff\xff\xff\xff", 10},
+};
+
+struct ASN1InvalidInt64Test {
+  const char *encoding;
+  size_t encoding_len;
+};
+
+static const ASN1InvalidInt64Test kASN1InvalidInt64Tests[] = {
+    // Bad tag.
+    {"\x03\x01\x00", 3},
+    // Empty contents.
+    {"\x02\x00", 2},
+    // Overflow.
+    {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11},
+    // Leading zeros.
+    {"\x02\x02\x00\x01", 4},
+    // Leading 0xff.
+    {"\x02\x02\xff\xff", 4},
+};
+
+TEST(CBSTest, ASN1Int64) {
+  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Int64Tests); i++) {
+    SCOPED_TRACE(i);
+    const ASN1Int64Test *test = &kASN1Int64Tests[i];
+    CBS cbs;
+    int64_t value;
+    uint8_t *out;
+    size_t len;
+
+    CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len);
+    ASSERT_TRUE(CBS_get_asn1_int64(&cbs, &value));
+    EXPECT_EQ(0u, CBS_len(&cbs));
+    EXPECT_EQ(test->value, value);
+
+    bssl::ScopedCBB cbb;
+    ASSERT_TRUE(CBB_init(cbb.get(), 0));
+    ASSERT_TRUE(CBB_add_asn1_int64(cbb.get(), test->value));
+    ASSERT_TRUE(CBB_finish(cbb.get(), &out, &len));
+    bssl::UniquePtr<uint8_t> scoper(out);
+    EXPECT_EQ(Bytes(test->encoding, test->encoding_len), Bytes(out, len));
+  }
+
+  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kASN1InvalidInt64Tests); i++) {
+    const ASN1InvalidInt64Test *test = &kASN1InvalidInt64Tests[i];
+    CBS cbs;
+    int64_t value;
+
+    CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len);
+    EXPECT_FALSE(CBS_get_asn1_int64(&cbs, &value));
+  }
+}
+
 TEST(CBBTest, Zero) {
  CBB cbb;
  CBB_zero(&cbb);
@@ -18,7 +18,6 @@
 #include <limits.h>
 #include <string.h>

-#include <openssl/buf.h>
 #include <openssl/mem.h>

 #include "../internal.h"
@@ -44,7 +43,7 @@ static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) {
  base->error = 0;

  cbb->base = base;
-  cbb->is_top_level = 1;
+  cbb->is_child = 0;
  return 1;
 }

@@ -76,11 +75,14 @@ int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) {
 }

 void CBB_cleanup(CBB *cbb) {
-  if (cbb->base) {
-    // Only top-level |CBB|s are cleaned up. Child |CBB|s are non-owning. They
-    // are implicitly discarded when the parent is flushed or cleaned up.
-    assert(cbb->is_top_level);
+  // Child |CBB|s are non-owning. They are implicitly discarded and should not
+  // be used with |CBB_cleanup| or |ScopedCBB|.
+  assert(!cbb->is_child);
+  if (cbb->is_child) {
+    return;
+  }

+  if (cbb->base) {
    if (cbb->base->can_resize) {
      OPENSSL_free(cbb->base->buf);
    }
@@ -144,7 +146,7 @@ static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out,
  return 1;
 }

-static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint32_t v,
+static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint64_t v,
                            size_t len_len) {
  if (len_len == 0) {
    return 1;
@@ -169,7 +171,7 @@ static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint32_t v,
 }

 int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) {
-  if (!cbb->is_top_level) {
+  if (cbb->is_child) {
    return 0;
  }

@@ -310,6 +312,7 @@ static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents,
  OPENSSL_memset(prefix_bytes, 0, len_len);
  OPENSSL_memset(out_contents, 0, sizeof(CBB));
  out_contents->base = cbb->base;
+  out_contents->is_child = 1;
  cbb->child = out_contents;
  cbb->child->offset = offset;
  cbb->child->pending_len_len = len_len;
@@ -381,6 +384,7 @@ int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag) {

  OPENSSL_memset(out_contents, 0, sizeof(CBB));
  out_contents->base = cbb->base;
+  out_contents->is_child = 1;
  cbb->child = out_contents;
  cbb->child->offset = offset;
  cbb->child->pending_len_len = 1;
@@ -443,6 +447,10 @@ int CBB_add_u16(CBB *cbb, uint16_t value) {
  return cbb_buffer_add_u(cbb->base, value, 2);
 }

+int CBB_add_u16le(CBB *cbb, uint16_t value) {
+  return CBB_add_u16(cbb, CRYPTO_bswap2(value));
+}
+
 int CBB_add_u24(CBB *cbb, uint32_t value) {
  if (!CBB_flush(cbb)) {
    return 0;
@@ -459,6 +467,21 @@ int CBB_add_u32(CBB *cbb, uint32_t value) {
  return cbb_buffer_add_u(cbb->base, value, 4);
 }

+int CBB_add_u32le(CBB *cbb, uint32_t value) {
+  return CBB_add_u32(cbb, CRYPTO_bswap4(value));
+}
+
+int CBB_add_u64(CBB *cbb, uint64_t value) {
+  if (!CBB_flush(cbb)) {
+    return 0;
+  }
+  return cbb_buffer_add_u(cbb->base, value, 8);
+}
+
+int CBB_add_u64le(CBB *cbb, uint64_t value) {
+  return CBB_add_u64(cbb, CRYPTO_bswap8(value));
+}
+
 void CBB_discard_child(CBB *cbb) {
  if (cbb->child == NULL) {
    return;
@@ -505,6 +528,34 @@ int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) {
  return CBB_flush(cbb);
 }

+int CBB_add_asn1_int64(CBB *cbb, int64_t value) {
+  if (value >= 0) {
+    return CBB_add_asn1_uint64(cbb, value);
+  }
+
+  union {
+    int64_t i;
+    uint8_t bytes[sizeof(int64_t)];
+  } u;
+  u.i = value;
+  int start = 7;
+  // Skip leading sign-extension bytes unless they are necessary.
+  while (start > 0 && (u.bytes[start] == 0xff && (u.bytes[start - 1] & 0x80))) {
+    start--;
+  }
+
+  CBB child;
+  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) {
+    return 0;
+  }
+  for (int i = start; i >= 0; i--) {
+    if (!CBB_add_u8(&child, u.bytes[i])) {
+      return 0;
+    }
+  }
+  return CBB_flush(cbb);
+}
+
 int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) {
  CBB child;
  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) ||
@@ -637,7 +688,7 @@ int CBB_flush_asn1_set_of(CBB *cbb) {
  // remain valid as we rewrite |cbb|.
  int ret = 0;
  size_t buf_len = CBB_len(cbb);
-  uint8_t *buf = BUF_memdup(CBB_data(cbb), buf_len);
+  uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len);
  CBS *children = OPENSSL_malloc(num_children * sizeof(CBS));
  if (buf == NULL || children == NULL) {
    goto err;
@@ -12,11 +12,6 @@
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
-#include <openssl/buf.h>
 #include <openssl/mem.h>
 #include <openssl/bytestring.h>

@@ -65,7 +60,7 @@ int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) {
  if (cbs->len == 0) {
    return 1;
  }
-  *out_ptr = BUF_memdup(cbs->data, cbs->len);
+  *out_ptr = OPENSSL_memdup(cbs->data, cbs->len);
  if (*out_ptr == NULL) {
    return 0;
  }
@@ -77,7 +72,7 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) {
  if (*out_ptr != NULL) {
    OPENSSL_free(*out_ptr);
  }
-  *out_ptr = BUF_strndup((const char*)cbs->data, cbs->len);
+  *out_ptr = OPENSSL_strndup((const char*)cbs->data, cbs->len);
  return (*out_ptr != NULL);
 }

@@ -92,8 +87,8 @@ int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) {
  return CRYPTO_memcmp(cbs->data, data, len) == 0;
 }

-static int cbs_get_u(CBS *cbs, uint32_t *out, size_t len) {
-  uint32_t result = 0;
+static int cbs_get_u(CBS *cbs, uint64_t *out, size_t len) {
+  uint64_t result = 0;
  const uint8_t *data;

  if (!cbs_get(cbs, &data, len)) {
@@ -117,7 +112,7 @@ int CBS_get_u8(CBS *cbs, uint8_t *out) {
 }

 int CBS_get_u16(CBS *cbs, uint16_t *out) {
-  uint32_t v;
+  uint64_t v;
  if (!cbs_get_u(cbs, &v, 2)) {
    return 0;
  }
@@ -125,12 +120,50 @@ int CBS_get_u16(CBS *cbs, uint16_t *out) {
  return 1;
 }

+int CBS_get_u16le(CBS *cbs, uint16_t *out) {
+  if (!CBS_get_u16(cbs, out)) {
+    return 0;
+  }
+  *out = CRYPTO_bswap2(*out);
+  return 1;
+}
+
 int CBS_get_u24(CBS *cbs, uint32_t *out) {
-  return cbs_get_u(cbs, out, 3);
+  uint64_t v;
+  if (!cbs_get_u(cbs, &v, 3)) {
+    return 0;
+  }
+  *out = v;
+  return 1;
 }

 int CBS_get_u32(CBS *cbs, uint32_t *out) {
-  return cbs_get_u(cbs, out, 4);
+  uint64_t v;
+  if (!cbs_get_u(cbs, &v, 4)) {
+    return 0;
+  }
+  *out = v;
+  return 1;
+}
+
+int CBS_get_u32le(CBS *cbs, uint32_t *out) {
+  if (!CBS_get_u32(cbs, out)) {
+    return 0;
+  }
+  *out = CRYPTO_bswap4(*out);
+  return 1;
+}
+
+int CBS_get_u64(CBS *cbs, uint64_t *out) {
+  return cbs_get_u(cbs, out, 8);
+}
+
+int CBS_get_u64le(CBS *cbs, uint64_t *out) {
+  if (!cbs_get_u(cbs, out, 8)) {
+    return 0;
+  }
+  *out = CRYPTO_bswap8(*out);
+  return 1;
 }

 int CBS_get_last_u8(CBS *cbs, uint8_t *out) {
@@ -161,10 +194,13 @@ int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) {
 }

 static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) {
-  uint32_t len;
+  uint64_t len;
  if (!cbs_get_u(cbs, &len, len_len)) {
    return 0;
  }
+  // If |len_len| <= 3 then we know that |len| will fit into a |size_t|, even on
+  // 32-bit systems.
+  assert(len_len <= 3);
  return CBS_get_bytes(cbs, out, len);
 }

@@ -278,7 +314,7 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
    // encode the number of subsequent octets used to encode the length (ITU-T
    // X.690 clause 8.1.3.5.b).
    const size_t num_bytes = length_byte & 0x7f;
-    uint32_t len32;
+    uint64_t len64;

    if (ber_ok && (tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) {
      // indefinite length
@@ -294,20 +330,20 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
    if (num_bytes == 0 || num_bytes > 4) {
      return 0;
    }
-    if (!cbs_get_u(&header, &len32, num_bytes)) {
+    if (!cbs_get_u(&header, &len64, num_bytes)) {
      return 0;
    }
    // ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
    // with the minimum number of octets.
-    if (len32 < 128) {
+    if (len64 < 128) {
      // Length should have used short-form encoding.
      return 0;
    }
-    if ((len32 >> ((num_bytes-1)*8)) == 0) {
+    if ((len64 >> ((num_bytes-1)*8)) == 0) {
      // Length should have been at least one byte shorter.
      return 0;
    }
-    len = len32;
+    len = len64;
    if (len + header_len + num_bytes < len) {
      // Overflow.
      return 0;
@@ -425,6 +461,40 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
  return 1;
 }

+int CBS_get_asn1_int64(CBS *cbs, int64_t *out) {
+  CBS bytes;
+  if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) {
+    return 0;
+  }
+  const uint8_t *data = CBS_data(&bytes);
+  const size_t len = CBS_len(&bytes);
+
+  if (len == 0 || len > sizeof(int64_t)) {
+    // An INTEGER is encoded with at least one octet.
+    return 0;
+  }
+  if (len > 1) {
+    if (data[0] == 0 && (data[1] & 0x80) == 0) {
+      return 0;  // Extra leading zeros.
+    }
+    if (data[0] == 0xff && (data[1] & 0x80) != 0) {
+      return 0;  // Extra leading 0xff.
+    }
+  }
+
+  union {
+    int64_t i;
+    uint8_t bytes[sizeof(int64_t)];
+  } u;
+  const int is_negative = (data[0] & 0x80);
+  memset(u.bytes, is_negative ? 0xff : 0, sizeof(u.bytes));  // Sign-extend.
+  for (size_t i = 0; i < len; i++) {
+    u.bytes[i] = data[len - i - 1];
+  }
+  *out = u.i;
+  return 1;
+}
+
 int CBS_get_asn1_bool(CBS *cbs, int *out) {
  CBS bytes;
  if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) ||
@@ -1,48 +0,0 @@
-include_directories(../../include)
-
-if (${ARCH} STREQUAL "arm")
-  set(
-    CHACHA_ARCH_SOURCES
-
-    chacha-armv4.${ASM_EXT}
-  )
-endif()
-
-if (${ARCH} STREQUAL "aarch64")
-  set(
-    CHACHA_ARCH_SOURCES
-
-    chacha-armv8.${ASM_EXT}
-  )
-endif()
-
-if (${ARCH} STREQUAL "x86")
-  set(
-    CHACHA_ARCH_SOURCES
-
-    chacha-x86.${ASM_EXT}
-  )
-endif()
-
-if (${ARCH} STREQUAL "x86_64")
-  set(
-    CHACHA_ARCH_SOURCES
-
-    chacha-x86_64.${ASM_EXT}
-  )
-endif()
-
-add_library(
-  chacha
-
-  OBJECT
-
-  chacha.c
-
-  ${CHACHA_ARCH_SOURCES}
-)
-
-perlasm(chacha-armv4.${ASM_EXT} asm/chacha-armv4.pl)
-perlasm(chacha-armv8.${ASM_EXT} asm/chacha-armv8.pl)
-perlasm(chacha-x86.${ASM_EXT} asm/chacha-x86.pl)
-perlasm(chacha-x86_64.${ASM_EXT} asm/chacha-x86_64.pl)
@@ -44,9 +44,11 @@ if ($flavour && $flavour ne "void") {
    ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
    die "can't locate arm-xlate.pl";

-    open STDOUT,"| \"$^X\" $xlate $flavour $output";
+    open OUT,"| \"$^X\" $xlate $flavour $output";
+    *STDOUT=*OUT;
 } else {
-    open STDOUT,">$output";
+    open OUT,">$output";
+    *STDOUT=*OUT;
 }

 sub AUTOLOAD()		# thunk [simplified] x86-style perlasm
@@ -1161,4 +1163,4 @@ foreach (split("\n",$code)) {

 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT";
@@ -122,37 +122,32 @@ my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
 $code.=<<___;
 #include <openssl/arm_arch.h>

-.text
-
 .extern	OPENSSL_armcap_P

+.section .rodata
+
 .align	5
 .Lsigma:
 .quad	0x3320646e61707865,0x6b20657479622d32		// endian-neutral
 .Lone:
 .long	1,0,0,0
-.LOPENSSL_armcap_P:
-#ifdef	__ILP32__
-.long	OPENSSL_armcap_P-.
-#else
-.quad	OPENSSL_armcap_P-.
-#endif
 .asciz	"ChaCha20 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"

+.text
+
 .globl	ChaCha20_ctr32
 .type	ChaCha20_ctr32,%function
 .align	5
 ChaCha20_ctr32:
 	cbz	$len,.Labort
-	adr	@x[0],.LOPENSSL_armcap_P
+#if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10
+	adrp	@x[0],:pg_hi21_nc:OPENSSL_armcap_P
+#else
+	adrp	@x[0],:pg_hi21:OPENSSL_armcap_P
+#endif
 	cmp	$len,#192
 	b.lo	.Lshort
-#ifdef	__ILP32__
-	ldrsw	@x[1],[@x[0]]
-#else
-	ldr	@x[1],[@x[0]]
-#endif
-	ldr	w17,[@x[1],@x[0]]
+	ldr	w17,[@x[0],:lo12:OPENSSL_armcap_P]
 	tst	w17,#ARMV7_NEON
 	b.ne	ChaCha20_neon

@@ -160,7 +155,8 @@ ChaCha20_ctr32:
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0

-	adr	@x[0],.Lsigma
+	adrp	@x[0],:pg_hi21:.Lsigma
+	add	@x[0],@x[0],:lo12:.Lsigma
 	stp	x19,x20,[sp,#16]
 	stp	x21,x22,[sp,#32]
 	stp	x23,x24,[sp,#48]
@@ -380,7 +376,8 @@ ChaCha20_neon:
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0

-	adr	@x[0],.Lsigma
+	adrp	@x[0],:pg_hi21:.Lsigma
+	add	@x[0],@x[0],:lo12:.Lsigma
 	stp	x19,x20,[sp,#16]
 	stp	x21,x22,[sp,#32]
 	stp	x23,x24,[sp,#48]
@@ -699,7 +696,8 @@ ChaCha20_512_neon:
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0

-	adr	@x[0],.Lsigma
+	adrp	@x[0],:pg_hi21:.Lsigma
+	add	@x[0],@x[0],:lo12:.Lsigma
 	stp	x19,x20,[sp,#16]
 	stp	x21,x22,[sp,#32]
 	stp	x23,x24,[sp,#48]
@@ -1133,4 +1131,4 @@ foreach (split("\n",$code)) {

 	print $_,"\n";
 }
-close STDOUT;	# flush
+close STDOUT or die "error closing STDOUT";	# flush
@@ -769,4 +769,4 @@ sub SSSE3ROUND {	# critical path is 20 "SIMD ticks" per round

 &asm_finish();

-close STDOUT;
+close STDOUT or die "error closing STDOUT";
@@ -228,6 +228,7 @@ $code.=<<___;
 .type	ChaCha20_ctr32,\@function,5
 .align	64
 ChaCha20_ctr32:
+.cfi_startproc
 	cmp	\$0,$len
 	je	.Lno_data
 	mov	OPENSSL_ia32cap_P+4(%rip),%r10
@@ -241,12 +242,19 @@ $code.=<<___;
 	jnz	.LChaCha20_ssse3

 	push	%rbx
+.cfi_push	rbx
 	push	%rbp
+.cfi_push	rbp
 	push	%r12
+.cfi_push	r12
 	push	%r13
+.cfi_push	r13
 	push	%r14
+.cfi_push	r14
 	push	%r15
+.cfi_push	r15
 	sub	\$64+24,%rsp
+.cfi_adjust_cfa_offset	`64+24`
 .Lctr32_body:

 	#movdqa	.Lsigma(%rip),%xmm0
@@ -388,14 +396,22 @@ $code.=<<___;
 .Ldone:
 	lea	64+24+48(%rsp),%rsi
 	mov	-48(%rsi),%r15
+.cfi_restore	r15
 	mov	-40(%rsi),%r14
+.cfi_restore	r14
 	mov	-32(%rsi),%r13
+.cfi_restore	r13
 	mov	-24(%rsi),%r12
+.cfi_restore	r12
 	mov	-16(%rsi),%rbp
+.cfi_restore	rbp
 	mov	-8(%rsi),%rbx
+.cfi_restore	rbx
 	lea	(%rsi),%rsp
+.cfi_adjust_cfa_offset	`-64-24-48`
 .Lno_data:
 	ret
+.cfi_endproc
 .size	ChaCha20_ctr32,.-ChaCha20_ctr32
 ___

@@ -435,7 +451,9 @@ $code.=<<___;
 .align	32
 ChaCha20_ssse3:
 .LChaCha20_ssse3:
+.cfi_startproc
 	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	r9
 ___
 $code.=<<___;
 	cmp	\$128,$len		# we might throw away some data,
@@ -547,8 +565,10 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	lea	(%r9),%rsp
+.cfi_def_cfa_register	rsp
 .Lssse3_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_ssse3,.-ChaCha20_ssse3
 ___
 }
@@ -691,7 +711,9 @@ $code.=<<___;
 .align	32
 ChaCha20_4x:
 .LChaCha20_4x:
+.cfi_startproc
 	mov		%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	r9
 	mov		%r10,%r11
 ___
 $code.=<<___	if ($avx>1);
@@ -1131,8 +1153,10 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	lea		(%r9),%rsp
+.cfi_def_cfa_register	rsp
 .L4x_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_4x,.-ChaCha20_4x
 ___
 }
@@ -1266,7 +1290,9 @@ $code.=<<___;
 .align	32
 ChaCha20_8x:
 .LChaCha20_8x:
+.cfi_startproc
 	mov		%rsp,%r9		# frame register
+.cfi_def_cfa_register	r9
 	sub		\$0x280+$xframe,%rsp
 	and		\$-32,%rsp
 ___
@@ -1772,8 +1798,10 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	lea		(%r9),%rsp
+.cfi_def_cfa_register	rsp
 .L8x_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_8x,.-ChaCha20_8x
 ___
 }
@@ -1811,7 +1839,9 @@ $code.=<<___;
 .align	32
 ChaCha20_avx512:
 .LChaCha20_avx512:
+.cfi_startproc
 	mov	%rsp,%r9		# frame pointer
+.cfi_def_cfa_register	r9
 	cmp	\$512,$len
 	ja	.LChaCha20_16x

@@ -1991,8 +2021,10 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	lea	(%r9),%rsp
+.cfi_def_cfa_register	rsp
 .Lavx512_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_avx512,.-ChaCha20_avx512
 ___
 }
@@ -2075,7 +2107,9 @@ $code.=<<___;
 .align	32
 ChaCha20_16x:
 .LChaCha20_16x:
+.cfi_startproc
 	mov		%rsp,%r9		# frame register
+.cfi_def_cfa_register	r9
 	sub		\$64+$xframe,%rsp
 	and		\$-64,%rsp
 ___
@@ -2493,8 +2527,10 @@ $code.=<<___	if ($win64);
 ___
 $code.=<<___;
 	lea		(%r9),%rsp
+.cfi_def_cfa_register	rsp
 .L16x_epilogue:
 	ret
+.cfi_endproc
 .size	ChaCha20_16x,.-ChaCha20_16x
 ___
 }
@@ -2746,4 +2782,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }

-close STDOUT;
+close STDOUT or die "error closing STDOUT";
@@ -22,19 +22,49 @@
 #include <openssl/cpu.h>

 #include "../internal.h"
+#include "internal.h"


 #define U8TO32_LITTLE(p)                              \
  (((uint32_t)((p)[0])) | ((uint32_t)((p)[1]) << 8) | \
   ((uint32_t)((p)[2]) << 16) | ((uint32_t)((p)[3]) << 24))

-#if !defined(OPENSSL_NO_ASM) &&                         \
-    (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
-     defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
+// sigma contains the ChaCha constants, which happen to be an ASCII string.
+static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
+                                   '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };

-// ChaCha20_ctr32 is defined in asm/chacha-*.pl.
-void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len,
-                    const uint32_t key[8], const uint32_t counter[4]);
+#define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
+
+// QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round.
+#define QUARTERROUND(a, b, c, d)                \
+  x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \
+  x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \
+  x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a],  8); \
+  x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c],  7);
+
+void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32],
+                      const uint8_t nonce[16]) {
+  uint32_t x[16];
+  OPENSSL_memcpy(x, sigma, sizeof(sigma));
+  OPENSSL_memcpy(&x[4], key, 32);
+  OPENSSL_memcpy(&x[12], nonce, 16);
+
+  for (size_t i = 0; i < 20; i += 2) {
+    QUARTERROUND(0, 4, 8, 12)
+    QUARTERROUND(1, 5, 9, 13)
+    QUARTERROUND(2, 6, 10, 14)
+    QUARTERROUND(3, 7, 11, 15)
+    QUARTERROUND(0, 5, 10, 15)
+    QUARTERROUND(1, 6, 11, 12)
+    QUARTERROUND(2, 7, 8, 13)
+    QUARTERROUND(3, 4, 9, 14)
+  }
+
+  OPENSSL_memcpy(out, &x[0], sizeof(uint32_t) * 4);
+  OPENSSL_memcpy(&out[16], &x[12], sizeof(uint32_t) * 4);
+}
+
+#if defined(CHACHA20_ASM)

 void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
                      const uint8_t key[32], const uint8_t nonce[12],
@@ -69,12 +99,6 @@ void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,

 #else

-// sigma contains the ChaCha constants, which happen to be an ASCII string.
-static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
-                                   '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
-
-#define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
-
 #define U32TO8_LITTLE(p, v)    \
  {                            \
    (p)[0] = (v >> 0) & 0xff;  \
@@ -83,13 +107,6 @@ static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
    (p)[3] = (v >> 24) & 0xff; \
  }

-// QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round.
-#define QUARTERROUND(a, b, c, d)                \
-  x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \
-  x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \
-  x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a],  8); \
-  x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c],  7);
-
 // chacha_core performs 20 rounds of ChaCha on the input words in
 // |input| and writes the 64 output bytes to |output|.
 static void chacha_core(uint8_t output[64], const uint32_t input[16]) {
@@ -23,7 +23,9 @@
 #include <openssl/crypto.h>
 #include <openssl/chacha.h>

+#include "internal.h"
 #include "../internal.h"
+#include "../test/abi_test.h"
 #include "../test/test_util.h"


@@ -234,3 +236,25 @@ TEST(ChaChaTest, TestVector) {
    EXPECT_EQ(Bytes(kOutput, len), Bytes(buf.get(), len));
  }
 }
+
+#if defined(CHACHA20_ASM) && defined(SUPPORTS_ABI_TEST)
+TEST(ChaChaTest, ABI) {
+  uint32_t key[8];
+  OPENSSL_memcpy(key, kKey, sizeof(key));
+
+  static const uint32_t kCounterNonce[4] = {0};
+
+  std::unique_ptr<uint8_t[]> buf(new uint8_t[sizeof(kInput)]);
+  for (size_t len = 0; len <= 32; len++) {
+    SCOPED_TRACE(len);
+    CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len, key, kCounterNonce);
+  }
+
+  for (size_t len : {32 * 2, 32 * 4, 32 * 8, 32 * 16, 32 * 24}) {
+    SCOPED_TRACE(len);
+    CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len, key, kCounterNonce);
+    // Cover the partial block paths.
+    CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len + 15, key, kCounterNonce);
+  }
+}
+#endif  // CHACHA20_ASM && SUPPORTS_ABI_TEST
@@ -0,0 +1,45 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CHACHA_INTERNAL
+#define OPENSSL_HEADER_CHACHA_INTERNAL
+
+#include <openssl/base.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+// CRYPTO_hchacha20 computes the HChaCha20 function, which should only be used
+// as part of XChaCha20.
+void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32],
+                      const uint8_t nonce[16]);
+
+#if !defined(OPENSSL_NO_ASM) &&                         \
+    (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
+     defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
+#define CHACHA20_ASM
+
+// ChaCha20_ctr32 is defined in asm/chacha-*.pl.
+void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len,
+                    const uint32_t key[8], const uint32_t counter[4]);
+#endif
+
+
+#if defined(__cplusplus)
+}  // extern C
+#endif
+
+#endif  // OPENSSL_HEADER_CHACHA_INTERNAL
@@ -1,35 +0,0 @@
-include_directories(../../include)
-
-if (${ARCH} STREQUAL "x86_64")
-  set(
-    CIPHER_ARCH_SOURCES
-
-    aes128gcmsiv-x86_64.${ASM_EXT}
-    chacha20_poly1305_x86_64.${ASM_EXT}
-  )
-endif()
-
-add_library(
-  cipher_extra
-
-  OBJECT
-
-  cipher_extra.c
-  derive_key.c
-
-  e_null.c
-  e_rc2.c
-  e_rc4.c
-  e_aesgcmsiv.c
-  e_aesctrhmac.c
-  e_aesccm.c
-  e_chacha20poly1305.c
-
-  tls_cbc.c
-  e_tls.c
-
-  ${CIPHER_ARCH_SOURCES}
-)
-
-perlasm(aes128gcmsiv-x86_64.${ASM_EXT} asm/aes128gcmsiv-x86_64.pl)
-perlasm(chacha20_poly1305_x86_64.${ASM_EXT} asm/chacha20_poly1305_x86_64.pl)
@@ -25,6 +25,7 @@

 #include "../fipsmodule/cipher/internal.h"
 #include "../internal.h"
+#include "../test/abi_test.h"
 #include "../test/file_test.h"
 #include "../test/test_util.h"
 #include "../test/wycheproof_util.h"
@@ -36,62 +37,66 @@ struct KnownAEAD {
  const char *test_vectors;
  // limited_implementation indicates that tests that assume a generic AEAD
  // interface should not be performed. For example, the key-wrap AEADs only
-  // handle inputs that are a multiple of eight bytes in length and the
-  // SSLv3/TLS AEADs have the concept of “direction”.
+  // handle inputs that are a multiple of eight bytes in length and the TLS CBC
+  // AEADs have the concept of “direction”.
  bool limited_implementation;
  // truncated_tags is true if the AEAD supports truncating tags to arbitrary
  // lengths.
  bool truncated_tags;
+  // variable_nonce is true if the AEAD supports a variable nonce length.
+  bool variable_nonce;
  // ad_len, if non-zero, is the required length of the AD.
  size_t ad_len;
 };

 static const struct KnownAEAD kAEADs[] = {
    {"AES_128_GCM", EVP_aead_aes_128_gcm, "aes_128_gcm_tests.txt", false, true,
-     0},
+     true, 0},
    {"AES_128_GCM_NIST", EVP_aead_aes_128_gcm, "nist_cavp/aes_128_gcm.txt",
-     false, true, 0},
+     false, true, true, 0},
+    {"AES_192_GCM", EVP_aead_aes_192_gcm, "aes_192_gcm_tests.txt", false, true,
+     true, 0},
    {"AES_256_GCM", EVP_aead_aes_256_gcm, "aes_256_gcm_tests.txt", false, true,
-     0},
+     true, 0},
    {"AES_256_GCM_NIST", EVP_aead_aes_256_gcm, "nist_cavp/aes_256_gcm.txt",
-     false, true, 0},
-#if !defined(OPENSSL_SMALL)
+     false, true, true, 0},
    {"AES_128_GCM_SIV", EVP_aead_aes_128_gcm_siv, "aes_128_gcm_siv_tests.txt",
-     false, false, 0},
+     false, false, false, 0},
    {"AES_256_GCM_SIV", EVP_aead_aes_256_gcm_siv, "aes_256_gcm_siv_tests.txt",
-     false, false, 0},
-#endif
+     false, false, false, 0},
    {"ChaCha20Poly1305", EVP_aead_chacha20_poly1305,
-     "chacha20_poly1305_tests.txt", false, true, 0},
+     "chacha20_poly1305_tests.txt", false, true, false, 0},
+    {"XChaCha20Poly1305", EVP_aead_xchacha20_poly1305,
+     "xchacha20_poly1305_tests.txt", false, true, false, 0},
    {"AES_128_CBC_SHA1_TLS", EVP_aead_aes_128_cbc_sha1_tls,
-     "aes_128_cbc_sha1_tls_tests.txt", true, false, 11},
+     "aes_128_cbc_sha1_tls_tests.txt", true, false, false, 11},
    {"AES_128_CBC_SHA1_TLSImplicitIV",
     EVP_aead_aes_128_cbc_sha1_tls_implicit_iv,
-     "aes_128_cbc_sha1_tls_implicit_iv_tests.txt", true, false, 11},
+     "aes_128_cbc_sha1_tls_implicit_iv_tests.txt", true, false, false, 11},
    {"AES_128_CBC_SHA256_TLS", EVP_aead_aes_128_cbc_sha256_tls,
-     "aes_128_cbc_sha256_tls_tests.txt", true, false, 11},
+     "aes_128_cbc_sha256_tls_tests.txt", true, false, false, 11},
    {"AES_256_CBC_SHA1_TLS", EVP_aead_aes_256_cbc_sha1_tls,
-     "aes_256_cbc_sha1_tls_tests.txt", true, false, 11},
+     "aes_256_cbc_sha1_tls_tests.txt", true, false, false, 11},
    {"AES_256_CBC_SHA1_TLSImplicitIV",
     EVP_aead_aes_256_cbc_sha1_tls_implicit_iv,
-     "aes_256_cbc_sha1_tls_implicit_iv_tests.txt", true, false, 11},
+     "aes_256_cbc_sha1_tls_implicit_iv_tests.txt", true, false, false, 11},
    {"AES_256_CBC_SHA256_TLS", EVP_aead_aes_256_cbc_sha256_tls,
-     "aes_256_cbc_sha256_tls_tests.txt", true, false, 11},
+     "aes_256_cbc_sha256_tls_tests.txt", true, false, false, 11},
    {"AES_256_CBC_SHA384_TLS", EVP_aead_aes_256_cbc_sha384_tls,
-     "aes_256_cbc_sha384_tls_tests.txt", true, false, 11},
+     "aes_256_cbc_sha384_tls_tests.txt", true, false, false, 11},
    {"DES_EDE3_CBC_SHA1_TLS", EVP_aead_des_ede3_cbc_sha1_tls,
-     "des_ede3_cbc_sha1_tls_tests.txt", true, false, 11},
+     "des_ede3_cbc_sha1_tls_tests.txt", true, false, false, 11},
    {"DES_EDE3_CBC_SHA1_TLSImplicitIV",
     EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv,
-     "des_ede3_cbc_sha1_tls_implicit_iv_tests.txt", true, false, 11},
+     "des_ede3_cbc_sha1_tls_implicit_iv_tests.txt", true, false, false, 11},
    {"AES_128_CTR_HMAC_SHA256", EVP_aead_aes_128_ctr_hmac_sha256,
-     "aes_128_ctr_hmac_sha256.txt", false, true, 0},
+     "aes_128_ctr_hmac_sha256.txt", false, true, false, 0},
    {"AES_256_CTR_HMAC_SHA256", EVP_aead_aes_256_ctr_hmac_sha256,
-     "aes_256_ctr_hmac_sha256.txt", false, true, 0},
+     "aes_256_ctr_hmac_sha256.txt", false, true, false, 0},
    {"AES_128_CCM_BLUETOOTH", EVP_aead_aes_128_ccm_bluetooth,
-     "aes_128_ccm_bluetooth_tests.txt", false, false, 0},
+     "aes_128_ccm_bluetooth_tests.txt", false, false, false, 0},
    {"AES_128_CCM_BLUETOOTH_8", EVP_aead_aes_128_ccm_bluetooth_8,
-     "aes_128_ccm_bluetooth_8_tests.txt", false, false, 0},
+     "aes_128_ccm_bluetooth_8_tests.txt", false, false, false, 0},
 };

 class PerAEADTest : public testing::TestWithParam<KnownAEAD> {
@@ -99,9 +104,9 @@ class PerAEADTest : public testing::TestWithParam<KnownAEAD> {
  const EVP_AEAD *aead() { return GetParam().func(); }
 };

-INSTANTIATE_TEST_CASE_P(, PerAEADTest, testing::ValuesIn(kAEADs),
-                        [](const testing::TestParamInfo<KnownAEAD> &params)
-                            -> std::string { return params.param.name; });
+INSTANTIATE_TEST_SUITE_P(All, PerAEADTest, testing::ValuesIn(kAEADs),
+                         [](const testing::TestParamInfo<KnownAEAD> &params)
+                             -> std::string { return params.param.name; });

 // Tests an AEAD against a series of test vectors from a file, using the
 // FileTest format. As an example, here's a valid test case:
@@ -538,10 +543,10 @@ TEST_P(PerAEADTest, AliasedBuffers) {
 }

 TEST_P(PerAEADTest, UnalignedInput) {
-  alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
-  alignas(64) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
-  alignas(64) uint8_t plaintext[32 + 1];
-  alignas(64) uint8_t ad[32 + 1];
+  alignas(16) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
+  alignas(16) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
+  alignas(16) uint8_t plaintext[32 + 1];
+  alignas(16) uint8_t ad[32 + 1];
  OPENSSL_memset(key, 'K', sizeof(key));
  OPENSSL_memset(nonce, 'N', sizeof(nonce));
  OPENSSL_memset(plaintext, 'P', sizeof(plaintext));
@@ -559,7 +564,7 @@ TEST_P(PerAEADTest, UnalignedInput) {
  ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
      ctx.get(), aead(), key + 1, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH,
      evp_aead_seal));
-  alignas(64) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
+  alignas(16) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
  size_t ciphertext_len;
  ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), ciphertext + 1, &ciphertext_len,
                                sizeof(ciphertext) - 1, nonce + 1, nonce_len,
@@ -567,7 +572,7 @@ TEST_P(PerAEADTest, UnalignedInput) {
                                ad_len));

  // It must successfully decrypt.
-  alignas(64) uint8_t out[sizeof(ciphertext)];
+  alignas(16) uint8_t out[sizeof(ciphertext)];
  ctx.Reset();
  ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
      ctx.get(), aead(), key + 1, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH,
@@ -581,7 +586,7 @@ TEST_P(PerAEADTest, UnalignedInput) {
 }

 TEST_P(PerAEADTest, Overflow) {
-  alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
+  uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
  OPENSSL_memset(key, 'K', sizeof(key));

  bssl::ScopedEVP_AEAD_CTX ctx;
@@ -605,52 +610,146 @@ TEST_P(PerAEADTest, Overflow) {
  // as the input.)
 }

-// Test that EVP_aead_aes_128_gcm and EVP_aead_aes_256_gcm reject empty nonces.
-// AES-GCM is not defined for those.
-TEST(AEADTest, AESGCMEmptyNonce) {
-  static const uint8_t kZeros[32] = {0};
+TEST_P(PerAEADTest, InvalidNonceLength) {
+  size_t valid_nonce_len = EVP_AEAD_nonce_length(aead());
+  std::vector<size_t> nonce_lens;
+  if (valid_nonce_len != 0) {
+    // Other than the implicit IV TLS "AEAD"s, none of our AEADs allow empty
+    // nonces. In particular, although AES-GCM was incorrectly specified with
+    // variable-length nonces, it does not allow the empty nonce.
+    nonce_lens.push_back(0);
+  }
+  if (!GetParam().variable_nonce) {
+    nonce_lens.push_back(valid_nonce_len + 1);
+    if (valid_nonce_len != 0) {
+      nonce_lens.push_back(valid_nonce_len - 1);
+    }
+  }

-  // Test AES-128-GCM.
-  uint8_t buf[16];
-  size_t len;
-  bssl::ScopedEVP_AEAD_CTX ctx;
-  ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), EVP_aead_aes_128_gcm(), kZeros, 16,
-                                EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr));
+  static const uint8_t kZeros[EVP_AEAD_MAX_KEY_LENGTH] = {0};
+  const size_t ad_len = GetParam().ad_len != 0 ? GetParam().ad_len : 16;
+  ASSERT_LE(ad_len, sizeof(kZeros));

-  EXPECT_FALSE(EVP_AEAD_CTX_seal(ctx.get(), buf, &len, sizeof(buf),
-                                 nullptr /* nonce */, 0, nullptr /* in */, 0,
-                                 nullptr /* ad */, 0));
-  uint32_t err = ERR_get_error();
-  EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
-  EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
+  for (size_t nonce_len : nonce_lens) {
+    SCOPED_TRACE(nonce_len);
+    uint8_t buf[256];
+    size_t len;
+    std::vector<uint8_t> nonce(nonce_len);
+    bssl::ScopedEVP_AEAD_CTX ctx;
+    ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
+        ctx.get(), aead(), kZeros, EVP_AEAD_key_length(aead()),
+        EVP_AEAD_DEFAULT_TAG_LENGTH, evp_aead_seal));

-  EXPECT_FALSE(EVP_AEAD_CTX_open(ctx.get(), buf, &len, sizeof(buf),
-                                 nullptr /* nonce */, 0, kZeros /* in */,
-                                 sizeof(kZeros), nullptr /* ad */, 0));
-  err = ERR_get_error();
-  EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
-  EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
+    EXPECT_FALSE(EVP_AEAD_CTX_seal(ctx.get(), buf, &len, sizeof(buf),
+                                   nonce.data(), nonce.size(), nullptr /* in */,
+                                   0, kZeros /* ad */, ad_len));
+    uint32_t err = ERR_get_error();
+    EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
+    // TODO(davidben): Merge these errors. https://crbug.com/boringssl/129.
+    if (ERR_GET_REASON(err) != CIPHER_R_UNSUPPORTED_NONCE_SIZE) {
+      EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
+    }

-  // Test AES-256-GCM.
-  ctx.Reset();
-  ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), EVP_aead_aes_256_gcm(), kZeros, 32,
-                                EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr));
-
-  EXPECT_FALSE(EVP_AEAD_CTX_seal(ctx.get(), buf, &len, sizeof(buf),
-                                 nullptr /* nonce */, 0, nullptr /* in */, 0,
-                                 nullptr /* ad */, 0));
-  err = ERR_get_error();
-  EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
-  EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
-
-  EXPECT_FALSE(EVP_AEAD_CTX_open(ctx.get(), buf, &len, sizeof(buf),
-                                 nullptr /* nonce */, 0, kZeros /* in */,
-                                 sizeof(kZeros), nullptr /* ad */, 0));
-  err = ERR_get_error();
-  EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
-  EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
+    ctx.Reset();
+    ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
+        ctx.get(), aead(), kZeros, EVP_AEAD_key_length(aead()),
+        EVP_AEAD_DEFAULT_TAG_LENGTH, evp_aead_open));
+    EXPECT_FALSE(EVP_AEAD_CTX_open(ctx.get(), buf, &len, sizeof(buf),
+                                   nonce.data(), nonce.size(), kZeros /* in */,
+                                   sizeof(kZeros), kZeros /* ad */, ad_len));
+    err = ERR_get_error();
+    EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
+    if (ERR_GET_REASON(err) != CIPHER_R_UNSUPPORTED_NONCE_SIZE) {
+      EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
+    }
+  }
 }

+#if defined(SUPPORTS_ABI_TEST)
+// CHECK_ABI can't pass enums, i.e. |evp_aead_seal| and |evp_aead_open|. Thus
+// these two wrappers.
+static int aead_ctx_init_for_seal(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
+                                  const uint8_t *key, size_t key_len) {
+  return EVP_AEAD_CTX_init_with_direction(ctx, aead, key, key_len, 0,
+                                          evp_aead_seal);
+}
+
+static int aead_ctx_init_for_open(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
+                                  const uint8_t *key, size_t key_len) {
+  return EVP_AEAD_CTX_init_with_direction(ctx, aead, key, key_len, 0,
+                                          evp_aead_open);
+}
+
+// CHECK_ABI can pass, at most, eight arguments. Thus these wrappers that
+// figure out the output length from the input length, and take the nonce length
+// from the configuration of the AEAD.
+static int aead_ctx_seal(EVP_AEAD_CTX *ctx, uint8_t *out_ciphertext,
+                         size_t *out_ciphertext_len, const uint8_t *nonce,
+                         const uint8_t *plaintext, size_t plaintext_len,
+                         const uint8_t *ad, size_t ad_len) {
+  const size_t nonce_len = EVP_AEAD_nonce_length(EVP_AEAD_CTX_aead(ctx));
+  return EVP_AEAD_CTX_seal(ctx, out_ciphertext, out_ciphertext_len,
+                           plaintext_len + EVP_AEAD_MAX_OVERHEAD, nonce,
+                           nonce_len, plaintext, plaintext_len, ad, ad_len);
+}
+
+static int aead_ctx_open(EVP_AEAD_CTX *ctx, uint8_t *out_plaintext,
+                         size_t *out_plaintext_len, const uint8_t *nonce,
+                         const uint8_t *ciphertext, size_t ciphertext_len,
+                         const uint8_t *ad, size_t ad_len) {
+  const size_t nonce_len = EVP_AEAD_nonce_length(EVP_AEAD_CTX_aead(ctx));
+  return EVP_AEAD_CTX_open(ctx, out_plaintext, out_plaintext_len,
+                           ciphertext_len, nonce, nonce_len, ciphertext,
+                           ciphertext_len, ad, ad_len);
+}
+
+TEST_P(PerAEADTest, ABI) {
+  uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
+  OPENSSL_memset(key, 'K', sizeof(key));
+  const size_t key_len = EVP_AEAD_key_length(aead());
+  ASSERT_LE(key_len, sizeof(key));
+
+  bssl::ScopedEVP_AEAD_CTX ctx_seal;
+  ASSERT_TRUE(
+      CHECK_ABI(aead_ctx_init_for_seal, ctx_seal.get(), aead(), key, key_len));
+
+  bssl::ScopedEVP_AEAD_CTX ctx_open;
+  ASSERT_TRUE(
+      CHECK_ABI(aead_ctx_init_for_open, ctx_open.get(), aead(), key, key_len));
+
+  alignas(2) uint8_t plaintext[512];
+  OPENSSL_memset(plaintext, 'P', sizeof(plaintext));
+
+  alignas(2) uint8_t ad_buf[512];
+  OPENSSL_memset(ad_buf, 'A', sizeof(ad_buf));
+  const uint8_t *const ad = ad_buf + 1;
+  ASSERT_LE(GetParam().ad_len, sizeof(ad_buf) - 1);
+  const size_t ad_len =
+      GetParam().ad_len != 0 ? GetParam().ad_len : sizeof(ad_buf) - 1;
+
+  uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
+  const size_t nonce_len = EVP_AEAD_nonce_length(aead());
+  ASSERT_LE(nonce_len, sizeof(nonce));
+
+  alignas(2) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD + 1];
+  size_t ciphertext_len;
+  // Knock plaintext, ciphertext, and AD off alignment and give odd lengths for
+  // plaintext and AD. This hopefully triggers any edge-cases in the assembly.
+  ASSERT_TRUE(CHECK_ABI(aead_ctx_seal, ctx_seal.get(), ciphertext + 1,
+                        &ciphertext_len, nonce, plaintext + 1,
+                        sizeof(plaintext) - 1, ad, ad_len));
+
+  alignas(2) uint8_t plaintext2[sizeof(ciphertext) + 1];
+  size_t plaintext2_len;
+  ASSERT_TRUE(CHECK_ABI(aead_ctx_open, ctx_open.get(), plaintext2 + 1,
+                        &plaintext2_len, nonce, ciphertext + 1, ciphertext_len,
+                        ad, ad_len));
+
+  EXPECT_EQ(Bytes(plaintext + 1, sizeof(plaintext) - 1),
+            Bytes(plaintext2 + 1, plaintext2_len));
+}
+#endif  // SUPPORTS_ABI_TEST
+
 TEST(AEADTest, AESCCMLargeAD) {
  static const std::vector<uint8_t> kKey(16, 'A');
  static const std::vector<uint8_t> kNonce(13, 'N');
@@ -715,8 +814,8 @@ static void RunWycheproofTestCase(FileTest *t, const EVP_AEAD *aead) {
  size_t out_len;
  // Wycheproof tags small AES-GCM IVs as "acceptable" and otherwise does not
  // use it in AEADs. Any AES-GCM IV that isn't 96 bits is absurd, but our API
-  // supports those, so we treat "acceptable" as "valid" here.
-  if (result != WycheproofResult::kInvalid) {
+  // supports those, so we treat SmallIv tests as valid.
+  if (result.IsValid({"SmallIv"})) {
    // Decryption should succeed.
    ASSERT_TRUE(EVP_AEAD_CTX_open(ctx.get(), out.data(), &out_len, out.size(),
                                  iv.data(), iv.size(), ct_and_tag.data(),
@@ -790,9 +889,8 @@ TEST(AEADTest, WycheproofAESGCM) {
        aead = EVP_aead_aes_128_gcm();
        break;
      case 192:
-        // Skip AES-192-GCM tests.
-        t->SkipCurrent();
-        return;
+        aead = EVP_aead_aes_192_gcm();
+        break;
      case 256:
        aead = EVP_aead_aes_256_gcm();
        break;
@@ -811,3 +909,12 @@ TEST(AEADTest, WycheproofChaCha20Poly1305) {
    RunWycheproofTestCase(t, EVP_aead_chacha20_poly1305());
  });
 }
+
+TEST(AEADTest, WycheproofXChaCha20Poly1305) {
+  FileTestGTest(
+      "third_party/wycheproof_testvectors/xchacha20_poly1305_test.txt",
+      [](FileTest *t) {
+        t->IgnoreInstruction("keySize");
+        RunWycheproofTestCase(t, EVP_aead_xchacha20_poly1305());
+      });
+}
@@ -2253,4 +2253,4 @@ aes256gcmsiv_kdf();

 print $code;

-close STDOUT;
+close STDOUT or die "error closing STDOUT";
@@ -1273,7 +1273,7 @@ do_length_block:\n";
    pop %rbp
 .cfi_adjust_cfa_offset -8
    ret
-.cfi_adjust_cfa_offset (8 * 6) + 288 + 32
+.cfi_adjust_cfa_offset (8 * 7) + 288 + 32
 ################################################################################
 seal_sse_128:
    movdqu .chacha20_consts(%rip), $A0\nmovdqa $A0, $A1\nmovdqa $A0, $A2
@@ -2478,6 +2478,7 @@ if (!$win64) {
  print $code;
 } else {
  print <<___;
+.text
 .globl dummy_chacha20_poly1305_asm
 .type dummy_chacha20_poly1305_asm,\@abi-omnipotent
 dummy_chacha20_poly1305_asm:
@@ -2485,4 +2486,4 @@ dummy_chacha20_poly1305_asm:
 ___
 }

-close STDOUT;
+close STDOUT or die "error closing STDOUT";
@@ -129,6 +129,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
    return EVP_aes_192_ofb();
  } else if (OPENSSL_strcasecmp(name, "aes-256-ofb") == 0) {
    return EVP_aes_256_ofb();
+  } else if (OPENSSL_strcasecmp(name, "des-ecb") == 0) {
+    return EVP_des_ecb();
+  } else if (OPENSSL_strcasecmp(name, "des-ede") == 0) {
+    return EVP_des_ede();
+  } else if (OPENSSL_strcasecmp(name, "des-ede-cbc") == 0) {
+    return EVP_des_ede_cbc();
+  } else if (OPENSSL_strcasecmp(name, "rc2-cbc") == 0) {
+    return EVP_rc2_cbc();
  }

  return NULL;
@@ -61,8 +61,10 @@

 #include <gtest/gtest.h>

+#include <openssl/aes.h>
 #include <openssl/cipher.h>
 #include <openssl/err.h>
+#include <openssl/nid.h>
 #include <openssl/span.h>

 #include "../test/file_test.h"
@@ -118,7 +120,8 @@ static const EVP_CIPHER *GetCipher(const std::string &name) {
 }

 static bool DoCipher(EVP_CIPHER_CTX *ctx, std::vector<uint8_t> *out,
-                     bssl::Span<const uint8_t> in, size_t chunk) {
+                     bssl::Span<const uint8_t> in, size_t chunk,
+                     bool in_place) {
  size_t max_out = in.size();
  if ((EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_NO_PADDING) == 0 &&
      EVP_CIPHER_CTX_encrypting(ctx)) {
@@ -126,6 +129,10 @@ static bool DoCipher(EVP_CIPHER_CTX *ctx, std::vector<uint8_t> *out,
    max_out += block_size - (max_out % block_size);
  }
  out->resize(max_out);
+  if (in_place) {
+    std::copy(in.begin(), in.end(), out->begin());
+    in = bssl::MakeConstSpan(out->data(), in.size());
+  }

  size_t total = 0;
  int len;
@@ -150,7 +157,8 @@ static bool DoCipher(EVP_CIPHER_CTX *ctx, std::vector<uint8_t> *out,
 }

 static void TestOperation(FileTest *t, const EVP_CIPHER *cipher, bool encrypt,
-                          size_t chunk_size, const std::vector<uint8_t> &key,
+                          bool copy, bool in_place, size_t chunk_size,
+                          const std::vector<uint8_t> &key,
                          const std::vector<uint8_t> &iv,
                          const std::vector<uint8_t> &plaintext,
                          const std::vector<uint8_t> &ciphertext,
@@ -167,46 +175,139 @@ static void TestOperation(FileTest *t, const EVP_CIPHER *cipher, bool encrypt,

  bool is_aead = EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE;

-  bssl::ScopedEVP_CIPHER_CTX ctx;
-  ASSERT_TRUE(EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr,
-                         encrypt ? 1 : 0));
+  bssl::ScopedEVP_CIPHER_CTX ctx1;
+  ASSERT_TRUE(EVP_CipherInit_ex(ctx1.get(), cipher, nullptr, nullptr, nullptr,
+                                encrypt ? 1 : 0));
  if (t->HasAttribute("IV")) {
    if (is_aead) {
-      ASSERT_TRUE(
-          EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, iv.size(), 0));
+      ASSERT_TRUE(EVP_CIPHER_CTX_ctrl(ctx1.get(), EVP_CTRL_AEAD_SET_IVLEN,
+                                      iv.size(), 0));
    } else {
-      ASSERT_EQ(iv.size(), EVP_CIPHER_CTX_iv_length(ctx.get()));
+      ASSERT_EQ(iv.size(), EVP_CIPHER_CTX_iv_length(ctx1.get()));
    }
  }
+
+  bssl::ScopedEVP_CIPHER_CTX ctx2;
+  EVP_CIPHER_CTX *ctx = ctx1.get();
+  if (copy) {
+    ASSERT_TRUE(EVP_CIPHER_CTX_copy(ctx2.get(), ctx1.get()));
+    ctx = ctx2.get();
+  }
+
  if (is_aead && !encrypt) {
-    ASSERT_TRUE(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, tag.size(),
+    ASSERT_TRUE(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag.size(),
                                    const_cast<uint8_t *>(tag.data())));
  }
  // The ciphers are run with no padding. For each of the ciphers we test, the
  // output size matches the input size.
  ASSERT_EQ(in->size(), out->size());
-  ASSERT_TRUE(EVP_CIPHER_CTX_set_key_length(ctx.get(), key.size()));
-  ASSERT_TRUE(EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key.data(),
-                                iv.data(), -1));
-  // Note: the deprecated |EVP_CIPHER|-based AES-GCM API is sensitive to whether
+  ASSERT_TRUE(EVP_CIPHER_CTX_set_key_length(ctx, key.size()));
+  ASSERT_TRUE(
+      EVP_CipherInit_ex(ctx, nullptr, nullptr, key.data(), iv.data(), -1));
+  // Note: the deprecated |EVP_CIPHER|-based AEAD API is sensitive to whether
  // parameters are NULL, so it is important to skip the |in| and |aad|
  // |EVP_CipherUpdate| calls when empty.
  if (!aad.empty()) {
    int unused;
    ASSERT_TRUE(
-        EVP_CipherUpdate(ctx.get(), nullptr, &unused, aad.data(), aad.size()));
+        EVP_CipherUpdate(ctx, nullptr, &unused, aad.data(), aad.size()));
  }
-  ASSERT_TRUE(EVP_CIPHER_CTX_set_padding(ctx.get(), 0));
+  ASSERT_TRUE(EVP_CIPHER_CTX_set_padding(ctx, 0));
  std::vector<uint8_t> result;
-  ASSERT_TRUE(DoCipher(ctx.get(), &result, *in, chunk_size));
+  ASSERT_TRUE(DoCipher(ctx, &result, *in, chunk_size, in_place));
  EXPECT_EQ(Bytes(*out), Bytes(result));
  if (encrypt && is_aead) {
    uint8_t rtag[16];
    ASSERT_LE(tag.size(), sizeof(rtag));
    ASSERT_TRUE(
-        EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, tag.size(), rtag));
+        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag.size(), rtag));
    EXPECT_EQ(Bytes(tag), Bytes(rtag, tag.size()));
  }
+
+  // Additionally test low-level AES mode APIs. Skip runs where |copy| because
+  // it does not apply.
+  if (!copy) {
+    int nid = EVP_CIPHER_nid(cipher);
+    bool is_ctr = nid == NID_aes_128_ctr || nid == NID_aes_192_ctr ||
+                  nid == NID_aes_256_ctr;
+    bool is_cbc = nid == NID_aes_128_cbc || nid == NID_aes_192_cbc ||
+                  nid == NID_aes_256_cbc;
+    bool is_ofb = nid == NID_aes_128_ofb128 || nid == NID_aes_192_ofb128 ||
+                  nid == NID_aes_256_ofb128;
+    if (is_ctr || is_cbc || is_ofb) {
+      AES_KEY aes;
+      if (encrypt || !is_cbc) {
+        ASSERT_EQ(0, AES_set_encrypt_key(key.data(), key.size() * 8, &aes));
+      } else {
+        ASSERT_EQ(0, AES_set_decrypt_key(key.data(), key.size() * 8, &aes));
+      }
+
+      // The low-level APIs all work in-place.
+      bssl::Span<const uint8_t> input = *in;
+      result.clear();
+      if (in_place) {
+        result = *in;
+        input = result;
+      } else {
+        result.resize(out->size());
+      }
+      bssl::Span<uint8_t> output = bssl::MakeSpan(result);
+      ASSERT_EQ(input.size(), output.size());
+
+      // The low-level APIs all use block-size IVs.
+      ASSERT_EQ(iv.size(), size_t{AES_BLOCK_SIZE});
+      uint8_t ivec[AES_BLOCK_SIZE];
+      OPENSSL_memcpy(ivec, iv.data(), iv.size());
+
+      if (is_ctr) {
+        unsigned num = 0;
+        uint8_t ecount_buf[AES_BLOCK_SIZE];
+        if (chunk_size == 0) {
+          AES_ctr128_encrypt(input.data(), output.data(), input.size(), &aes,
+                             ivec, ecount_buf, &num);
+        } else {
+          do {
+            size_t todo = std::min(input.size(), chunk_size);
+            AES_ctr128_encrypt(input.data(), output.data(), todo, &aes, ivec,
+                               ecount_buf, &num);
+            input = input.subspan(todo);
+            output = output.subspan(todo);
+          } while (!input.empty());
+        }
+        EXPECT_EQ(Bytes(*out), Bytes(result));
+      } else if (is_cbc && chunk_size % AES_BLOCK_SIZE == 0) {
+        // Note |AES_cbc_encrypt| requires block-aligned chunks.
+        if (chunk_size == 0) {
+          AES_cbc_encrypt(input.data(), output.data(), input.size(), &aes, ivec,
+                          encrypt);
+        } else {
+          do {
+            size_t todo = std::min(input.size(), chunk_size);
+            AES_cbc_encrypt(input.data(), output.data(), todo, &aes, ivec,
+                            encrypt);
+            input = input.subspan(todo);
+            output = output.subspan(todo);
+          } while (!input.empty());
+        }
+        EXPECT_EQ(Bytes(*out), Bytes(result));
+      } else if (is_ofb) {
+        int num = 0;
+        if (chunk_size == 0) {
+          AES_ofb128_encrypt(input.data(), output.data(), input.size(), &aes,
+                             ivec, &num);
+        } else {
+          do {
+            size_t todo = std::min(input.size(), chunk_size);
+            AES_ofb128_encrypt(input.data(), output.data(), todo, &aes, ivec,
+                               &num);
+            input = input.subspan(todo);
+            output = output.subspan(todo);
+          } while (!input.empty());
+        }
+        EXPECT_EQ(Bytes(*out), Bytes(result));
+      }
+    }
+  }
 }

 static void TestCipher(FileTest *t) {
@@ -248,17 +349,24 @@ static void TestCipher(FileTest *t) {

  for (size_t chunk_size : chunk_sizes) {
    SCOPED_TRACE(chunk_size);
-    // By default, both directions are run, unless overridden by the operation.
-    if (operation != kDecrypt) {
-      SCOPED_TRACE("encrypt");
-      TestOperation(t, cipher, true /* encrypt */, chunk_size, key, iv,
-                    plaintext, ciphertext, aad, tag);
-    }
+    for (bool copy : {false, true}) {
+      SCOPED_TRACE(copy);
+      for (bool in_place : {false, true}) {
+        SCOPED_TRACE(in_place);
+        // By default, both directions are run, unless overridden by the
+        // operation.
+        if (operation != kDecrypt) {
+          SCOPED_TRACE("encrypt");
+          TestOperation(t, cipher, true /* encrypt */, copy, in_place,
+                        chunk_size, key, iv, plaintext, ciphertext, aad, tag);
+        }

-    if (operation != kEncrypt) {
-      SCOPED_TRACE("decrypt");
-      TestOperation(t, cipher, false /* decrypt */, chunk_size, key, iv,
-                    plaintext, ciphertext, aad, tag);
+        if (operation != kEncrypt) {
+          SCOPED_TRACE("decrypt");
+          TestOperation(t, cipher, false /* decrypt */, copy, in_place,
+                        chunk_size, key, iv, plaintext, ciphertext, aad, tag);
+        }
+      }
    }
  }
 }
@@ -306,59 +414,63 @@ TEST(CipherTest, CAVP_TDES_ECB) {
 }

 TEST(CipherTest, WycheproofAESCBC) {
-  FileTestGTest("third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt",
-                [](FileTest *t) {
-    t->IgnoreInstruction("type");
-    t->IgnoreInstruction("ivSize");
+  FileTestGTest(
+      "third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt",
+      [](FileTest *t) {
+        t->IgnoreInstruction("type");
+        t->IgnoreInstruction("ivSize");

-    std::string key_size;
-    ASSERT_TRUE(t->GetInstruction(&key_size, "keySize"));
-    const EVP_CIPHER *cipher;
-    switch (atoi(key_size.c_str())) {
-      case 128:
-        cipher = EVP_aes_128_cbc();
-        break;
-      case 192:
-        cipher = EVP_aes_192_cbc();
-        break;
-      case 256:
-        cipher = EVP_aes_256_cbc();
-        break;
-      default:
-        FAIL() << "Unsupported key size: " << key_size;
-    }
+        std::string key_size;
+        ASSERT_TRUE(t->GetInstruction(&key_size, "keySize"));
+        const EVP_CIPHER *cipher;
+        switch (atoi(key_size.c_str())) {
+          case 128:
+            cipher = EVP_aes_128_cbc();
+            break;
+          case 192:
+            cipher = EVP_aes_192_cbc();
+            break;
+          case 256:
+            cipher = EVP_aes_256_cbc();
+            break;
+          default:
+            FAIL() << "Unsupported key size: " << key_size;
+        }

-    std::vector<uint8_t> key, iv, msg, ct;
-    ASSERT_TRUE(t->GetBytes(&key, "key"));
-    ASSERT_TRUE(t->GetBytes(&iv, "iv"));
-    ASSERT_TRUE(t->GetBytes(&msg, "msg"));
-    ASSERT_TRUE(t->GetBytes(&ct, "ct"));
-    ASSERT_EQ(EVP_CIPHER_key_length(cipher), key.size());
-    ASSERT_EQ(EVP_CIPHER_iv_length(cipher), iv.size());
-    WycheproofResult result;
-    ASSERT_TRUE(GetWycheproofResult(t, &result));
+        std::vector<uint8_t> key, iv, msg, ct;
+        ASSERT_TRUE(t->GetBytes(&key, "key"));
+        ASSERT_TRUE(t->GetBytes(&iv, "iv"));
+        ASSERT_TRUE(t->GetBytes(&msg, "msg"));
+        ASSERT_TRUE(t->GetBytes(&ct, "ct"));
+        ASSERT_EQ(EVP_CIPHER_key_length(cipher), key.size());
+        ASSERT_EQ(EVP_CIPHER_iv_length(cipher), iv.size());
+        WycheproofResult result;
+        ASSERT_TRUE(GetWycheproofResult(t, &result));

-    bssl::ScopedEVP_CIPHER_CTX ctx;
-    std::vector<uint8_t> out;
-    const std::vector<size_t> chunk_sizes = {0,  1,  2,  5,  7,  8,  9,  15, 16,
-                                             17, 31, 32, 33, 63, 64, 65, 512};
-    for (size_t chunk : chunk_sizes) {
-      SCOPED_TRACE(chunk);
-      if (result == WycheproofResult::kValid) {
-        ASSERT_TRUE(EVP_DecryptInit_ex(ctx.get(), cipher, nullptr, key.data(),
-                                       iv.data()));
-        ASSERT_TRUE(DoCipher(ctx.get(), &out, ct, chunk));
-        EXPECT_EQ(Bytes(msg), Bytes(out));
+        bssl::ScopedEVP_CIPHER_CTX ctx;
+        std::vector<uint8_t> out;
+        const std::vector<size_t> chunk_sizes = {
+            0, 1, 2, 5, 7, 8, 9, 15, 16, 17, 31, 32, 33, 63, 64, 65, 512};
+        for (size_t chunk : chunk_sizes) {
+          SCOPED_TRACE(chunk);
+          for (bool in_place : {false, true}) {
+            SCOPED_TRACE(in_place);
+            if (result.IsValid()) {
+              ASSERT_TRUE(EVP_DecryptInit_ex(ctx.get(), cipher, nullptr,
+                                             key.data(), iv.data()));
+              ASSERT_TRUE(DoCipher(ctx.get(), &out, ct, chunk, in_place));
+              EXPECT_EQ(Bytes(msg), Bytes(out));

-        ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), cipher, nullptr, key.data(),
-                                       iv.data()));
-        ASSERT_TRUE(DoCipher(ctx.get(), &out, msg, chunk));
-        EXPECT_EQ(Bytes(ct), Bytes(out));
-      } else {
-        ASSERT_TRUE(EVP_DecryptInit_ex(ctx.get(), cipher, nullptr, key.data(),
-                                       iv.data()));
-        EXPECT_FALSE(DoCipher(ctx.get(), &out, ct, chunk));
-      }
-    }
-  });
+              ASSERT_TRUE(EVP_EncryptInit_ex(ctx.get(), cipher, nullptr,
+                                             key.data(), iv.data()));
+              ASSERT_TRUE(DoCipher(ctx.get(), &out, msg, chunk, in_place));
+              EXPECT_EQ(Bytes(ct), Bytes(out));
+            } else {
+              ASSERT_TRUE(EVP_DecryptInit_ex(ctx.get(), cipher, nullptr,
+                                             key.data(), iv.data()));
+              EXPECT_FALSE(DoCipher(ctx.get(), &out, ct, chunk, in_place));
+            }
+          }
+        }
+      });
 }
@@ -86,7 +86,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
  EVP_MD_CTX_init(&c);
  for (;;) {
    if (!EVP_DigestInit_ex(&c, md, NULL)) {
-      return 0;
+      goto err;
    }
    if (addmd++) {
      if (!EVP_DigestUpdate(&c, md_buf, mds)) {
@@ -1,21 +1,56 @@
-/* Copyright (c) 2018, Google Inc.
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
 *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ==================================================================== */

 #include <openssl/aead.h>

 #include <assert.h>

+#include <openssl/cpu.h>
 #include <openssl/cipher.h>
 #include <openssl/err.h>
 #include <openssl/mem.h>
@@ -23,6 +58,213 @@
 #include "../fipsmodule/cipher/internal.h"


+struct ccm128_context {
+  block128_f block;
+  ctr128_f ctr;
+  unsigned M, L;
+};
+
+struct ccm128_state {
+  union {
+    uint64_t u[2];
+    uint8_t c[16];
+  } nonce, cmac;
+};
+
+static int CRYPTO_ccm128_init(struct ccm128_context *ctx, const AES_KEY *key,
+                              block128_f block, ctr128_f ctr, unsigned M,
+                              unsigned L) {
+  if (M < 4 || M > 16 || (M & 1) != 0 || L < 2 || L > 8) {
+    return 0;
+  }
+  ctx->block = block;
+  ctx->ctr = ctr;
+  ctx->M = M;
+  ctx->L = L;
+  return 1;
+}
+
+static size_t CRYPTO_ccm128_max_input(const struct ccm128_context *ctx) {
+  return ctx->L >= sizeof(size_t) ? (size_t)-1
+                                  : (((size_t)1) << (ctx->L * 8)) - 1;
+}
+
+static int ccm128_init_state(const struct ccm128_context *ctx,
+                             struct ccm128_state *state, const AES_KEY *key,
+                             const uint8_t *nonce, size_t nonce_len,
+                             const uint8_t *aad, size_t aad_len,
+                             size_t plaintext_len) {
+  const block128_f block = ctx->block;
+  const unsigned M = ctx->M;
+  const unsigned L = ctx->L;
+
+  // |L| determines the expected |nonce_len| and the limit for |plaintext_len|.
+  if (plaintext_len > CRYPTO_ccm128_max_input(ctx) ||
+      nonce_len != 15 - L) {
+    return 0;
+  }
+
+  // Assemble the first block for computing the MAC.
+  OPENSSL_memset(state, 0, sizeof(*state));
+  state->nonce.c[0] = (uint8_t)((L - 1) | ((M - 2) / 2) << 3);
+  if (aad_len != 0) {
+    state->nonce.c[0] |= 0x40;  // Set AAD Flag
+  }
+  OPENSSL_memcpy(&state->nonce.c[1], nonce, nonce_len);
+  for (unsigned i = 0; i < L; i++) {
+    state->nonce.c[15 - i] = (uint8_t)(plaintext_len >> (8 * i));
+  }
+
+  (*block)(state->nonce.c, state->cmac.c, key);
+  size_t blocks = 1;
+
+  if (aad_len != 0) {
+    unsigned i;
+    // Cast to u64 to avoid the compiler complaining about invalid shifts.
+    uint64_t aad_len_u64 = aad_len;
+    if (aad_len_u64 < 0x10000 - 0x100) {
+      state->cmac.c[0] ^= (uint8_t)(aad_len_u64 >> 8);
+      state->cmac.c[1] ^= (uint8_t)aad_len_u64;
+      i = 2;
+    } else if (aad_len_u64 <= 0xffffffff) {
+      state->cmac.c[0] ^= 0xff;
+      state->cmac.c[1] ^= 0xfe;
+      state->cmac.c[2] ^= (uint8_t)(aad_len_u64 >> 24);
+      state->cmac.c[3] ^= (uint8_t)(aad_len_u64 >> 16);
+      state->cmac.c[4] ^= (uint8_t)(aad_len_u64 >> 8);
+      state->cmac.c[5] ^= (uint8_t)aad_len_u64;
+      i = 6;
+    } else {
+      state->cmac.c[0] ^= 0xff;
+      state->cmac.c[1] ^= 0xff;
+      state->cmac.c[2] ^= (uint8_t)(aad_len_u64 >> 56);
+      state->cmac.c[3] ^= (uint8_t)(aad_len_u64 >> 48);
+      state->cmac.c[4] ^= (uint8_t)(aad_len_u64 >> 40);
+      state->cmac.c[5] ^= (uint8_t)(aad_len_u64 >> 32);
+      state->cmac.c[6] ^= (uint8_t)(aad_len_u64 >> 24);
+      state->cmac.c[7] ^= (uint8_t)(aad_len_u64 >> 16);
+      state->cmac.c[8] ^= (uint8_t)(aad_len_u64 >> 8);
+      state->cmac.c[9] ^= (uint8_t)aad_len_u64;
+      i = 10;
+    }
+
+    do {
+      for (; i < 16 && aad_len != 0; i++) {
+        state->cmac.c[i] ^= *aad;
+        aad++;
+        aad_len--;
+      }
+      (*block)(state->cmac.c, state->cmac.c, key);
+      blocks++;
+      i = 0;
+    } while (aad_len != 0);
+  }
+
+  // Per RFC 3610, section 2.6, the total number of block cipher operations done
+  // must not exceed 2^61. There are two block cipher operations remaining per
+  // message block, plus one block at the end to encrypt the MAC.
+  size_t remaining_blocks = 2 * ((plaintext_len + 15) / 16) + 1;
+  if (plaintext_len + 15 < plaintext_len ||
+      remaining_blocks + blocks < blocks ||
+      (uint64_t) remaining_blocks + blocks > UINT64_C(1) << 61) {
+    return 0;
+  }
+
+  // Assemble the first block for encrypting and decrypting. The bottom |L|
+  // bytes are replaced with a counter and all bit the encoding of |L| is
+  // cleared in the first byte.
+  state->nonce.c[0] &= 7;
+  return 1;
+}
+
+static int ccm128_encrypt(const struct ccm128_context *ctx,
+                          struct ccm128_state *state, const AES_KEY *key,
+                          uint8_t *out, const uint8_t *in, size_t len) {
+  // The counter for encryption begins at one.
+  for (unsigned i = 0; i < ctx->L; i++) {
+    state->nonce.c[15 - i] = 0;
+  }
+  state->nonce.c[15] = 1;
+
+  uint8_t partial_buf[16];
+  unsigned num = 0;
+  if (ctx->ctr != NULL) {
+    CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, state->nonce.c, partial_buf,
+                                &num, ctx->ctr);
+  } else {
+    CRYPTO_ctr128_encrypt(in, out, len, key, state->nonce.c, partial_buf, &num,
+                          ctx->block);
+  }
+  return 1;
+}
+
+static int ccm128_compute_mac(const struct ccm128_context *ctx,
+                              struct ccm128_state *state, const AES_KEY *key,
+                              uint8_t *out_tag, size_t tag_len,
+                              const uint8_t *in, size_t len) {
+  block128_f block = ctx->block;
+  if (tag_len != ctx->M) {
+    return 0;
+  }
+
+  // Incorporate |in| into the MAC.
+  union {
+    uint64_t u[2];
+    uint8_t c[16];
+  } tmp;
+  while (len >= 16) {
+    OPENSSL_memcpy(tmp.c, in, 16);
+    state->cmac.u[0] ^= tmp.u[0];
+    state->cmac.u[1] ^= tmp.u[1];
+    (*block)(state->cmac.c, state->cmac.c, key);
+    in += 16;
+    len -= 16;
+  }
+  if (len > 0) {
+    for (size_t i = 0; i < len; i++) {
+      state->cmac.c[i] ^= in[i];
+    }
+    (*block)(state->cmac.c, state->cmac.c, key);
+  }
+
+  // Encrypt the MAC with counter zero.
+  for (unsigned i = 0; i < ctx->L; i++) {
+    state->nonce.c[15 - i] = 0;
+  }
+  (*block)(state->nonce.c, tmp.c, key);
+  state->cmac.u[0] ^= tmp.u[0];
+  state->cmac.u[1] ^= tmp.u[1];
+
+  OPENSSL_memcpy(out_tag, state->cmac.c, tag_len);
+  return 1;
+}
+
+static int CRYPTO_ccm128_encrypt(const struct ccm128_context *ctx,
+                                 const AES_KEY *key, uint8_t *out,
+                                 uint8_t *out_tag, size_t tag_len,
+                                 const uint8_t *nonce, size_t nonce_len,
+                                 const uint8_t *in, size_t len,
+                                 const uint8_t *aad, size_t aad_len) {
+  struct ccm128_state state;
+  return ccm128_init_state(ctx, &state, key, nonce, nonce_len, aad, aad_len,
+                           len) &&
+         ccm128_compute_mac(ctx, &state, key, out_tag, tag_len, in, len) &&
+         ccm128_encrypt(ctx, &state, key, out, in, len);
+}
+
+static int CRYPTO_ccm128_decrypt(const struct ccm128_context *ctx,
+                                 const AES_KEY *key, uint8_t *out,
+                                 uint8_t *out_tag, size_t tag_len,
+                                 const uint8_t *nonce, size_t nonce_len,
+                                 const uint8_t *in, size_t len,
+                                 const uint8_t *aad, size_t aad_len) {
+  struct ccm128_state state;
+  return ccm128_init_state(ctx, &state, key, nonce, nonce_len, aad, aad_len,
+                           len) &&
+         ccm128_encrypt(ctx, &state, key, out, in, len) &&
+         ccm128_compute_mac(ctx, &state, key, out_tag, tag_len, out, len);
+}
+
 #define EVP_AEAD_AES_CCM_MAX_TAG_LEN 16

 struct aead_aes_ccm_ctx {
@@ -30,9 +272,18 @@ struct aead_aes_ccm_ctx {
    double align;
    AES_KEY ks;
  } ks;
-  CCM128_CONTEXT ccm;
+  struct ccm128_context ccm;
 };

+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                          sizeof(struct aead_aes_ccm_ctx),
+                      "AEAD state is too small");
+#if defined(__GNUC__) || defined(__clang__)
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+                          alignof(struct aead_aes_ccm_ctx),
+                      "AEAD state has insufficient alignment");
+#endif
+
 static int aead_aes_ccm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                             size_t key_len, size_t tag_len, unsigned M,
                             unsigned L) {
@@ -54,36 +305,28 @@ static int aead_aes_ccm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
    return 0;
  }

-  struct aead_aes_ccm_ctx *ccm_ctx =
-      OPENSSL_malloc(sizeof(struct aead_aes_ccm_ctx));
-  if (ccm_ctx == NULL) {
-    OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
-    return 0;
-  }
+  struct aead_aes_ccm_ctx *ccm_ctx = (struct aead_aes_ccm_ctx *)&ctx->state;

  block128_f block;
  ctr128_f ctr = aes_ctr_set_key(&ccm_ctx->ks.ks, NULL, &block, key, key_len);
  ctx->tag_len = tag_len;
  if (!CRYPTO_ccm128_init(&ccm_ctx->ccm, &ccm_ctx->ks.ks, block, ctr, M, L)) {
    OPENSSL_PUT_ERROR(CIPHER, ERR_R_INTERNAL_ERROR);
-    OPENSSL_free(ccm_ctx);
    return 0;
  }

-  ctx->aead_state = ccm_ctx;
  return 1;
 }

-static void aead_aes_ccm_cleanup(EVP_AEAD_CTX *ctx) {
-  OPENSSL_free(ctx->aead_state);
-}
+static void aead_aes_ccm_cleanup(EVP_AEAD_CTX *ctx) {}

 static int aead_aes_ccm_seal_scatter(
    const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
    size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
    size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
-  const struct aead_aes_ccm_ctx *ccm_ctx = ctx->aead_state;
+  const struct aead_aes_ccm_ctx *ccm_ctx =
+      (struct aead_aes_ccm_ctx *)&ctx->state;

  if (in_len > CRYPTO_ccm128_max_input(&ccm_ctx->ccm)) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
@@ -116,7 +359,8 @@ static int aead_aes_ccm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
                                    const uint8_t *in, size_t in_len,
                                    const uint8_t *in_tag, size_t in_tag_len,
                                    const uint8_t *ad, size_t ad_len) {
-  const struct aead_aes_ccm_ctx *ccm_ctx = ctx->aead_state;
+  const struct aead_aes_ccm_ctx *ccm_ctx =
+      (struct aead_aes_ccm_ctx *)&ctx->state;

  if (in_len > CRYPTO_ccm128_max_input(&ccm_ctx->ccm)) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
@@ -35,6 +35,15 @@ struct aead_aes_ctr_hmac_sha256_ctx {
  SHA256_CTX outer_init_state;
 };

+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                          sizeof(struct aead_aes_ctr_hmac_sha256_ctx),
+                      "AEAD state is too small");
+#if defined(__GNUC__) || defined(__clang__)
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+                          alignof(struct aead_aes_ctr_hmac_sha256_ctx),
+                      "AEAD state has insufficient alignment");
+#endif
+
 static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer,
                      const uint8_t hmac_key[32]) {
  static const size_t hmac_key_len = 32;
@@ -61,7 +70,8 @@ static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer,

 static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                         size_t key_len, size_t tag_len) {
-  struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx;
+  struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx =
+      (struct aead_aes_ctr_hmac_sha256_ctx *)&ctx->state;
  static const size_t hmac_key_len = 32;

  if (key_len < hmac_key_len) {
@@ -84,26 +94,16 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
    return 0;
  }

-  aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx));
-  if (aes_ctx == NULL) {
-    OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
-    return 0;
-  }
-
  aes_ctx->ctr =
      aes_ctr_set_key(&aes_ctx->ks.ks, NULL, &aes_ctx->block, key, aes_key_len);
  ctx->tag_len = tag_len;
  hmac_init(&aes_ctx->inner_init_state, &aes_ctx->outer_init_state,
            key + aes_key_len);

-  ctx->aead_state = aes_ctx;
-
  return 1;
 }

-static void aead_aes_ctr_hmac_sha256_cleanup(EVP_AEAD_CTX *ctx) {
-  OPENSSL_free(ctx->aead_state);
-}
+static void aead_aes_ctr_hmac_sha256_cleanup(EVP_AEAD_CTX *ctx) {}

 static void hmac_update_uint64(SHA256_CTX *sha256, uint64_t value) {
  unsigned i;
@@ -178,7 +178,8 @@ static int aead_aes_ctr_hmac_sha256_seal_scatter(
    size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
    size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
-  const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state;
+  const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx =
+      (struct aead_aes_ctr_hmac_sha256_ctx *) &ctx->state;
  const uint64_t in_len_64 = in_len;

  if (in_len_64 >= (UINT64_C(1) << 32) * AES_BLOCK_SIZE) {
@@ -212,7 +213,8 @@ static int aead_aes_ctr_hmac_sha256_open_gather(
    const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
    size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
-  const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state;
+  const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx =
+      (struct aead_aes_ctr_hmac_sha256_ctx *) &ctx->state;

  if (in_tag_len != ctx->tag_len) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
@@ -27,28 +27,47 @@
 #define EVP_AEAD_AES_GCM_SIV_NONCE_LEN 12
 #define EVP_AEAD_AES_GCM_SIV_TAG_LEN 16

-#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM)
+// TODO(davidben): AES-GCM-SIV assembly is not correct for Windows. It must save
+// and restore xmm6 through xmm15.
+#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \
+    !defined(OPENSSL_WINDOWS)
+#define AES_GCM_SIV_ASM

 // Optimised AES-GCM-SIV

 struct aead_aes_gcm_siv_asm_ctx {
  alignas(16) uint8_t key[16*15];
  int is_128_bit;
-  // ptr contains the original pointer from |OPENSSL_malloc|, which may only be
-  // 8-byte aligned. When freeing this structure, actually call |OPENSSL_free|
-  // on this pointer.
-  void *ptr;
 };

+// The assembly code assumes 8-byte alignment of the EVP_AEAD_CTX's state, and
+// aligns to 16 bytes itself.
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) + 8 >=
+                          sizeof(struct aead_aes_gcm_siv_asm_ctx),
+                      "AEAD state is too small");
+#if defined(__GNUC__) || defined(__clang__)
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >= 8,
+                      "AEAD state has insufficient alignment");
+#endif
+
+// asm_ctx_from_ctx returns a 16-byte aligned context pointer from |ctx|.
+static struct aead_aes_gcm_siv_asm_ctx *asm_ctx_from_ctx(
+    const EVP_AEAD_CTX *ctx) {
+  // ctx->state must already be 8-byte aligned. Thus, at most, we may need to
+  // add eight to align it to 16 bytes.
+  const uintptr_t offset = ((uintptr_t)&ctx->state) & 8;
+  return (struct aead_aes_gcm_siv_asm_ctx *)(&ctx->state.opaque[offset]);
+}
+
 // aes128gcmsiv_aes_ks writes an AES-128 key schedule for |key| to
 // |out_expanded_key|.
 extern void aes128gcmsiv_aes_ks(
    const uint8_t key[16], uint8_t out_expanded_key[16*15]);

-// aes128gcmsiv_aes_ks writes an AES-128 key schedule for |key| to
+// aes256gcmsiv_aes_ks writes an AES-256 key schedule for |key| to
 // |out_expanded_key|.
 extern void aes256gcmsiv_aes_ks(
-    const uint8_t key[16], uint8_t out_expanded_key[16*15]);
+    const uint8_t key[32], uint8_t out_expanded_key[16*15]);

 static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                     size_t key_len, size_t tag_len) {
@@ -68,18 +87,8 @@ static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
    return 0;
  }

-  char *ptr = OPENSSL_malloc(sizeof(struct aead_aes_gcm_siv_asm_ctx) + 8);
-  if (ptr == NULL) {
-    return 0;
-  }
-  assert((((uintptr_t)ptr) & 7) == 0);
-
-  // gcm_siv_ctx needs to be 16-byte aligned in a cross-platform way.
-  struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx =
-      (struct aead_aes_gcm_siv_asm_ctx *)(ptr + (((uintptr_t)ptr) & 8));
-
+  struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = asm_ctx_from_ctx(ctx);
  assert((((uintptr_t)gcm_siv_ctx) & 15) == 0);
-  gcm_siv_ctx->ptr = ptr;

  if (key_bits == 128) {
    aes128gcmsiv_aes_ks(key, &gcm_siv_ctx->key[0]);
@@ -88,16 +97,13 @@ static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
    aes256gcmsiv_aes_ks(key, &gcm_siv_ctx->key[0]);
    gcm_siv_ctx->is_128_bit = 0;
  }
-  ctx->aead_state = gcm_siv_ctx;
+
  ctx->tag_len = tag_len;

  return 1;
 }

-static void aead_aes_gcm_siv_asm_cleanup(EVP_AEAD_CTX *ctx) {
-  const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = ctx->aead_state;
-  OPENSSL_free(gcm_siv_ctx->ptr);
-}
+static void aead_aes_gcm_siv_asm_cleanup(EVP_AEAD_CTX *ctx) {}

 // aesgcmsiv_polyval_horner updates the POLYVAL value in |in_out_poly| to
 // include a number (|in_blocks|) of 16-byte blocks of data from |in|, given
@@ -337,7 +343,7 @@ static int aead_aes_gcm_siv_asm_seal_scatter(
    size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
    size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
-  const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = ctx->aead_state;
+  const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = asm_ctx_from_ctx(ctx);
  const uint64_t in_len_64 = in_len;
  const uint64_t ad_len_64 = ad_len;

@@ -420,7 +426,12 @@ static int aead_aes_gcm_siv_asm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
    return 0;
  }

-  const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = ctx->aead_state;
+  if (nonce_len != EVP_AEAD_AES_GCM_SIV_NONCE_LEN) {
+    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+    return 0;
+  }
+
+  const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = asm_ctx_from_ctx(ctx);
  const size_t plaintext_len = in_len - EVP_AEAD_AES_GCM_SIV_TAG_LEN;
  const uint8_t *const given_tag = in + plaintext_len;

@@ -547,7 +558,7 @@ static const EVP_AEAD aead_aes_256_gcm_siv_asm = {
    NULL /* tag_len */,
 };

-#endif  // X86_64 && !NO_ASM
+#endif  // X86_64 && !NO_ASM && !WINDOWS

 struct aead_aes_gcm_siv_ctx {
  union {
@@ -558,6 +569,15 @@ struct aead_aes_gcm_siv_ctx {
  unsigned is_256:1;
 };

+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                          sizeof(struct aead_aes_gcm_siv_ctx),
+                      "AEAD state is too small");
+#if defined(__GNUC__) || defined(__clang__)
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+                          alignof(struct aead_aes_gcm_siv_ctx),
+                      "AEAD state has insufficient alignment");
+#endif
+
 static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                 size_t key_len, size_t tag_len) {
  const size_t key_bits = key_len * 8;
@@ -576,24 +596,18 @@ static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
  }

  struct aead_aes_gcm_siv_ctx *gcm_siv_ctx =
-      OPENSSL_malloc(sizeof(struct aead_aes_gcm_siv_ctx));
-  if (gcm_siv_ctx == NULL) {
-    return 0;
-  }
+      (struct aead_aes_gcm_siv_ctx *)&ctx->state;
  OPENSSL_memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx));

  aes_ctr_set_key(&gcm_siv_ctx->ks.ks, NULL, &gcm_siv_ctx->kgk_block, key,
                  key_len);
  gcm_siv_ctx->is_256 = (key_len == 32);
-  ctx->aead_state = gcm_siv_ctx;
  ctx->tag_len = tag_len;

  return 1;
 }

-static void aead_aes_gcm_siv_cleanup(EVP_AEAD_CTX *ctx) {
-  OPENSSL_free(ctx->aead_state);
-}
+static void aead_aes_gcm_siv_cleanup(EVP_AEAD_CTX *ctx) {}

 // gcm_siv_crypt encrypts (or decrypts—it's the same thing) |in_len| bytes from
 // |in| to |out|, using the block function |enc_block| with |key| in counter
@@ -709,6 +723,14 @@ static void gcm_siv_keys(
  }

  OPENSSL_memcpy(out_keys->auth_key, key_material, 16);
+  // Note the |ctr128_f| function uses a big-endian couner, while AES-GCM-SIV
+  // uses a little-endian counter. We ignore the return value and only use
+  // |block128_f|. This has a significant performance cost for the fallback
+  // bitsliced AES implementations (bsaes and aes_nohw).
+  //
+  // We currently do not consider AES-GCM-SIV to be performance-sensitive on
+  // client hardware. If this changes, we can write little-endian |ctr128_f|
+  // functions.
  aes_ctr_set_key(&out_keys->enc_key.ks, NULL, &out_keys->enc_block,
                  key_material + 16, gcm_siv_ctx->is_256 ? 32 : 16);
 }
@@ -718,7 +740,8 @@ static int aead_aes_gcm_siv_seal_scatter(
    size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
    size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
-  const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx = ctx->aead_state;
+  const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx =
+      (struct aead_aes_gcm_siv_ctx *)&ctx->state;
  const uint64_t in_len_64 = in_len;
  const uint64_t ad_len_64 = ad_len;

@@ -778,7 +801,8 @@ static int aead_aes_gcm_siv_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
    return 0;
  }

-  const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx = ctx->aead_state;
+  const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx =
+      (struct aead_aes_gcm_siv_ctx *)&ctx->state;

  struct gcm_siv_record_keys keys;
  gcm_siv_keys(gcm_siv_ctx, &keys, nonce);
@@ -831,7 +855,7 @@ static const EVP_AEAD aead_aes_256_gcm_siv = {
    NULL /* tag_len */,
 };

-#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM)
+#if defined(AES_GCM_SIV_ASM)

 static char avx_aesni_capable(void) {
  const uint32_t ecx = OPENSSL_ia32cap_P[1];
@@ -864,4 +888,4 @@ const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) {
  return &aead_aes_256_gcm_siv;
 }

-#endif  // X86_64 && !NO_ASM
+#endif  // AES_GCM_SIV_ASM
@@ -26,6 +26,7 @@

 #include "../fipsmodule/cipher/internal.h"
 #include "../internal.h"
+#include "../chacha/internal.h"


 #define POLY1305_TAG_LEN 16
@@ -34,6 +35,15 @@ struct aead_chacha20_poly1305_ctx {
  uint8_t key[32];
 };

+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                          sizeof(struct aead_chacha20_poly1305_ctx),
+                      "AEAD state is too small");
+#if defined(__GNUC__) || defined(__clang__)
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+                          alignof(struct aead_chacha20_poly1305_ctx),
+                      "AEAD state has insufficient alignment");
+#endif
+
 // For convenience (the x86_64 calling convention allows only six parameters in
 // registers), the final parameter for the assembly functions is both an input
 // and output parameter.
@@ -68,9 +78,9 @@ static int asm_capable(void) {
  return sse41_capable;
 }

-OPENSSL_COMPILE_ASSERT(sizeof(union open_data) == 48, wrong_open_data_size);
-OPENSSL_COMPILE_ASSERT(sizeof(union seal_data) == 48 + 8 + 8,
-                       wrong_seal_data_size);
+OPENSSL_STATIC_ASSERT(sizeof(union open_data) == 48, "wrong open_data size");
+OPENSSL_STATIC_ASSERT(sizeof(union seal_data) == 48 + 8 + 8,
+                      "wrong seal_data size");

 // chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It decrypts
 // |plaintext_len| bytes from |ciphertext| and writes them to |out_plaintext|.
@@ -108,7 +118,8 @@ static void chacha20_poly1305_seal(uint8_t *out_ciphertext,

 static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
                                       size_t key_len, size_t tag_len) {
-  struct aead_chacha20_poly1305_ctx *c20_ctx;
+  struct aead_chacha20_poly1305_ctx *c20_ctx =
+      (struct aead_chacha20_poly1305_ctx *)&ctx->state;

  if (tag_len == 0) {
    tag_len = POLY1305_TAG_LEN;
@@ -123,21 +134,13 @@ static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
    return 0;  // internal error - EVP_AEAD_CTX_init should catch this.
  }

-  c20_ctx = OPENSSL_malloc(sizeof(struct aead_chacha20_poly1305_ctx));
-  if (c20_ctx == NULL) {
-    return 0;
-  }
-
  OPENSSL_memcpy(c20_ctx->key, key, key_len);
-  ctx->aead_state = c20_ctx;
  ctx->tag_len = tag_len;

  return 1;
 }

-static void aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) {
-  OPENSSL_free(ctx->aead_state);
-}
+static void aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) {}

 static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {
  uint8_t length_bytes[8];
@@ -151,16 +154,15 @@ static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {
 }

 // calc_tag fills |tag| with the authentication tag for the given inputs.
-static void calc_tag(uint8_t tag[POLY1305_TAG_LEN],
-                     const struct aead_chacha20_poly1305_ctx *c20_ctx,
+static void calc_tag(uint8_t tag[POLY1305_TAG_LEN], const uint8_t *key,
                     const uint8_t nonce[12], const uint8_t *ad, size_t ad_len,
                     const uint8_t *ciphertext, size_t ciphertext_len,
                     const uint8_t *ciphertext_extra,
                     size_t ciphertext_extra_len) {
  alignas(16) uint8_t poly1305_key[32];
  OPENSSL_memset(poly1305_key, 0, sizeof(poly1305_key));
-  CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
-                   c20_ctx->key, nonce, 0);
+  CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key), key, nonce,
+                   0);

  static const uint8_t padding[16] = { 0 };  // Padding is all zeros.
  poly1305_state ctx;
@@ -181,18 +183,16 @@ static void calc_tag(uint8_t tag[POLY1305_TAG_LEN],
  CRYPTO_poly1305_finish(&ctx, tag);
 }

-static int aead_chacha20_poly1305_seal_scatter(
-    const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
+static int chacha20_poly1305_seal_scatter(
+    const uint8_t *key, uint8_t *out, uint8_t *out_tag,
    size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
-    size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
-  const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
-
-  if (extra_in_len + ctx->tag_len < ctx->tag_len) {
+    size_t extra_in_len, const uint8_t *ad, size_t ad_len, size_t tag_len) {
+  if (extra_in_len + tag_len < tag_len) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
    return 0;
  }
-  if (max_out_tag_len < ctx->tag_len + extra_in_len) {
+  if (max_out_tag_len < tag_len + extra_in_len) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
    return 0;
  }
@@ -213,7 +213,7 @@ static int aead_chacha20_poly1305_seal_scatter(
    return 0;
  }

-  if (max_out_tag_len < ctx->tag_len) {
+  if (max_out_tag_len < tag_len) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
    return 0;
  }
@@ -228,7 +228,7 @@ static int aead_chacha20_poly1305_seal_scatter(

    for (size_t done = 0; done < extra_in_len; block_counter++) {
      memset(block, 0, sizeof(block));
-      CRYPTO_chacha_20(block, block, sizeof(block), c20_ctx->key, nonce,
+      CRYPTO_chacha_20(block, block, sizeof(block), key, nonce,
                       block_counter);
      for (size_t i = offset; i < sizeof(block) && done < extra_in_len;
           i++, done++) {
@@ -240,35 +240,71 @@ static int aead_chacha20_poly1305_seal_scatter(

  union seal_data data;
  if (asm_capable()) {
-    OPENSSL_memcpy(data.in.key, c20_ctx->key, 32);
+    OPENSSL_memcpy(data.in.key, key, 32);
    data.in.counter = 0;
    OPENSSL_memcpy(data.in.nonce, nonce, 12);
    data.in.extra_ciphertext = out_tag;
    data.in.extra_ciphertext_len = extra_in_len;
    chacha20_poly1305_seal(out, in, in_len, ad, ad_len, &data);
  } else {
-    CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
-    calc_tag(data.out.tag, c20_ctx, nonce, ad, ad_len, out, in_len, out_tag,
+    CRYPTO_chacha_20(out, in, in_len, key, nonce, 1);
+    calc_tag(data.out.tag, key, nonce, ad, ad_len, out, in_len, out_tag,
             extra_in_len);
  }

-  OPENSSL_memcpy(out_tag + extra_in_len, data.out.tag, ctx->tag_len);
-  *out_tag_len = extra_in_len + ctx->tag_len;
+  OPENSSL_memcpy(out_tag + extra_in_len, data.out.tag, tag_len);
+  *out_tag_len = extra_in_len + tag_len;
  return 1;
 }

-static int aead_chacha20_poly1305_open_gather(
-    const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
-    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
-    size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
-  const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
+static int aead_chacha20_poly1305_seal_scatter(
+    const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
+    size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
+    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
+    size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
+  const struct aead_chacha20_poly1305_ctx *c20_ctx =
+      (struct aead_chacha20_poly1305_ctx *)&ctx->state;

+  return chacha20_poly1305_seal_scatter(
+      c20_ctx->key, out, out_tag, out_tag_len, max_out_tag_len, nonce,
+      nonce_len, in, in_len, extra_in, extra_in_len, ad, ad_len, ctx->tag_len);
+}
+
+static int aead_xchacha20_poly1305_seal_scatter(
+    const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
+    size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
+    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
+    size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
+  const struct aead_chacha20_poly1305_ctx *c20_ctx =
+      (struct aead_chacha20_poly1305_ctx *)&ctx->state;
+
+  if (nonce_len != 24) {
+    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+    return 0;
+  }
+
+  alignas(4) uint8_t derived_key[32];
+  alignas(4) uint8_t derived_nonce[12];
+  CRYPTO_hchacha20(derived_key, c20_ctx->key, nonce);
+  OPENSSL_memset(derived_nonce, 0, 4);
+  OPENSSL_memcpy(&derived_nonce[4], &nonce[16], 8);
+
+  return chacha20_poly1305_seal_scatter(
+      derived_key, out, out_tag, out_tag_len, max_out_tag_len,
+      derived_nonce, sizeof(derived_nonce), in, in_len, extra_in, extra_in_len,
+      ad, ad_len, ctx->tag_len);
+}
+
+static int chacha20_poly1305_open_gather(
+    const uint8_t *key, uint8_t *out, const uint8_t *nonce,
+    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
+    size_t in_tag_len, const uint8_t *ad, size_t ad_len, size_t tag_len) {
  if (nonce_len != 12) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
    return 0;
  }

-  if (in_tag_len != ctx->tag_len) {
+  if (in_tag_len != tag_len) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
    return 0;
  }
@@ -287,16 +323,16 @@ static int aead_chacha20_poly1305_open_gather(

  union open_data data;
  if (asm_capable()) {
-    OPENSSL_memcpy(data.in.key, c20_ctx->key, 32);
+    OPENSSL_memcpy(data.in.key, key, 32);
    data.in.counter = 0;
    OPENSSL_memcpy(data.in.nonce, nonce, 12);
    chacha20_poly1305_open(out, in, in_len, ad, ad_len, &data);
  } else {
-    calc_tag(data.out.tag, c20_ctx, nonce, ad, ad_len, in, in_len, NULL, 0);
-    CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
+    calc_tag(data.out.tag, key, nonce, ad, ad_len, in, in_len, NULL, 0);
+    CRYPTO_chacha_20(out, in, in_len, key, nonce, 1);
  }

-  if (CRYPTO_memcmp(data.out.tag, in_tag, ctx->tag_len) != 0) {
+  if (CRYPTO_memcmp(data.out.tag, in_tag, tag_len) != 0) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
    return 0;
  }
@@ -304,6 +340,41 @@ static int aead_chacha20_poly1305_open_gather(
  return 1;
 }

+static int aead_chacha20_poly1305_open_gather(
+    const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
+    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
+    size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
+  const struct aead_chacha20_poly1305_ctx *c20_ctx =
+      (struct aead_chacha20_poly1305_ctx *)&ctx->state;
+
+  return chacha20_poly1305_open_gather(c20_ctx->key, out, nonce, nonce_len, in,
+                                       in_len, in_tag, in_tag_len, ad, ad_len,
+                                       ctx->tag_len);
+}
+
+static int aead_xchacha20_poly1305_open_gather(
+    const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
+    size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
+    size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
+  const struct aead_chacha20_poly1305_ctx *c20_ctx =
+      (struct aead_chacha20_poly1305_ctx *)&ctx->state;
+
+  if (nonce_len != 24) {
+    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
+    return 0;
+  }
+
+  alignas(4) uint8_t derived_key[32];
+  alignas(4) uint8_t derived_nonce[12];
+  CRYPTO_hchacha20(derived_key, c20_ctx->key, nonce);
+  OPENSSL_memset(derived_nonce, 0, 4);
+  OPENSSL_memcpy(&derived_nonce[4], &nonce[16], 8);
+
+  return chacha20_poly1305_open_gather(
+      derived_key, out, derived_nonce, sizeof(derived_nonce), in, in_len,
+      in_tag, in_tag_len, ad, ad_len, ctx->tag_len);
+}
+
 static const EVP_AEAD aead_chacha20_poly1305 = {
    32,                // key len
    12,                // nonce len
@@ -321,6 +392,27 @@ static const EVP_AEAD aead_chacha20_poly1305 = {
    NULL,  // tag_len
 };

+static const EVP_AEAD aead_xchacha20_poly1305 = {
+    32,                // key len
+    24,                // nonce len
+    POLY1305_TAG_LEN,  // overhead
+    POLY1305_TAG_LEN,  // max tag length
+    1,                 // seal_scatter_supports_extra_in
+
+    aead_chacha20_poly1305_init,
+    NULL,  // init_with_direction
+    aead_chacha20_poly1305_cleanup,
+    NULL /* open */,
+    aead_xchacha20_poly1305_seal_scatter,
+    aead_xchacha20_poly1305_open_gather,
+    NULL,  // get_iv
+    NULL,  // tag_len
+};
+
 const EVP_AEAD *EVP_aead_chacha20_poly1305(void) {
  return &aead_chacha20_poly1305;
 }
+
+const EVP_AEAD *EVP_aead_xchacha20_poly1305(void) {
+  return &aead_xchacha20_poly1305;
+}
@@ -42,14 +42,22 @@ typedef struct {
  char implicit_iv;
 } AEAD_TLS_CTX;

-OPENSSL_COMPILE_ASSERT(EVP_MAX_MD_SIZE < 256, mac_key_len_fits_in_uint8_t);
+OPENSSL_STATIC_ASSERT(EVP_MAX_MD_SIZE < 256,
+                      "mac_key_len does not fit in uint8_t");
+
+OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
+                          sizeof(AEAD_TLS_CTX),
+                      "AEAD state is too small");
+#if defined(__GNUC__) || defined(__clang__)
+OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
+                          alignof(AEAD_TLS_CTX),
+                      "AEAD state has insufficient alignment");
+#endif

 static void aead_tls_cleanup(EVP_AEAD_CTX *ctx) {
-  AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state;
+  AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
  EVP_CIPHER_CTX_cleanup(&tls_ctx->cipher_ctx);
  HMAC_CTX_cleanup(&tls_ctx->hmac_ctx);
-  OPENSSL_free(tls_ctx);
-  ctx->aead_state = NULL;
 }

 static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
@@ -72,11 +80,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
  assert(mac_key_len + enc_key_len +
         (implicit_iv ? EVP_CIPHER_iv_length(cipher) : 0) == key_len);

-  AEAD_TLS_CTX *tls_ctx = OPENSSL_malloc(sizeof(AEAD_TLS_CTX));
-  if (tls_ctx == NULL) {
-    OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
-    return 0;
-  }
+  AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
  EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx);
  HMAC_CTX_init(&tls_ctx->hmac_ctx);
  assert(mac_key_len <= EVP_MAX_MD_SIZE);
@@ -84,13 +88,11 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
  tls_ctx->mac_key_len = (uint8_t)mac_key_len;
  tls_ctx->implicit_iv = implicit_iv;

-  ctx->aead_state = tls_ctx;
  if (!EVP_CipherInit_ex(&tls_ctx->cipher_ctx, cipher, NULL, &key[mac_key_len],
                         implicit_iv ? &key[mac_key_len + enc_key_len] : NULL,
                         dir == evp_aead_seal) ||
      !HMAC_Init_ex(&tls_ctx->hmac_ctx, key, mac_key_len, md, NULL)) {
    aead_tls_cleanup(ctx);
-    ctx->aead_state = NULL;
    return 0;
  }
  EVP_CIPHER_CTX_set_padding(&tls_ctx->cipher_ctx, 0);
@@ -101,7 +103,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
 static size_t aead_tls_tag_len(const EVP_AEAD_CTX *ctx, const size_t in_len,
                               const size_t extra_in_len) {
  assert(extra_in_len == 0);
-  AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state;
+  const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;

  const size_t hmac_len = HMAC_size(&tls_ctx->hmac_ctx);
  if (EVP_CIPHER_CTX_mode(&tls_ctx->cipher_ctx) != EVP_CIPH_CBC_MODE) {
@@ -125,7 +127,7 @@ static int aead_tls_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
                                 const uint8_t *extra_in,
                                 const size_t extra_in_len, const uint8_t *ad,
                                 const size_t ad_len) {
-  AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state;
+  AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;

  if (!tls_ctx->cipher_ctx.encrypt) {
    // Unlike a normal AEAD, a TLS AEAD may only be used in one direction.
@@ -241,7 +243,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
                         size_t max_out_len, const uint8_t *nonce,
                         size_t nonce_len, const uint8_t *in, size_t in_len,
                         const uint8_t *ad, size_t ad_len) {
-  AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)ctx->aead_state;
+  AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;

  if (tls_ctx->cipher_ctx.encrypt) {
    // Unlike a normal AEAD, a TLS AEAD may only be used in one direction.
@@ -297,6 +299,8 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
  total += len;
  assert(total == in_len);

+  CONSTTIME_SECRET(out, total);
+
  // Remove CBC padding. Code from here on is timing-sensitive with respect to
  // |padding_ok| and |data_plus_mac_len| for CBC ciphers.
  size_t data_plus_mac_len;
@@ -373,11 +377,15 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
  crypto_word_t good =
      constant_time_eq_int(CRYPTO_memcmp(record_mac, mac, mac_len), 0);
  good &= padding_ok;
+  CONSTTIME_DECLASSIFY(&good, sizeof(good));
  if (!good) {
    OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
    return 0;
  }

+  CONSTTIME_DECLASSIFY(&data_len, sizeof(data_len));
+  CONSTTIME_DECLASSIFY(out, data_len);
+
  // End of timing-sensitive code.

  *out_len = data_len;
@@ -453,7 +461,7 @@ static int aead_des_ede3_cbc_sha1_tls_implicit_iv_init(

 static int aead_tls_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
                           size_t *out_iv_len) {
-  const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX*) ctx->aead_state;
+  const AEAD_TLS_CTX *tls_ctx = (AEAD_TLS_CTX *)&ctx->state;
  const size_t iv_len = EVP_CIPHER_CTX_iv_length(&tls_ctx->cipher_ctx);
  if (iv_len <= 1) {
    return 0;
@@ -42,14 +42,707 @@ TAG_LEN: 20
 NO_SEAL: 01
 FAILS: 01

-# Test with maximal padding.
-# DIGEST: c6105cc86e18eb8376c16ea37693db5c07b77137
-KEY: 8503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+# Test with maximal padding (0 mod 64).
+# DIGEST: ceb2d295bd0efd37c6c34dab1854c80e986174fc
+KEY: 37446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
 NONCE: 
-IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c748
-AD: 1df3f4183aa23fd8d7efd8
-CT: 7265eea4b391d880c6bc72d3282f663e5551c0a71ca35898047362694ee8f2710974350a2a38a13b0434d312
-TAG: ead153f0c9488b88357e81187178465d2416ca97dbf7460c9519ed9957d9e74e62950447e49dd233e9c504876a90fa79273e597ed751da4f32a2c60cecbfb6641ca2e8938774cbc324affa9bb027d219730d57ca1981e87d0dcd0551618493f79ff8c0366383e0698a009bd976c63f089a8b901b5a08fabf0d3f798c349743634d5dd35a2195cf0b74b67d36d65be1aa920831906acbc57cd880964ec948e9c11614104721efb62a47600ee968418b1d197c3ce6ba6246d5ac1f07819f67c2cb3ca5162aedd354e2314d65d5e863964db421846da7603b9f11c503966834ed501885763da3e89a59f89f1e31f78111324b79637dd3b6aeeb71ccf2557f9725b86dd13088ce257cd6ea71706ff8ec9036f56d76c4
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba
+AD: 2fd6773e0d0c302a5f47e0
+CT: 2840fb36bc8e03c59de49315bd8a6e091f41fb020cdb174ed0ab84fab8f94c14e840fd37fc13f48490c2d2ffd4efeb4da8d98840f6ee5af812bcbbeeb7f2992b
+TAG: a767b9c80eb4ab9270c0c08d6adc1bf56245929a79a4511a8a4ccd2c996611a0154c8101217b46b049331d3109a42093f223a8224e11fcecee906b2ef52e5650da0498e3f832101b7ef66fdbcef302f362e570e5e42d5dbc33d0d662913c78a8caf3a9e2e22949cf6d212efee4d9dc8d03fd6a00d41f3073c4b73149e8bf05d23b2dd88aab1c87ac948a3f96be79c52efe9488ceb9a1c5511b441a6ba4204beaf339539ff9b4443000b5b7c00261c663be3087c395ee448e724d1cfcbe10e15ccddcf50378fef972fa3aca38fdb1d131f1bc7ce166f4476a008883292f8422cc668e1c8e0cd53cb25a64324d187b14143563d8d1af9371602a068da959c587cd6a383d1ffc74190c0499b2d71390cdcf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (1 mod 64).
+# DIGEST: a07054c760cc66fc704edf950201005031f3faac
+KEY: 446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be1
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2f
+AD: d6773e0d0c302a5f47e037
+CT: 2e7e6cd84e03e35d8977c9e1d4ce6784c4db3a87fa1b82e6f781e284e0d3914eb56acdde0374eed6283cc10e1f329821fefbf888dfc8fb42fa574cb64df6d88d2d
+TAG: 80503493bfa3c2cd3817bb145fc579ebe050bf0e6310a29c9e1a7e98371833a25bea5c82bb6128cba6e27e7e796b49b49cd55ad123f90aade4d76a636104e5a4f6fc9c92997c0706d709145b208523c0c890394fcec38507fa0bad3d24fdc921416501e5c9b6964db81572bb933b67c4b5bb2070ad5068069592d35902ab93bad8d5121fe15bbb2bd27ad946a21f2ecd7e95c7f4c63ddd00589ac304d638307e798d9a55bfde231f5bd8a8f89cfae591b0234662647c3b42278f4157c4fb44fcc51862bbb2f03273f680d6dccee49b51bb4b881e5a1768dbc537e67073b796047fbce6f90eb54776d9f0237978f129af7efd4a3f380547e883d9976b38819acf9e0411769fc6898eaeca53f5def25f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (2 mod 64).
+# DIGEST: d059c266cf6233af730b7a229b19356a4c6fcf06
+KEY: 6f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6
+AD: 773e0d0c302a5f47e03744
+CT: be77b79780ae8ccda54d5f995f7c1beee8ac61735285e34d9dd137058555e723daeafe392773f428ec528a14c2f52a86365c4929d98d4504c669db1d984e2f84f7bf
+TAG: 24836360777dbacbbcea10d08e3d975a0bd32669871000178d167a1e40a6723b7c47ebd32e5df52cc4e0ee5459b355f285a0a93bd9fd016642221a335a2f09a4635f71d8575bdd081caa14b083aed01444df63e5cb01377b8a3ac31006c92621a894b71d50c85964234a5aae094a931e5456416236001f46d771767aee47f6b7c3493fc10b9f392dd629852623c1ff6f1e7dd3346d1aabd132301fa16ce88017fe3ca394d1c685942f1ed7b37f84a25682142b02ce138ae9b21c85db410cc3c266f6a490ffdaa0ce95e8b1f2da7f6e6ddda2d4570dc5619605fca903e47eb62d7419dfe49f354ac18762abbdfe5431a863b6f7371731ebb09ab41aba79e41be8603060fe921e4dc8b7f422392640
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (3 mod 64).
+# DIGEST: 8aac0687e33041fcc18da154b41f20a6af2bfb28
+KEY: 5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a7
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd677
+AD: 3e0d0c302a5f47e037446f
+CT: 82aba2e22933737ef55346865375b574f24066eabe39fb800ec790df3ad05f85a760332e8a1d45e7b0c2d969ac5689505510fe035db4ac1c5a8a01a6f6ac00ad3d8344
+TAG: 090114b0a31c301edc2bed8e25298d4f913558ce3f6f607b0fce5f9e7b1c953601ce9890f0d8e8d6a71c5ccc4e0aab08942628d21f467bfbfc4996863e8fd296b7ce153568999980ac2980ca68b16c0b2edfe5efcfff121a7e4dfc8dd9387442c4847f7c572f668aa990334dc50a54480f673c338f1ea9c81cfb9d482f6e4ae163e412108ad5775aefe89173229efd58a0f56b411008f87e3aa307413779538057f5d846a1586920b1448b4fda27b65647b946bd5b7950a5e3e37ccca55b359b4726e26fc3d168a9e8bef56c1a61fcb2b55cca61bac0123190572c939584ffae1e913b82bbd8057f302a900d2a1a7ed1ab4a1b7c8c5cd56fc472d69d013bb897ea3d72d299da0df5fcc7a745dc
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (4 mod 64).
+# DIGEST: 53658226c112b86438dd27b58a71f9e36fc73c1e
+KEY: 91d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a729
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e
+AD: 0d0c302a5f47e037446f58
+CT: 3eceac2e338b4dfd9f4840d77db69ed23ee286b522cd4a324b04b1865cc772914c8d84abbf0db1a3a2d15401759b18d6fb3b7020cca1e31d136fb97b26bc772baf5a363c
+TAG: 1b6a98c7f9b8c5c560add0eb46d2d7559ebce0894b876f0de8ec37031df30667cc3ea54a4e71d8bcfe575d6044d9f70852fcf9a1a6756643e28944b59856ed1ce9958045eae0aa64bba55b64aac0cacded741293262550b085b4cb143d8bb8f7061eda2911c86e1afce94a8afb4db1060c2da1e9bb0ca8747d71b706134e44bb7e4b73518ca9201d610860961a53438d6efb51031a1ba0fa9b437b8a3aebc0479bace7843b319c02b4987490bed351be2eced028a2d0c97a1e30ccbd820f4b3f669e33b74c1b550a8d9782b9ec7fa45b24dcd5b6788895d6246a4cdfb015c605741047c1d2323e207a8a622e55b6a19401bb67de62154392edb28ab3cdfbb2ae2f21c3181ee8033130e95e05
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (5 mod 64).
+# DIGEST: 6b7d5268b0b5037afb5be5af6a0ceb34e7656ac4
+KEY: d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d
+AD: 0c302a5f47e037446f5891
+CT: 5cfcf9e4dbe1a74e748665bf393c6fe93807ea36556590a1f2814c2b445988c1f6c2815f6b1f0fecae452d1bb89a055bc6f85bea11d99d0b0c62db8a81e3f0f3a557c208cd
+TAG: 8e73adba964c6868bb3da63b0d528a22eea8bfb4be0b1030070436f5c442649857c9c4a32759c5071d7d741692368497a978b5668b912cdfb0c404e514411ff111ea9f1224cb4a9256dc57a8a4677fe576b554cf6e4f975ac3a81eefcaa0bb68ac5bb26b1bf54bf034a50a1b3265e0baa8a900f048246c7ea825234732c3f5b34c4ddc0adc46178d0adbd9a524502061ad4c6df62dcd8f8851f270dc452be39021d5f054b7aa35f5235739894c659bc06333d0e564c38521d820dd7cb0dbb8a018543ebe7799cbd674a14821a6f92d776aed736fb4ce19ffe6ad5b456c09cc597443ae1bb41be9ea0213edfc1339636facbfdf56a8944cc548fd35fd5fa4a7b8cfbce736c6c96465326a49
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (6 mod 64).
+# DIGEST: 63efe7af502231420ed5aecce9a28446b257828d
+KEY: 7df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c
+AD: 302a5f47e037446f5891d7
+CT: b2e315ef97a1b89b4625715c61946446fe1bf27aa60e65d0ad9849f71ec53ccbee951d3628efe2795949f88795b354df0ec68b21cd699cdd0f92f31f3d6013a4c1116165b4f5
+TAG: 4e9eb0387d9121ea239b27016805f35c09c90904d9becd9ce23d77233e8b68c86e17f92ac31794be17386e5fe2f40e83147a7dea38bee4b9776fb4a4da85408b80ea7718d542a47e7e5d7db38c18560dbc37d49f4fae2e013c4b89ab59f2a529b389e2ce5b2c9f0883df472fb9ac58bc5e27dc21938344195de25f1e3c015b68e6c6f6111e037010a075e78e852f9b0b8e568359ba22eddd71714403309987ed20e381b8ff67f5fd5d9e8ce77b1517da2cd4c2909f83fe70b65af0ba8dfff1e0860ccd217a19a96d94ef3cfbe1214e204d4eab8045f97aaeae0946b455e01099513c5a763596c7495de135bd2ea2b9c01e7fcc5daa0e88bcb45ce5bd044dc300a281b2bfd18f6090f7eb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (7 mod 64).
+# DIGEST: 1a555c300a1d1bd5b03cdd6bf2a678621624eb05
+KEY: f660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b5
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c30
+AD: 2a5f47e037446f5891d77d
+CT: 8221477092da15c94ec15f34ef2d540c87ab24236ee4d97ed3543f49f2daec059be7c0f157f2d869bae0bd4b9d214bd40ed01484c28019d6349cac27db29050831e5974b5426a9
+TAG: 9f10a7816f0b558aaed826c53d63677dc443bd48fe1faf9d8e8542db0b3959d6754d0771ce1a23d67561626c7c521401c0a8882656ded33ace7965f5978bfa1c960ed9eb3831f45d28a4fb0ea44cbd9118f39eddbe3c56886bb4bd6593e13f2bf641e88adccaf76ab0356cb77654a1b27597b1b5fbbbf15b6c7673d92aa7073745721a299797b77c5b205ee44da405d634f971abf26bd7cffb21cd6f952eec7bc214d6ee0a31622c78259ba14072536751b87b968cc5e6ecb21d1b64c53f7ac24dd9344c2a03dbea3c5704bd283a8d28eb2ba5e4dc1b16a0edd6f4cb76aaf746b1a987d58ed73eb2b266a148ddbc033bd45712a3101f7b536d2d902b7e124e199442b149e3b603f199
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (8 mod 64).
+# DIGEST: de9156349b578f2f44945ec6a676a67a829daea1
+KEY: 60ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a
+AD: 5f47e037446f5891d77df6
+CT: 8a9f0d731d72929136ed9e6993cbb28013b336540f602c7203e6a38391dc07c8c3ce5b4ca62df582dea366c4b0b5aaabcf1959a7f0bc92047023c72225f5c071a588d95774f2e2c1
+TAG: 84d60af507164a4f4958b6aed0525028918bba60b4affc1afea92c0ef485679506ffdf649b0d9bcefcfb8f1503b2e48937a3e732785d85b11a524363a55fc994e756148a3b7b2772881aaceee2ffeb0f18bd85feb215fc8352dc76d8ab5255d56db5e9f10c42b4a3447321d459ed20e536062a33e6cc598a61b905bcd579e6d68cbdfb94c3b100e05bc0009b9841fca15d909de6897276f9177cce5b049c45954b7cddb7610127c9dd40a61bd8e47b7a165940ef3084a0b523955741414a12d34aed68db231db939b1417069516333b2c0c57e843f098a55e375639ebd2acf658de1f385a1e29c5eb9efe14c16e29488a32bbfd127592c7c45807f2b3e8f57144b9cf60130592b62
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (9 mod 64).
+# DIGEST: 12812df3aa7f3bbc899f6f248f5590e02570c292
+KEY: ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f
+AD: 47e037446f5891d77df660
+CT: e3af374fb6f33c64fc2e4cc1e1b635bbe890f02359b6adb2a747beda433e003e30e1803f2169ff6abc81ff8095601cdff7aebae5fd8fc012387a70dd7db18e7eb79f87fcc1821ffdf6
+TAG: 4f9730c5eeb9cb32e005afc571d2ed5b2de38670704f854c838d00584becf8583ee7e79d9609bb73abb70bd01ab228bcf6070ee1c1c97d4f6003f6a3ccb4b8af43dfb37bbeb707e1efa51b0447e6b31e82a3fecaacad99014a8d502c3db8a36665f85d62938de6ffe30c4749535bb124129caa1fa465d04c1005e64f7f4397607b4e6fc31b9c34961b7276185fc3211eda045c06a28aec0a1e0a0e2f1f6829a1ab372d0bedd711158696b062b9dcfbff4925dca71d4ad7f7c610d40bfc6e7d04f4990d6efdd059679c7137b5f5d28c9784fca307e2e1df33dfec10a242379ff30984c62c201738edd60007c9d56557692e8f73e5d0c83059d568312b3504de9691ad3d9b30a4a2
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (10 mod 64).
+# DIGEST: f3c89f21c327fca4aa400fabea9e39780378e901
+KEY: 82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fa
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47
+AD: e037446f5891d77df660ed
+CT: 98b22a9119610480bdfc5cb6e2a950ccac8741690574730b87fbeb113d5daac699c333ff21efd0e73d2252e95f64dd2699b940b490259cb5fd698756713c0e53ff69a733ea13587cbcb6
+TAG: 63600a3d7fe8a782af7af230da63bc84dd993bcffaa5f76e5f63ef56407d0412b831dab138d117fbc081139cc49946a7631f488c11946c10530806ce7a781baa3bd072300a5cdf8aaa3b2657ea3732c1e24271c447e6d7f6a2afa0bef27aada30585c33479debc10cb72febb181c7f5f77490b339285bfbb0bf07c545ed5a0f3f183fefdc7138e330095636956328ab85a201e3cd6a2edc573d75327bdf615ffc8e6fd5e133558b831e24b67751098320e9afdfe7c7ef4598c29563113052c568263612fdc3c48d8e9a8a407bc2918ede467636dc0185d9423e9eaefef4126247012d5f1930c56dd9dd7c34d397f388e4f741953d76bb1eec911079936a8dfc584fb5b7c84e4
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (11 mod 64).
+# DIGEST: e8e41988fad6c8b44c56544964cfe0a347b35b1e
+KEY: 933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e0
+AD: 37446f5891d77df660ed82
+CT: 8795d6c225aa78fccaaff86101641081f4a440969633ca8d7830ffb14f629fa34dc4c15e8ff20a8940c7a484ee94503372e658615eb3fc07c2d2c399ae9ad7a77d684512d0ca273f77fcfe
+TAG: 534574a93db9658b653cd395e981cd4a8992e817ba058f692c5f0c1682745097ed441781afe30827bcaa29d061e2d1554a949cf7b62077b768bc1ca8679618a5d2b32c0b7e735db6a27fd762a60aa19e60a60a9edb02f20e3e99fd4653732525a0c8d8042bd3ba5387f93a7e0da483173b3abcd3ff876badd75b81741abfe2baf21be1006d1cb85bc543ddc7493f8faf4e27619686ba324cf651a16e7ffc23ae7786eb8823300a5c65982228aecde99f53d43f86d9ec0d326eb3ece9f6cf1c6bf92d1599c5f9c391e9ba189195665d3018c38207717502bb60e020773618df614bb4e0309fa0809ab215f68f0d9d46c28950d3edad6c4f71dd5af9d03dfa39ae62482601ff
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (12 mod 64).
+# DIGEST: d1c7b2c04dc25fe7b742a1d659aec20e1475ee4f
+KEY: 3f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037
+AD: 446f5891d77df660ed8293
+CT: 694868cf990a1b8ef42fcb2b45cabf1bd78eee4b429c11b27a827762b9c319bc54a2b2c8eb2ac85063ef8ac7da8bc35b16c0a98822981dc9b246381780da7833eb718bc8518e2b176656ff5c
+TAG: ca1dc8a003fd389a1eb1cfa4bf9746cdf45c548f8e52e0bb0dd456c1369686e0975fada75cd8fb261a01828fa1375941dcd8c718f82d6b64222dfbf7143ce980f3936b78e525c961b7d72d5d68127d0f98de541853ae36408ac489c5629c82f00a44dbdc89d665f94fb391c4a0618f31df9bcf39a07325b600265daaf53c2762396f9f6e83fb4f545aefaaeb447d4162ad401e1da2ec090d78d7b354d80fa975dcea9b897fc0f16681cd9a1aedc78cdcbf26249e18132e518b75849af55de38562ac32c50819a35156706510688f3a81e13e3bd5f61a0c2a8655c251f4732258c3cf34694be21caad599996c9a13303be173f916e90f606dfe1640bcf35e892eab6ca70f59ca019d27c58cb69b4cb3bcd484198d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (13 mod 64).
+# DIGEST: 116e20ff1e79e0af464d473b1e7c187f4dd66007
+KEY: 62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be90
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e03744
+AD: 6f5891d77df660ed82933f
+CT: f2e78e183884c99ad7f199a02d87a1026c832b9a953919a98c2487bd0d724be407994fcce9e19b5a69f15ceef5d3b95c79d5fffede18a143cdfade5c0f80254cb38e47cc9c82488116640aebe9
+TAG: 11f4ab3470df6f43596f9275964c3ecc22543daebbdb99004eb6c1e001b2119ef9b247f30481117102a179a7ca72c556a029b77d0ee2167190923012aef527b8a432576f8948a7dc77ebb79fc7a9dd1d981a4bab9c00e498c09902ffb9362113f6ad3ac6c1f792fe27d3a71aa19b9f769f2417ada3d303e3fd2600484c9f6b43e4ad834e60ce4d4885088087a96eb52ad989a9e9a43aa53a78e513743a8f08cb472a144af5a6abc17f217715e074aa470ba71d2b1b75e4ff3f597c4d1993412d37f94989c1df016f72b26c8d58d78a8a3295108e9bc061facdbc4c708a1d7e7c95bb8e365d4e933c0e519d08abef948abb67c5a3ebe938b91613ae9bcb6079436af3acbbdfacf77e8b935686d4ef7ed47b5b10
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (14 mod 64).
+# DIGEST: c081d0d09b2c9eb39a372ef4a7b0246a0956b0f9
+KEY: be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f
+AD: 5891d77df660ed82933f62
+CT: c7de96bb45663dfe6da2a64ffc9ddfa7c3dc63077079bd4bc2ce52fea89924a75664782a5026fb5a099ec460eb9c6d7c3d5ea383092c8f4c67a70fc499a7689bfc27df4da7c185d573e6f8d70cc6
+TAG: 1d6cf11ee4afa8efb4e025dc32e0c73a6fcda2aa5c892031c7fde0d0d69e38e9e64e88a714184fbe73ca0f1dfd35ba3b0378a474cb4aaeb942a529cd199e20b7dd62654b97d92dc317975d5e26ca1378d41799a127c44a157982dc3677a4dd391e22b6906d303c2c60cde6052ffbdbe5f8bce22bc2ee42975f9892b68f228cb1f584b1a3fb2f15cb7bcf3d9650e72e796c46f7738986be7f7c30dc56c179299c9c368090f68b96735673f2279366122e5cd94d8d4ca2cbeddc3502d833bb365756cd511577a7499c199f403ce114ae47aabd351bd27e4595e3955e1d1c617a3d0ca2d6e4a2bc3275f5ef706fc4e02e48719958d37d172ad1473878686fca9420dafc83e0baaa9aefb1e50c98d6006ead6bd7
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (15 mod 64).
+# DIGEST: 6f7bb1f9e2772eb909c315e653e4737cfed78a18
+KEY: 8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f58
+AD: 91d77df660ed82933f62be
+CT: 3a77c0f70f9044fb3817d57be4f4e5ee4b27ffa586327f77c18346f9fef2608a552b551ac549f9e8d47c4959196162862fe2a35e44581971c2974d4a65a47ae719a7f5f070ad902b8a9e022abcf303
+TAG: 825fc7dd84de7f3bcc941d0234090a9409e47dda077e0f3fd000965bde1d4ff30e15b23affe14d94515629f8c018d085f41aa3ebfd0498f621593d57aaec4bdd0e22df21668451b098429967c8eb8789f92a5578d177e5d2e326fc14fff272eb90368d56a777849cc5a1d54c6a458d32c26f4cf99e0f80c91e6df29aa53edb03df176b9873f5827686faf26dbb038813a8170f59e3ad85ad698308748d112b7fbca45156a4410cf32fb34fbbf27b66dddc0680f2bcd7cac6b8cefa83945fad84f77a396630029e6bfe9f15cbf5a884332de5ea7f558d783858c18761983080c13f9c06be367ad856cf159656ad140e84d6af4b4c3517b90f5ec0a8e6fe18d42ce3d194f695f9b7440d4118b8170705b766
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (16 mod 64).
+# DIGEST: 172f4992e692a88f49628e5d3937959be01aed2e
+KEY: c55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d4120
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891
+AD: d77df660ed82933f62be8d
+CT: f2f3a3d985eb38c406bb0db0d141188c680656db8a4484abad2c8973267e14458e2be7cb52f06ee2a0f68eaced13db714296319b2b3557454f5e9cb47e8943ea3e66f7bd25c5757375be7bdd65fef53b
+TAG: 2c441fd3259628cab417df36374ededb37b9775c0ddff861a5b957a9237265000be0857b3b8482ccc5a348dbb9f4529da4baca8a8820468b1219fe4680221bad9a527d93ca499a988411021e0f9cbfbacc7851c63cc1886e934238d9b7f9cb6b330ad00da830b34c7e4398d148af7599a87770102622e7a68828dece16d4255bb319c75ab0046defe72269fe67780b34324eb3d57effa216411caea5661e64d8151707ffa86752c876590ec46926b7e963ced6a7fa95b1bd958e618bdf1775a9b3ff18c91ed490f39cffe0ab03bb5006cd321d8e6bbdb19597ad7692eb7a7685e075de1d383089f46c8a4bf1aa948bf08b89fde28696147c767f5fdf2aee8b8d4af2903452fc5876aa226d490140a55e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (17 mod 64).
+# DIGEST: 00133da1f7c63fd5f0eec364e9a359be02c1d3da
+KEY: 5b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d7
+AD: 7df660ed82933f62be8dc5
+CT: 02fd26e7b51a1bc6ab6735045d2e42fdd1f31adba98ed5f8b3e89450853104633abf6cbb70ecfba2f5b39dc06f419746abae4a51d33829bb04140275021d183ba079d58c37d4147e8114bc2e3d1542b0be
+TAG: 4bc0c3d3487bb74931c27253f0f0931d15a627ad88ac1ba563d97bcec53524870d8fefd1300feae23772902058f5f4a0c1c67eb5e4ca9d4f98692398a9019c3263d2191361b73038e3c9252502ca72070f1155952b3a0c787508d7c0c96e02036b2a26513fc69b19f1c51629fd7bdf015c0c45da5de1d6899f3cc3bdaea7a3d7bf1d0e8a8430fdd7ec70f93d7bb62fab821c1f0e9ad564d04081a3fb70b43b5ffd990e53938cd34084411c0c11db13bf2e28c6fa299c720f3f68ad751c20f6d12ce79382a1d0c4bf3a6bd3a695b3040193eab3c73aa4ee751447a5a46845c86e22909cebcbfc8b653f352072aad19b725dae4cf4d1c8bfe55605f0eec27682a6a365cf2e3e94ff769c2aeb328fbe6f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (18 mod 64).
+# DIGEST: 60a6821269be6c5b985576b245f106128eb0b325
+KEY: 436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77d
+AD: f660ed82933f62be8dc55b
+CT: b2fe392acc286bdc73cac1aee34ecb3a3e3ae2ccdb065618e3c4a17f2b2668a2c11108b0bf8a8ffe20800a698e73c9b6ed4b0da61bf6fc22c33c75439445061e198f018f271a8698d87185b7df77daf9e757
+TAG: 7a3dcda8c73da41cca4a85a9bb5226d8a94f2a39abaad492ee978b6051961be1f0023b673348fa17eb29430a340b3597c6aca9304be30abc5129bd65073aec837e55fe06c7787f4272e75c32b3f1777451e17853f4a4696cedbeabb57170f77efe9db657572035af08cbde5432478dc339147d433457d3a15f8820515a6f267dcd14cd9489352e1561414e3e1e0a85129976c24dd016d4621af0058ef4e19fe4bdfdbbec370fed7ef641434eb629fbb16fbcdd117e9b84ccf7ada8324f9815e4aa42c12d4f0609060545997afd4e6786a0457b0b2fc73ff7856adb51223d2408ce4c414ef2afe52a3bb67be43997898ba846045e96a27acf3f1bec0b755e424f57c69774cc13ada5227c7642f563
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (19 mod 64).
+# DIGEST: e2593f3b6741a9ed9fa188fc06efd057556ee624
+KEY: 6965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df6
+AD: 60ed82933f62be8dc55b43
+CT: 8780167385b8856be346b71b042332368067d5d9420b3793fe94bc1ba92991756523c7a8e0114af8fa7296ffef8fae01796b47edea43bdcaa8832a08e823c45c1ccfaf1190cc7fc73a67decbdf407c72740a7d
+TAG: 974451fd4d9d6d1f88be4404869b435b4b687a1150b31a0671c93f52f76f2e4dd71bf4a3583f68ea5fa4a0dbf8c779f83e8dca1882e9bfca3e914e77ccbf40ac94769c44f9a8bcbc35a4f9920c6860078d369f57b407d353e8022263061bc974df29fa7c862f3d06213b1190cdd3e2091b2e26532356560efc3b21a499f4841869c993272b70f153985d45756a0b3250a1b91ee3f25a6afbc202f3ef81dc607068fc7214e69255342e662c64ffd8acbe86992ad20ce376d92ee0bfbee6a72a1f83f470d0bbf6ec22b364e842b84736d3923de92c488c102344fef6f78624989460a2c45fadec2a7bf722e2e6a34162363cc04720a50f0d309f64f9322a11b642b97f023cb82a521af6b1759d37
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (20 mod 64).
+# DIGEST: 17450a437efe239e1858ac4062f34024305372be
+KEY: 65aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce99
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660
+AD: ed82933f62be8dc55b4369
+CT: 2cd2031084f8742da110ab5d8f7290828857c867b38427c3f53be0dbe2cc94527d2f0aee90a38dee77c0ce115ef650b2ae65094e99ac9bf6da89e5440c1bb4f8ccd163427bb95b3ccd629e6881107d6c9a80cc37
+TAG: 026560a6675920dfb199359bea1a03ef0d7d67d359bb6b94074eef54047e92a0940f8eb5d08aea137b7caa73904b66a8c99775e0d859e4c91d68dfab271a9401fb650a9afb83ec4b42b97a74db1908fdca0a06603cde524524ecb3bfa15a96b6e250edb83e7c59385357c075bf077ada33489dae99c2e5d5f17cdab9d23dfae4171e564bb91e3e78d61dc7f1712c2a4431e9451cc1f58df004d04ec50f77a2681969ed91e07df4ec90fd185ede409a5387538b115107a1fe22bb999082d4341ff5a6ae7af33cb27a64eff64492a08eae3c18e5914971e514f55e65ca93a8a19d7d4c2f3df76232cbac674c480e9f4316a8df7ed9d62f8144338249732dc1c3dfcc8647804c13a03a59eab926
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (21 mod 64).
+# DIGEST: a35fc7d25f90dd9cbd35910d5532aca8aba88b29
+KEY: aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed
+AD: 82933f62be8dc55b436965
+CT: cea9c7528706d506d75cf085c8475c081ee8c6145ca11610b73eb3e103a706faa66062f8edc10abaa7c3edb3fcaf43c202c4812e768fececaa04564414f45816fa5c0df5b7518ea3859be75c4567565358293e9232
+TAG: 32de5af09080604ec6b6fc5a0a542837a54131fc87b1825666e5d56f09e15b76d47fd8086dab709567aacc3e59d395656ffadab861ba9a0e1c1b30321ce334b68724877ec6806245bdab9bc0f8e5af6582fe91a2ad95f7a6bd0ad1df9f9c2d2c20f78f2fb0bd2653fc8e8fefc9255541d789a0059820b30902c3e4344b68d4603b3fb8f5001df91fc9383dcfe76f219933078c602fe2813b9e59e8f996f8943c96c10f27d02f5bae69789870a61abb6c3b118f6cc348188495798b07424a750556a8d1e444b47283b096b9cd8b98b790445ba8ad8245a040a3cc96c2d72aba1474f949dc607c386c7cbbda952651f6d3260c82e5a06c517a89c5dfbefa069136e3c094ee1af26fc4c77e21
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (22 mod 64).
+# DIGEST: 73eff0f03358879f900b6ebd515f0f4e5a6929e4
+KEY: be477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82
+AD: 933f62be8dc55b436965aa
+CT: e967973079db00d2257d84817ff4c5faaf98024ac7eb71d22af3cbb92a001a558f5cce2e8c293d6dc2a968f69cb2731bf65954affbfdef4085123aa06baf0d80edd8d04ad4b1d48120f0db0df02ca13708f66a567ed0
+TAG: b8f6b6618dc8b59b07566c1aecf97a9933b6546fd8882d14cf75b2065f17518722b5fd77f9449cdf4feb87e7943f9d48b56ab891514f608767f1711314974b020804b7227326185bcdd338e3a9df31f6c3a0190b25d02dab04ce23fab918d6176814877ffba65e410bab2ae256d4f5f937458d24a144f3c45f6fb27e9f95490e95eac4575d49d7dec6f72ebdf3efd9dc6c83ead51652223b18963651b8d957b7aa050b022e4beac68f928de0d1094dc756d8e1d2b89a1bcac0d3d40f0f71e67b166a6a56d8ea91df5c930566640be524f187be2065127cd15b2417f7d80b6a8cf781e0e90c6ef61cbc902e935ffd2dc9e84c4170fadb6f76b15d77c72b49b8aa30ad1efabef37d55b4bb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (23 mod 64).
+# DIGEST: dd6cea270655225cb4f4231f54c19eaaa146eac5
+KEY: 477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed8293
+AD: 3f62be8dc55b436965aabe
+CT: df01c1a140da0e422919c0d34b231fa3cd767766fb35f8d78d715c44b9003e42cca112fa1543d74ac05e00da9b5740c03b5c4d1e558ceb8629adf3adb1771e6edd5b986094f724e675682e65af15bb3c0feeed8cb3407a
+TAG: 25a40fa2eda366cc951e8965249500a657316c33538f874f861753eb038dc5cce0425824f138abde55bade8b0500af1f61b8ea69d4bd68de3fc403021c2224635535bc83dcbb429a8ea6c0ca2687a34e02d1dc45e7bebafd26b4814c0766e7fce5238767280ce0424a3f16a30b943622b8c1abe4eb6c279333e9d8f7bc32afb915bc5b0328147b57d02d68584afd85107302e3c84983cff39256313c4462b693c256edbbedadc50a52cd2a3c8255c1c34ba87a70cb652d74d8375ede59a57514bf5bc50532acc8be4b438daaa2d7d2caae6c291ea2c78e27766b6e2afa2551f3287a6a2a4bf747a1706cd66fd724fbe0e7e81197b1ac612c05cde5a62fa0d5c43d01e6300c7066057e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (24 mod 64).
+# DIGEST: 34dd9bf0ce19eff890ecad474388779f63b0af70
+KEY: 7e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2ea
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f
+AD: 62be8dc55b436965aabe47
+CT: 889ed4c7bd5455821c5b95a67a277a197140816784e820ad8e126b3d3f0ddaca73e3eede78c1c1d3ff5c2a98c0cadd644393b7e3c2273aea2be1c6fd20374b71edbed5658237d819b5e4e206698c8cc8c12e017196776bbd
+TAG: 57da1b6d2a9717b7f6f37f21dd9c686414ecd07bc24619b9d35c62c3548586bf726bdd33fcbbf64686556d1ece930f37c6f4c8bc1931a10c50269cc1dcd95bed9d9edb0463a266e6e51d2d90fa9c1a1a4dec6d21663df4f4b99060b37441cdc09386eb785b7cb0183df692d7846483998269e36d06bc7e3a010ebc798c83a5de0c4d6201f2b5b7187a7d99d109741a19e267cbe458063aa1ee66c7c2e0449549d03a9cac20d356c393de63d466ac3e04d63b88c26768f0b3fb18564acb1515ce4be0829aa99cb293adb9a0d3dde529827abeae270611c35277a4b373fb099cfc86a99483063014ec189429a243438447c9cd47a333b22e2c1c84845b79e23a661d411570c510f42c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (25 mod 64).
+# DIGEST: 7db8cfbd3b29f96d752346eeda3c2bb0bd070099
+KEY: 0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62
+AD: be8dc55b436965aabe477e
+CT: 13833f78c9383bb4455972d6e7d8f22597e65de7dd01afa28fd99f9734366c522bcaef59c41487d84b3f84c1e0b7e5ff6de84206f54d5ae80ce80fe3cb68ea4edcd15897fd6fabe2a19904010538005668f2b05245e28bc0eb
+TAG: a76458445b8ba4572e8aed335eeb6ef8126ccaebe8b4be3f799e1def09f8a81fddc2ddde86e2d011c4b61eb16bb74cc5a2c7e1b6d0107f6b749b93fe9f6589bf4ea2444cb63f5bdd3b65827fff3adf32044621aa164160ac4662506b42b0b13ac148e09abc016102ccc988362f5cf64b969fc056e3f302a830f9a0b7f3789bac1c940d5cd7e2dd61aa3c6b970c3d066504093d658fb5f9ac7fb22ce306f5a9d495ca7e29d02bb39123b5387c43ed9fa1b8a061a339ced5a9393b7dc6401921d0fe424c1f168451286961f8ac199c3f8f8d4b154c89d290a27cc53695e082bbec8a338ee09826555a3fba8fa4bdb663ba932db800df0a1b570450f33f936cb71622854b84b260c9
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (26 mod 64).
+# DIGEST: 4abaa8453e8cfdefd918571a961d8351754ad5b4
+KEY: dd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad40
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be
+AD: 8dc55b436965aabe477e0c
+CT: 03065bb245ba12ab90903bc081198fdfe45d7d3c6fa3b1f76bde831917376ec2a5b2ac2cf629de6bd3f23025b678ea9cc3bd7801f5510b58432a8bc17999304fec4de7ab9ac22d75897cac67ed57e30d4745588b36695dd005c5
+TAG: 92877bfb09987df366759a1776b758dd9943472b933d5720e4d199002d4f3ffdd527c2cdb16993da7aec2ee53a24f6681c22fdb9f9f69a89704b6356441c6e87930b2ddc47bdc1fa0df00f7490c16e18a095b53288042525f60f0f37be0036f9a7dfa37ed3977456b3d8c4c4b2c47879a4495bbfd6a512fb59a40b20bce316ecc559aa825b4be8dbbc5dbe06fdd074c1f2132e954fb74fc97075e9c5052a0f86bb431f7fd99d62080140e0457f8b5deadb9b2528e61731488f25f0574283a1b30c80b2bfafcf0e4343ceb83dd20d2179a38866780025516e5f8216ab70c158ddfd0ad7a446969cc9f6eaf5c984ce8e9c38fd3b8a007a1c154bb4330fbee4329b8335f4ec4b23
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (27 mod 64).
+# DIGEST: 0fb9d7ffcc7c9b84f34661d472ae2d4fa25d3d99
+KEY: 46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409a
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
+AD: c55b436965aabe477e0cdd
+CT: 04c76011b9c4cc8ff18038d36a8c8b91debc8d0929ec173cfa5450f434308234e6a368f17a04ec0556dcf5ace0efb5ab51956d0daec5c530129aaa78309c3d0a04af17d02b0f91f70a82b2ea03522659f76d1919731ca52747da3d
+TAG: bb70d9741043c7d3d9a3c5f7d2dc1517a91729b54dc8f49291e2201331a24fb24ad212398617237c77de3d6266fd32341893a9c8bb42e60123bf3bd4fd70a065d6f3d0ae98434d8cda789be46a5e5ad05033d18cdadb36e33fca58181909dbd3cc1733dfb4b6dba689a66f19bbadd35f830d6af1edcbedca45b2810cc82ce83d39ef9d6d17aefec9b7199575e8d08df3ecb9a407b41a9c1d851e923072c96c5ffc60d3987ad10f27aab7792a198a17c8bf88c586ab11cee5008ee7ea769c56ff8d644b51059b9b2ddcfaa92d3b3055a4b3921bf95c5c131c2485d869f642cd14cd4eb9b73740534f6c48c63f76c6f1e4dfcdd9dc3c07593ee6032a98aa10e1b7f095c505d2
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (28 mod 64).
+# DIGEST: c68fec315401703e49722fe4b39cf28b14e9f50c
+KEY: be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc5
+AD: 5b436965aabe477e0cdd46
+CT: 5d9af50991ea21f041a766d8d9036073eeb0ac083b8069619ee50c64c661bad73a9e2ca7f8b49ad9df79e47b49ca3c8ea9dc254854f116a49959c91481ba96463521bfdb74902a4b454d2c6af72d130175c33e8764b64bc93955f9f3
+TAG: c3ccb45d8e69eccdb1f058a490d8de92f255953c16f27e21b49e4f29639452ff846aa45394972d895a0fcde901fee45211e835f6e4152de7475075e1e7ed832d45e0407eac1c6a0c88de4a9fb44d961b3be197e45af38a88d1070416c419046f6e43496e6fc1750de734c7773bba9b402dc96683d624117249f3d3f3d87f83a140018afde34dd5980e86e157d632acb7fa5400dd272fe74abe46652eab999b9ac1cb65a4a609f3bf9cf3c8434f9eca0bd440d665e772629c0cc76e0d9009e47f5667c0a0846ebbb1c1b23523262d3225bc23e3513ebed8f67c721cc0886efb251b374ee4e79f60c6fc7bfb81ad9ac88c0a782d3c4bb918cd21ca1f3b8e311f5e48b9e6d738ade59dafd07ca721aed0f6f7f98f1b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (29 mod 64).
+# DIGEST: 15e1aa5285beab679aaedbf51a86b4aebbe3d7df
+KEY: 99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae021
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b
+AD: 436965aabe477e0cdd46be
+CT: 182dc2f9f412f305a8fa4813e8c8eb7a41f9708efb516fe3feaa6ae94c89b4437cbdba7c738fb97ef9739ed94d988bd60af5359194d2b5f8a48e3f5482c3be294ae65ce803e21acdee157d436188980be8e58c95a7a5a33e427473d4ba
+TAG: 2751722d2433b908076080c82895c633135bed9c7486d2fec286ea11b279b5029784972d39c8732cb1631841a60e86ad8b17c41e9c0b54ea3dba7b15121532b7d7a7fe8f92e2280481c73590cc38bbec7888932be3d10ab251157ed0335ea1b06a379c4d19d7d860bba5164da684c9d0eeb20e65c0c63a60bf94f65fa4e0f61bb94786271d5ca588093446fd563a6d513d81d590244807ce399f4bbee2f09cd8145634c1ebf06bb408489fa362b06af21a934b1114dd8233c8cb629df7fc5ac619fe2701de7daf7d7295049e1909fda9864fd7cd088316be8dc7770237748de45c3dde6d476d233983392e1a3a96f9c6550d5a7df61e3818492806db44121c277df71b9e1e176e335a68f2811637a9ce17919d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (30 mod 64).
+# DIGEST: 8cc0b1164fc844e958e055b7ae43f2f95c29e8c3
+KEY: 371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b43
+AD: 6965aabe477e0cdd46be99
+CT: 0990f57d9a7e9b64bcee741e158eb5749e9d7b34d43c6429754689d87fc45daaa618fc62d3dc111e5a1a7a06b2b14c5b0f3e2e463085e80da6ce4a6f7815cbf871376c8c87a36555b8a74e0a14421e1e4d74f7531546369ca81e4585f86b
+TAG: 4e2e000dd4c6c0eac8aeb581fd352c8c8d4033ea944594afdaa87f05ae6be756e46cf27b7ee6eb01e9f4eb50918d2b438fc0d1eaaf7c6add8078a6a9d45be1e813c18b20eef740c85df67de7765974544f5482f9a0012192f3d84b2cf6c01141f6a8040158cf9ba03c5a1b580cfddf0a682955713a4cac6e0d3b6e273db3a91a1b8096f85fbc3c7a67e893885bae3b4c65d03d111da7e199780de379c6ee07a3657ecee397ce0c9d34ee5d39e8fc4a64c86a0d68182ea48b91c76f63011d0f0cdeaba4e1ff6a19686c5223a25a10af0fce79437322c0cab4786fdb4b93e687a1c7154bd294d784169b1bc7cc5c9f3b8bc3e1d8b808b448f926ce8731ab30a33cef85f57053ef081a8948178030a50c247e53
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (31 mod 64).
+# DIGEST: b51001b6ff9d27bccf3103a4961280e0a1406257
+KEY: 1eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0211641
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b4369
+AD: 65aabe477e0cdd46be9937
+CT: 8d7999ec7a80e528bd6a8d2a9724930c93ee5cbb0c888d9b7c79d2449e638c03f3143f1927a1b261d66ff55bdeb7ff6616da99a2155f465d7c91f54963e7cbda7b61529381204ba43c9681260799ce66fec9b0e9882fc0ab474fd9134adb66
+TAG: e9012cda52183ec3e658c42f819dd986216e84e14eb38a462e3db010070a3056db6b148863afa9af5849e3ae963730f02bcc2b419f9cb37659609dc730008a43c41e87312b546d3b67e1f092001bd8a1b81ea304126801f149b0a37d826e0fac21045be4087f76e3c44a796bb55b6e4565d44cba7a8a48d4ffad797982256e87b95f6599b53f2ad34299d90204acc139d115b66c78a2072c741c43c81bab9dace2c0088b2a5dacd917e75ff0de07ab5febad79eb5e0d03012503110bc0f62e2aedda35c9bed4b7c2131f96a4d0c9ca4d133ee032a787e499c92cd46b33e5bfb7f1d3de52db0c7e2a15232a7c3c064c90bcd23366bf982bfbd9694e92b709a86afa4c4a6eb8d5e9b48a20ef409acec78a8c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (32 mod 64).
+# DIGEST: aceed075f31ab159f6610f43ff0a6ed3a359bee1
+KEY: b8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965
+AD: aabe477e0cdd46be99371e
+CT: c3e61ff897b490847e6539236d2e3b208baca2e83347b7ea2ac714f65a409638e59a5dce5c3a4109e6d6cdb8a232f5f8a2577101f9fb53aa50918f924c1a5361ef98d6672258b4adb37ca5f30d22893dbde262fa9cf72d2913c1901d70a0b7c1
+TAG: a49c692364eda34c22ad3745a4339244b687f596bda16d4ff61c6697996214bffc78fe54bb30321d37f17a7ee146dd33771b9b922b475ed41e55de39f1573683e4c8147a9bc370d6f75882c991073181d3f5eaf31a9cfe0dd205540cf6a2b6c0898b3d1ebe351c7e036e136088fe88a07e2c512fd488dd5dfbaebe10e6627bebb2cccf1e9c985ec9f1924abd91d29f0862403c24496ba6c0535358de379a60adb764fe00f5e09f3487b075713a85452ebc21205279815653b39af6c7d84cb1a10178006c1b4ee3e53028c09ef59817abc2335fa2ee7a56ea18e2cbe533b7d30c80609151b58b3c711314b35d3be3df1cb6d5cddffc316a940cc78ba1734da1c09d1d05c2650ce3a0fbd60bedfef7a83f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (33 mod 64).
+# DIGEST: 976ca4c9819e25a204a024d05fbe7420f717bc58
+KEY: da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aa
+AD: be477e0cdd46be99371eb8
+CT: 1944f256989b6acd7dc7c334d10ce71d9f2980cdb6adb03784061096955a3e10efe7cbf1c0aa1caab97cdeee4d08a8ff34d68e1b53a0df58e79a4c1d5d9b7eadb2430c0b8049b6c43a848fbc5e5feaf16c5ae08da38f973b18e33fde747702b882
+TAG: 6e0c7a079e170b669fd211bd54c2cd2c51bdd5dc84c84e0da6104dd1d5f6e8b27847a4def48c030c515b680a5db67439f300d184d2c8fe18681c7fa25840b80f53ff494fab5e1694a604c1c12b3b113aeff88bc2c5bd31e84cf5474d6429b4cd08241e94a7f4276054fed2f2a0d863eac2671c9af96045447d6422b8789c4674feb8fb27098b5ef613f08573184271899f735af845e6b7ed9dafd4524247178415479fd60da081ae076331df7ea141df29a086b76bbe35dfd4f983e45b2f1316cc27d88c48b87d2934833eeb5bde5df0866e4a9d8894fc275d6677eda6ac6b41a0475aeb9a55ce7d7a04820b581e8565c9d9919685bdf0f163d77ac45a15e4717e2e716e49ddd079f18295bc7a05e7
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (34 mod 64).
+# DIGEST: ad8cfe7556704bb1974e94f70d8743d147c5c3b4
+KEY: 7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0c
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe
+AD: 477e0cdd46be99371eb8da
+CT: a850ddac6117f7b13e15c17621fc7c99f2276ed7337cde87ada287814150f8b3f3e8ba7108a1237fa6a9ddcebb07c234660ec93b8279bb4614be85c5973603568e885f5f8ea102d0621b5ba77fc58af4285c15996d6868c520f3e09ec5b6a468cc82
+TAG: bce897e6a5dfbd940ec2c477af3411901f0f2fa9436ff3b4da7354189f097d231b95741788b45e9a56e7ca7a41b265489578bfe8667b1cd64a2ddd765144e770ae13fc2e9ad24575bfb97e0e012869ebfb52a9c7e181e79bc260442d166550435dd5c08b131ed3850f78a2e1df8a1ed026d9310a83f0b8449cf2baec42d7d7e31c4ec56d9d25246b34a479ecf8ab850c65fe8b2a6361fd185c25d6f253f556aa46825c535a4a54b855148e032d3e1ecb8d501802db1eac194a4bf7f3c70f8b8c33cd88d3362476e2080cbb4482fd9453ead6dc62a0dbc0649e41a699c53427ea8ff93fc9f2353356f695642ce7db49fffca401e9c275365dd0a339e3970d5810c5667c234986a65e1ce01e827e27
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (35 mod 64).
+# DIGEST: 1dfd9608adabb5a55e12949f1c4bfcd5a77cb703
+KEY: ac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
+AD: 7e0cdd46be99371eb8da7d
+CT: 0cc80c78b73b1bd898c6af38846d32837ed0712ab7cc48b01c6dd831f37237ca7634c90aba35b35da59b60aff8e6b9a622f5a481c98c03fc76c1375e4602e96c08a465f3085ec86b0a8e1ce8757df761400be6510f1cdff60b05bd46271650b9e5d5e4
+TAG: 34a24675223b1e1d363b941da5d1566dc42a61c7c239a6684a497e7ef90a78d29c1aba0a9be91a8cc8a7cd578c77e62db1234da2b913e9500cf81df22cf481ee43f0818be959ec7fe49aeb7be270d227f633f65a003b19060ffe8bdfaaacd2c20ac65b43254252fb2fa8d2264f5664f3fdfaaefe7216c3f8bc6957656d218d5f98f5b377fd675a21d16769c499b82d4fa54be52ef8c96222b83fbe5bd3b456c9d181cfb5ce23639749e9e22dbc3979f07910b83c200c82a3dd449e5ae47486bd7f2cdc26c3beea2d3c490a801bf587e323725be1a76c32396e5c5ea24a9933706260d5aa16c847e00bdc5d96b0b96652a2c73e6141367debc228af6f944bcfd65a9269a7fb8c912c25ae2a6e8c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (36 mod 64).
+# DIGEST: ad2b43eee27e6267d8c5c1c3d558a07dcd6b1f5f
+KEY: 997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef45
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e
+AD: 0cdd46be99371eb8da7dac
+CT: ad918e7428ca106cf043d6626772cd45ce998f32fea28c3253fd58f0fcc191bb4cd250b5dc6a7b352bb2aaa66601e280576fa60ad8c3aa58742462955fd7f33ddbbb5036128617c1fc3bfdf83100dfdd069042ad1887c2821afbcf822756226c69779d88
+TAG: edae83839ae4bcbcf7da661a302815b024d7576e65ecb70c183411003b1d6c769a13de3444f82c7783ff5593d9983b369833cab8dfc80120e35bc86d3b00c307338163bd5de5863a1f2daee49b4f535ce455b131eba334b7c995dc25640833c6c0a7bac710ce37ae2b85e58179b57218e801c4a7e5dc19cb3c841c11c299a72efd9cdf249e9c4423cfff588895e38e5b2d166344ba53b083da555ae4a1e0278f5b7a557e9aec08ac70da44858306df69ad968c017f8b4c24a0b562be19e1f6416841387ee3cd9c8f7c8b3dd1fecff0609fc77c4d86fb1e387cd1932775e58b928f4022821c0b9dfc43912fe0d0755b2bc2f88682f6b11eaffb6caaab1e295755d1256810ce16d70b306ffd6e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (37 mod 64).
+# DIGEST: 3dcddb1e4f49633e7b7bd36f4056d16c53be7f5e
+KEY: 7deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0c
+AD: dd46be99371eb8da7dac99
+CT: 8ef4db8a8444ddd056428a25b718aec0258fe05b5fe8d6d972ca6762875c030fa2b4822cf03e797a53046749e39646c8c6b373a1d77287f4124c19ef758eef75db8e4e03309b3d14e918bfd9499ae5c9e2f3079ab7da8ca7f00ab69d14ad96fdba1c58b813
+TAG: b78d95ae68ef1121b27bf93eb67605bbcbfce1e0293fa37e0de4a959cc0a1a47a374f6727edfa9aa5a330e5c3df90a30d371304258624e8015a2fe7583e362f045087ac9ff6bfdb5371d9fc9d55f7dd91bf0310450c36d33538ad5f6057d0c8a0896217643c4f95ed6c93ec95dc6df838cd43d6f60dc3d48d489922dcb1fadc586dbbef4200a6b1d67d2024493fb4dfdaae7563edb5ae93fa2065d750a10919484fbb1389f93d2f28b62c8c6708122e0abe0ed22ddba815da8bd80393fe274f545e463dfc5f26bdc207f3f056263e799b3c89f9c740748a37b7f28cdfdbd9bc89155e466e9a1830dd6d0a206d27a588c56c3b6dc92d5202dd30ec0a2e1e31a0da1a5ddd9d905204f47cc25
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (38 mod 64).
+# DIGEST: 25b982a242f669c013cab1c18da425330090e3cd
+KEY: eafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd
+AD: 46be99371eb8da7dac997d
+CT: c107710a85a49250f3a4401fdf07a44f96560ca5e71d6021075b7b6e3ff8fd6f36c652f186dc82c8a21a8a743dcc007e6710214320cb5c5e788f8c5b020e4d0d89ec2fb780c9ea915966b9f9b1e2cb0f26fb6bf1aba6e6501f2571ef1299918d4d2e6b367e22
+TAG: 3e7739cc9f98881f03a99d95250d460497e445cb24b4f8783c0010070484f8f379d74903d9a99f6a621791763af4e8e94ea305642643103b2dc0a0c1342f66154a0b4c4cac63e79d7121a2a44991273a9e1111208b3d9a5b6d11a6a28c83d16c9099d0a0247bf4670717ef0e8e6bd4e48c893ae189cab4f916862a8ebdfc0cb26cc545a9a08f01f8b4ce545914a35924f728c4e914b8cea6588116e9ebf592d4709e0c4efc8f0f8379fb30e35e36bfd68946ada030e35af5ed510a6061471659dd6780c1356c3dee7f69ab449a402456b63abd7e7763b4020db5216f099ef78a2125b42fe508cf94976b8e4e9ed65b38c254818e6aed084c037efabad7bd348e4e16099c7709cfd9116b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (39 mod 64).
+# DIGEST: 9d7958e23777ff2472f5a24dea5fc19c151dd921
+KEY: fd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46
+AD: be99371eb8da7dac997dea
+CT: f90604401a507574dcfe5d7c5e0c36c5fa65d9a8f0a25daaa9fe5c50ffb3758f52c9c883c2f85d879f26845a130044d395b58497979cf24a9e18ee1f27d1eac4d0cd994a6338c5755c74419111b2bebed645c3d8b8071a7b5304eab2c33777eda01ce489f4a6d2
+TAG: 8a94c9c05afa552672247d156dfc8d60e9e3e1e9eaee6e58c8fd6c1f9d41bff32571526cf035ef595cb5c5b2d64b2a98bfcadebe5ff66a6a2299af8e00fa27e621217c5ee1542a86ddaf93e293d01f20ba5f9093c1fb7a1b911e659027beceb9518f59d20cc54f958945dd44ec38f73fd475647a008de974e50facab9e6e878e3968249a91b4f71f4f86486d5e3bc2abd6dcc67989f58521ee78214dbd29bb7aca0f601842b1d36833748069e409c58de54f7f6e6f17b9e05127568a1566e70254589675f2802c153bd5106afa59e00ac753fb9c3f67508deb5bcb4e25d47e52852acceabb8e5e955e16c0b4448cd313c73ee2195f185f8869165de7f30a68efcfba1adab85e2eb975
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (40 mod 64).
+# DIGEST: 09e9eab51bcb9faaa3bc3e473ff66b06e39653fa
+KEY: 64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be
+AD: 99371eb8da7dac997deafd
+CT: ff258ef9f318036586c5ec9e956c10c9423ad3a8a5468527c02bda6878c45398b0c78f3fba4eba3785282b3aa4586d31b238fb941546bdd6e3d918444d45f79b2a5ce3df0e8769a952243cce1f17f736d21e44d8d49449e017e9aa5ea20863a2f6b2f7025de029e1
+TAG: c113b619c1829f799e045047dc1587c35eea2e9b5735e9acffb8d5250acb5340d7e48f261c58f6e1dfa213980d35df3f14938a5d6c20908290444308c31cfc08d07cc3258a5221e3c8d72031ab52ed92cca76a189eef780048623f82af821d521b0489068af4ff2954bd73dbccc6d6d4124760a5c71fbf88435af2ef8eb24197c8d7b23358baa411d87dd4439249fa80b6f00c4a4c500b0b7113151bc4f385233318ccb3bdaf779d41c433b2424bb3651db990f9fa72649d657bb823f0e73fbdf08e6f81aae0552aaf37370f139e85da70fa52422fabd155d567988d1d2b930f89f72725d97c1b1aaa67217c552ba1b6a51cd97bf2ac7017a2a97298c6d86bab809b9b4a7e1776a8
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (41 mod 64).
+# DIGEST: 7b17b7cb19107af8fc4671420e461060e2ef3e61
+KEY: b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dc
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99
+AD: 371eb8da7dac997deafd64
+CT: 5e654ee6344f96fa117a2e1f9cdc08bfaca9c83b1c4d61891e49077c8ae7a8aa604e1b19995b32872087e04a59ed367e42f0ad3998cc2112035b33104164403a948ecf73c516f74adaa57688cee9417456f996847e0c637120478f7d88288b5403f0697c4834e4ea7f
+TAG: 363ea1d1325e86bb389f4c97a844b76e43d76fd4750954352aa52f5cd174c3d902a71a8265fba870b1b0e3a1add011914df362dfbc8f075cb45d2cca5498b48c49f0872f8371bf37e334c33dba4170d101dfebf14a519d37647748d92ccbb24774caf56204c1e7efb4b765b63d5ccedc308ccf06bf614e7695bfbf9e416df526ad21c4fda82cdce18ea647b6f99fd2bfebeafa94e8b9e83fb2d85fcd5f8456ed2e374ac383230dd39c528408e3b53a92a3950883f6eed412c1a5875a5db61b98c089daf3419522fbabcaa33479d4f0140963f1bb788a2471aa0384b44c0c69a4fc46a892f9ec8cca4cf0d048e30eefb1a74f8fecf77a4d61f97e4835a85594d1df3a345f720fca
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (42 mod 64).
+# DIGEST: 48586ad2eac603c136911b28e2c69f101a8ef371
+KEY: fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be9937
+AD: 1eb8da7dac997deafd64b1
+CT: 59201549a3446dcbdf5c3fa8db930606f6e9bd374d8405e15d55493a82035491811f784fd4f0e3bdb6bdd2e01558783a00b32c53d7be31525343a5a2d72921222e32891149f8dd38303ffb584485df15dd4c6917d4d8ce80e1dd5192f30770873895a0219cafbe8dfaaf
+TAG: 30b74b701e2777b537a16fa9b2d3bc9a86d718a4440ac3a0475eb675b352f215a847a286f042285b50764d14ddd3b3088189d7e26b96cdc33856347f3173c7cf4c9696ad560773e65878c4f8db001bf66a9e27e7f42593e9dc3f206e64502b4a11a235d5ff29cfeba3fcff20afac264c691a847a0b6c599bd9f7e4a57179f46b3880fac1b6cdc10444ee5875470d25c8a7bc20196aec1f028aea628092b5ecc973a058f083f4157dd9202d1f6b09c72374ea668041ab18045a383242b5e96ac127f6ff263c15d0a4999f61153ffc5d53bb77ed11b5b8bb3f2071b8ab14d92d161f7e39470913043b316ed3bf9baee35f8594785ff0f99a39b72e918bab81c49ec6c4c4ca459c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (43 mod 64).
+# DIGEST: c37456cfc543ba6e5848b9b8f4ac5a58a104b521
+KEY: 65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+AD: b8da7dac997deafd64b1fc
+CT: 54a2f87f11c6597b3013a0de46b61a8fcc28ab021465178138cdd76ef01c2701b3a48ca4d3cc885173bdeb33b7b27f9064d2f09ec187d0c9c482522fb29bb421595589aa69ec2ca4155f503bdb8f0f8d4d2f08531c0deaa386b9adad07e8aaa351e76ab938e435c7eee05b
+TAG: 2b4f8a42097dfe879397a6fdd13c8e2611399c3c53d5cb5c0e41a4a49b99522b127dff5bbcdf4a5c6fa79440e8fecfbe1df30d34df7c3a399cd79164cd39ca50a3bb6ce2b95a46a3f50e47c9041dbf8f39aba1e807f66984619c62499bb5f0bed727c5214efe67ae9863b99daad6b2814484f9e96c3f6aa5a31417624052c69252de37d7f913e5a2715459f945958adef369e59fc7f704ba9d9646870561efd3c1bea0ba785a8a39698d7ccca3e0b6a6dc3b2570650ebaee1e133488b3a227fa97a8580737cb4852ae3e04c11df82816ec4d6bba8f9e63c9c48383466d9d145d27d18358e822af696a8d7c7aa65e2bc7ac32204a8271684e3803347423608666e23e90345c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (44 mod 64).
+# DIGEST: fc113d192686652653a15887974eb1f9b8e32248
+KEY: de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f2
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8
+AD: da7dac997deafd64b1fc65
+CT: 0f0483dd1e9ef91f215f7f9817b7f82e0b96c0d3b2996b2a1d878d0be3a70c07a4bbbba3721e646405a8a7f44347557d482d7899044af37f6df054070eb4debf7471072af1e4c98dfb3c192e956b2931967d7fdf200b464be1ff1955a658bf86faa659db9fea5c63d26c13af
+TAG: 176eae7a290cdf30272c219178d7a011400870bfb2ff611142d4e16fff9278cc5778770605f8914f09c3509fb6ec23bf5cdca390cf8dc0390502b3ac3026c47c167079f12302b6ea7eae668b6dac95a5541124aba8ecb8de4cac6c21ba17a2423ed4aac69e3292f3f4f031e9f54702c432d514726cf02ed646e0f60ed672b5f212e62aec4e51c8b8fbad3f1689f1b7dd775111695a342a279f7725da6ffa0e5a2ff5550159208bd30d28267c600e6b183dc1f72fbb4fd8013c5b4ec93f19dee5864bd854df3cabd5c813d4e3ec083d55ccdad4a0178e5d6cd262843d6309059033b987e366e66c67a3fcbba86730b5fcb4786989f86ff9b8a7318302123e0d53152a2a82a7cae76a81b017fc0b883ef6f8cca921
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (45 mod 64).
+# DIGEST: bb6e5b5be84ee383caac0378cb6f541726ecf61f
+KEY: 39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f256
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da
+AD: 7dac997deafd64b1fc65de
+CT: 978a10e04037ba7f0dec2576efaff6e5e4de5ab80b4b0c0b8a6209e22da05b8be0f832883e371c61c23b5bef969c004bf2a0f0fc8fbf1313078e12af2b3569a98ae5ee76a9bbb6da6806be3356c02dfa607c26094fd876d8f9dcc0395f3fe356b0a51d1f59582a7bdc7da9971e
+TAG: 9b37a729911834f666621a052c9d776f126e500cab45ddae7ad020874d77976af6ec581efd91dbf46ccf346a9dbb3a42d08d23de1cc074788f6887c0b15d98610b19fd2c00752136af3faa32e933518093d667617ae1dfa4e4527779bef7ccc9a1b82d8ddc0eb1d7d9247d0382c6d98ab29f60bc897d28483f1c69fe9b0d37113d237f7b3c3509411058e1c0f36fac6014b6c5937ef005a7fc2e3352da4866384d63c6aac2fdf74cdd16acf782022e4c5f1fa528cd6c977425ab19d800664577b5e5cf0a82e7ba75716c75bdf87eb8c7bdf7346c89d453bcff89ed0b93d9eb1452b72390a799498e31ae691460e5daa8ae3506aab4877cb82e3378874c6c97064b33f969786ed84e81cd1c2e2925b56266ca72
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (46 mod 64).
+# DIGEST: a27799fc2e00e7abec4c5939451a834c4606cf7a
+KEY: f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7d
+AD: ac997deafd64b1fc65de39
+CT: eded0eef58434338153caefd914cb98ff516157445bfbd25c3c5cbcc0ad68ed1bf049ac292da027acab0310ef08d66040341721524982165cfe7f6dc495f7f5f36cc410470e3b42045b718f580713dac8074b0e76a0345d11c94a9800bb5e5eef1cb8d9ba5818799cd1ef69c4ed1
+TAG: d7459df78edeb89e01ea8d685b5780b94ac339c36750f2d5bc09009c12a22893348bb74f8c38f96451e5204e0d940b9b84c6a89eea61d6a78eff111b806ad4a50c8456d13f79288cd3f3bdde755083dd64d13e1c887d8df5102deb5a23055a02b6cab1021efe6add18d00be8c3afd6f8e80bc539c76003caad47c1cf95085bf48bf9ab6d487ff4cbf5bbbe0f2a2972e6a165a2e5ad230f58fff76fb8ed563b810684daf4b5902ec8cdf2442c323e7c7630129a89432a1795380a949f1113facd9ee148e2d38d4457b508155dba0d8d4812aec13d67050e70e2ff98a1fc1dffa01dcc7eca4349a0b14f2507687314c49b3fe7cdbde2ac840bd8ff7fb7c36a037e7b7de485183fdcfda49a2281645ec1b153ba
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (47 mod 64).
+# DIGEST: f30eaff92a640a397f98e6803623e8d1f0c1fea6
+KEY: f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+AD: 997deafd64b1fc65de39f4
+CT: 7c433fc5255dd1e11f67c499c6a89c16b4b09355818cf304f11167bef253dc60c95486a840c3a8f77440f63a5c6a855931a90eea66a281d51d4198679e1420c824ae5c8bc0231444b65b69832b84c7b5ee2fb8484ac08727eb0cba0c14e7e0a9071cb0cdcf73d5d83ce53bba361ee4
+TAG: 2e73871e9d71defb381e4e7d49d5d45880fa3effcb0cfe673ab52805e6273723cdf99557ed9ca838aa2229fe8eeadf7c6d94c91e867ca023fbb2d2835e420a3b026fb5e3915e38a7ac02d43a8c6ba8a149e99abec42967106bff6c80adf9be5c76503c95053c21472b9a338ed4c9c11b161ce83e2d6190f87e4dcf169e945335cc5acd699b983629d0bdc452f678232be0d31b9f231aaf4c3c3df79b1b8b2fd8802df0b71cc5e26b2a5c5c5ff0616bdff6cc7b1f09aff68d5e15dc9d61c1cb6a2c9602eab7794eb77af8bed198fadd854e8f8a47bf6bc11a8f75eec584f1901fbf012d1fafc03604ae49f9585272845677a1cbc27261d5d7fbe9bf1f1c9ea42c61b110cde99a3a602fc9eb6c825656d804
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (48 mod 64).
+# DIGEST: 7227537c0113a9f46f7d332a0b37ee5303483d00
+KEY: 3541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+AD: 7deafd64b1fc65de39f4f0
+CT: bcdda7eecf3331f4e7605cfd33789ab585318bbd35047755402372403a4df125e7f5bdf857e49a3f74cb8e824576a226c1942fa86de07bbf564cfb384d8420a367963020613dd2f6bd4f371ca1b53532a7015dfdabd07497367aea8db92981418eff6b51eaafe2b6d5b3b4d1b8b95659
+TAG: bea683141d42033e86b38d5e0614716ed53b7db5df93b0aa48b15e0111a46ee93c2971df88fa885f8f32e81222d9bb4b605640395e37e1ba474a17f0df48c488dd5a6051be2323f462cd94f81261289f076d60cf5907cac601e2709dc191a9ac5ef784733140ba8d45edded7e58d7316f92a9bd5aa86d6f8441604261a38359a8cbe57bd95522db7029db058a8b175eddaf8f258f2f479b348451b0786f15336e18077ba23eac377ea367d7e1afc08607ff63be2e613fea2e6097192ab41e40342e36688bad628ec273897c86e75e0b83d0d85fd13e850f29cfbe171a8d1b33b72a344a9e2bf292f0dad2ca754d45651a2067d9fb18c7a1845a9c145d4273ee2197dd0b4da66e88a7425a72fd541a78b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (49 mod 64).
+# DIGEST: d76570385cb65d30c3d636ff25c5efeb8d1ea08e
+KEY: 41a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d03
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+AD: eafd64b1fc65de39f4f035
+CT: ccecdb03830e84c5267a5b6f68dc909cafe94a1c872602961e8467b4b2723af537d79d723fc4e8f0397fe169186c23f50cf9e78af3156f507bfd38181dffcc05695583863d8a167df062cd16aeec0cc548a7b5e16b148ced8bc2a60a33a583779fef6d7160e0f6c31a03b8a0f1ed8e18e9
+TAG: 5175c37f295f196bcfcaffb35c4cfecd88d1b9c773d3162c96eb74a23722e599ac728ad68e2ac70369e0c6d212826afe93cbbc61abfc309d3f4a6f0d22421e02d711a6c97b6592b561b49ef5f6516367cbd966414d9842eb963c79bd4a8e1550199fc9cbd58b5fa5b898db2244769a950ee62bf915a074d5196732ae69cdaff05266bbc049903f5d7c702633741471bc3f8e44a426d201c5ad5987db33687db05a42778617c253576361fcbeee62707d9119cc76fa0627fcd65df7bdfd26469bd4e0265355cf885e2e515d56307adb91be258befc45ce8b238f6177d24f38ec56f0d64a46124161992a30f8a64355823397012af08f1df378effd1f67fb30796956fcf28b0ff35f618060a955b6311
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (50 mod 64).
+# DIGEST: 170369666d1f2337b29b5f14af68d47910388e7b
+KEY: a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+AD: fd64b1fc65de39f4f03541
+CT: 2828ec3db18423dc583c7ac7dc5231da07af1756d7c032a866c64155626be3b3a686a93699023f6e421da24596baf99b45244d07d86a8973450afdb87ff2e9dbab6fcef52cd476f1f25f27f6bb3abf9b406704a14ce9682613125139b238d985ab8f68c17f7b824f279c01d820fb70502dab
+TAG: 6af6f94f0ef92665d286e08fad2845c4c43f985b0cd0f09c6c6b4899c350a1a342f024c3ced7e54bb00b96d0e04c6d484e95b585a687258f4bdd1c00eb1d3f44e959b2dbb1444a292c81c92e3b1a01622fa377a583117bc2e170ea8c033864fe7dc09b7a9b1b5826ac8e38fd5849ac9024bcfb1c587be93b3da485adf297a77ecbec2a88fcd82e7eb952b6d012ec439310f624fd07de7bad33a5a59b72d88cb454d5da32d52012258c8754cc61dae82b26f8d6df7a4ca384ea88a30e12d4b07bc413791cded177d325c03a5a6c532641ca46ba2560cb3072733282305266985bc4afac41b171b28aae50266a00afb5a778e1c481a7799f29ba588ed3ebc65183517a31944921ae3a040731666daf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (51 mod 64).
+# DIGEST: 7c52593d1d37b0dc380297231c6cb7b64e04c493
+KEY: 1be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb9
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+AD: 64b1fc65de39f4f03541a1
+CT: b463f7f24871b617a1001d2f73f9eb8fe39b5fe0b382d420af876defd68a893add2eb6cac45e56d669f4ac67a943a3b32daf0932072bd701f9291b5020bfa9133d2875d8f6ee78ce8c49d45b80329831799f1eee8c712683300e49c57dc8c1ad0b07465184483d669b04c183976289e3ad6070
+TAG: 2e8b0999a7792a9cfe5148a8730e28ef92557e1b5d9c318d27d12fb1356fa0dff3467e865c530d4f20fdb765f7ec7e56b7ba28fb49309bdddb413182b07670cba711d6e5e3c086b4e4211f0f19666590bdc9a121e1430f6b0c64c07eff2d81e47a02d375fa46bf8d6fb8708f3a247287b595be7aa19414e3d2d39785a0bc8ef46b547bd4805a8460fdab65d81866dbc496581ec548c51f601e13289fcf3e45f1bb4a7777f9a9243282681aa1c746fac4a8433e1f477950eea76c24d318e95f0586eb5d21a16f8b2b58a14c4780eea922b97de4b1ea292f842c662534bea84213924e837cb546c26f3bc9951eca7593f4f01e3e6360cb14248d127a08d5e0b77f438479035769e0e12c856bf3bb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (52 mod 64).
+# DIGEST: 09a1659100052d13bebb4defd7f54f975a58ae2b
+KEY: e112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+AD: b1fc65de39f4f03541a11b
+CT: adfffd8a654da994aa8adb618cf69b25ad5dff201cd3a84314796e0228ae3e01be77cd8052e950fd74e3d8fb0066705874a7319dda8bee7bf7748ad844a70b1ee0d774a6156fef109dba8346a68b48458728ebde458e5bd777a26291f98cafb175864fee2d335fe5a38f1738df9a5aeb13f25442
+TAG: 0562ed87899d06eef5f3a7680c110360e5338af0b78416497e18291d4e8a75a219942acedc7d1493a15f6d35d1d8cd27b2bb26bcfd58dab2c747b4498ce1e56568226987124448509a7852588acf2dae587f0d13ca2ba54c50ea37c10e6c525b04caf0aa519662f258dee7fdbf17568ecb924c0f26701dad0952d3a57a8188d046439d7e35d73adbb39559adef95017029a9f6392d7282a1c84eae663d840184da4bbcbcf9c262d69ed2a7743aee175150e03bd3e6c38a8a1a762614ba2fbbb631ef56ffe3746dc95d9a15eae1f4f88e3180569e73b25b8eeb8474ec8dee041cdfcca5219514c5125395d83de633bf5bb05e4771e7a583f4e6a6d20af36235090454f8acab43984fda3f5740
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (53 mod 64).
+# DIGEST: 230c3353ccbd95e4f0acbbb0073053a0186f833d
+KEY: 12a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+AD: fc65de39f4f03541a11be1
+CT: 985481677ae867b2427182edf3de86d7b9956a4970b107ca7e01e90ee7cb02c6b9a46212e1b8ce67e7aca5e2d96272c2f412b5f16a7c1d00fe597f1390c3a686724c4846c78ae66b26ded18adb40f0d74c33a68032b97d440104cb7acc755ad7383c16013ec7fc519b293e4c624b132f91c44202c7
+TAG: 62eaabaa53e386ce7d064c718e4761d14092263af3027efcf5c343ab46e1133d3131dc3cd7dd6b8b8d9ae6ca172fc10f5887dafb169aab9f0e7eda4a5b3436750ccf47f2e3e9965b46f3dfedcf38d61dff3cea927bb3ee8509d6a4288f2879d04095eab6b9e154d0e22da31cb51638ae978a0c5cfdac346ab551d359fdbe9aa34e9ceb15051d7e04e9788240a030c0ab7c19d00f32da1df539f08d158f34a1e3fa6ee8d10ec0d99675a3465c889fe2b6631ff2765a6b83f594315768fdb30c27d2747a6e9d4c5724a5e93704a1851d606dfe97150667309b27503b09c85d86ecd83caf1ec456ac19b7fa273af74714611b3e9a3359354c7b983d700775930bd90a629d88a3cf7cf17f5058
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (54 mod 64).
+# DIGEST: 701e141608e71005d32dd1e29cd068aea736c9dd
+KEY: a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+AD: 65de39f4f03541a11be112
+CT: a06030a844e38f9e049bcf318b10e1cd2db6b60a2611cf9788f0c1fb31a366d2038b3a1692865b926196594850807895523a851a993b77e49c911f840f28aaa42b4f427eead4e2a578d57b101bb4795aedcffc58212e0eaecadf503e3b208eeb72d53072caa44677d6667a0d22639db7aebc2f70ebb6
+TAG: fabbfe986fa42c58408b2f008c7fed482ae568cb39c938aa531e49a85ee71fced2cdd2ebe97a35295977ccef50433b41c511d424a47274599f3f2a28678a4936c1382d6a9f5d41b4266ded97a2fb11ce4e4df03f9e976675b9b35eafbbb399eb86a79a8023de822f8c0d83da5516766f141f83d8075a77e7c55e987cd181f02d8d6f7c90775bace579d25fa1a969e4dec07a5ddbef63c67b6d76bff54dbc7fb87f8af639c392a8a32bee35255e24cc63cea90445ddbbb75e4c594d6d1441e198720c2fb7674822e52d0298fe24c6e1602fec34038e62a55cdfb5d3fe6479fe6b02b5fe648792636e03213e402f02e2a3cad928996e4b1d2fecbd97ec5ebac5ea2f9c4989599648b0577a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (55 mod 64).
+# DIGEST: 9aaf96b472ea76fd9ff4adf56dab5fe0400d18d6
+KEY: 2933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+AD: de39f4f03541a11be112a7
+CT: d934f61f94d2b0aef2b63668352d2af2db2e225d0c8dd86b8d7c901de7425dca2a0d2f3bae9dbaef4946d18ebc2d9f4cff5c268cfc80b89c35f7b1a3de12173f9377a7ad9b33751fc89390cea9b44e80423702a9848c6d2562d24838e3b0511b81a737a4b65fac394da45f62f1f3b2bfaf0b4f3f0c5ca5
+TAG: da6ed936480fd159c32347d94a17ae7bf9344d4bdb1bc0921d85456e9b48a2e2c24769bdda1cd6bed0b44e980873ec3c79b4346849366ca6d6a77e8b1091c6657a009691733da37706c0f480244ec0c7839648cd0eb63a28eaacdc8b60b1ab59f7d83bd142419a5a548df23f019e560c0c9a307b4c2498f69386eb13d4dcc64ca77c8f5f7c4b6e0c18a058eac72426ed4d541477e3a036b9a450af234670c94a4ceb7cd19c9ae113477431fc2ea30738a95c5753a4b8de9e0e4e1a0f7d52f67b2957a39ff1c6eef88bac3b927ab004d64f3522e0db7e80d27309b864996aa2bafe615139732cd492608cc128295132a4f40a70f8bfbb5b18b2fa45c55c87db39872bc5c1e3300f446f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (56 mod 64).
+# DIGEST: ac6871d354eac507556770d8b6bf10b5240273ed
+KEY: 33c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+AD: 39f4f03541a11be112a729
+CT: 413d2c3fbc77845409ad66cc13432824ae4ae109379a9617e8b93d4f9b17fe0d0450476c3f98c229bf35e86fa792dceb4b3864761dd442c294e43b1cafe1fe086cd1ca5e1572fe2b3753c20a74b663b536f6e686d9765bafb10566f2b5cf02ee24e3dc69cb2be9392c991848b840418835603bdd83b2cf0f
+TAG: 5df250368694b1d3b11119d8c787df534fe4526eb31af32c9289b0eaa4e9455b5cd4a44c13a335857f67fd2662317e086c1a299d794830ca08ca99df1aa79c8f49589dab551cc6269129b731e4d560c7e330fea2aeb5f06eab87738bccaae53b9661a78f3f08986f454519097a6c43837931a56caafd581ae52343dcb71b98ee0b36cb7037a1eac81f308f292eca92ff2c13c3b807aadaffc832f43ed98c0cab6174639b1ec48f3e8e3736f7a20069aaddc2414f1edffba78bbbc04babfe6d6f1a5ae8f77931f78974edb257d2ea6d5440bd7c8f8283ac0e362e1959bc35bca6f257da511f456466be60ff7451887e5ff221f30547e586cc76e7bf76dade793565d733e5705bfcf5
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (57 mod 64).
+# DIGEST: 050258d6ad6bec54f8bc48c7ba2d669d6416c11e
+KEY: c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+AD: f4f03541a11be112a72933
+CT: fca448fd13c6877aa9fc299953dc631df8024cebe774bb14839821b05485c4a8f1345697b072342343f6a5479d99d5ba0ab29db7760b1e21b37969333473e6fd16bcc5b52e1d6472fee31034d515f66439f092341036a48d637ec84d22af8d1848843aa33e3b2059f7f90a0db47dc41d8af3b5cd76f4b36ec3
+TAG: 3071b853c877cc72cbec5c249fe76736e87793118f0890200b64cc9b91e26448b327dd87eb314c4c074af49091051b69122a2d13b8a7fc0b15a87e7e26b791ab3a74e399d429ef4e6ed69f2036e91909b11075ef19c6554f21b5b9b90fe20c9c633f71c666519774baaa12d8f819ddddbb592a99689ba34c44e59792da3d7750f4cfbfdad6e295a73ada8957eb9a7f7bbb4e8f82d4647bd41d5ca2a51cee58be3fcaf307382efec054d880b5866a38aa0dcc72911c9e9ff902ca3743873618b2b35c45cb32e496ac7c8c69c1818583ea5016a57f6e912859b1b1a22bd701113e6cbaac2a935a94cc3fa0b9d4c23ee573b0054eebaa3414c936aee6bd9782385d690c1eb570c5ed
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (58 mod 64).
+# DIGEST: 70060f86c76e53512933c09deb5872eb23efad67
+KEY: b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d617
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+AD: f03541a11be112a72933c7
+CT: 8c5849a917c328d68cdf4fc279b29efb0c3c1921621276ca19206c9941a5789b0aba7283e743f94a6e4142f7febc9ad35df30daffeaa5cd0cffe0fa2e4cd5ceb687def585b2634774a01a3f00ce2ca9951fb910b4386bd0d61d1e292b2b225ac55000fdce10131ba163c97f810a2b350fc8a59348253549e0cbd
+TAG: 5beab8f1449d50a6e4a1a747fc2b9864cad962480673db6451ef7aa42b42e7f0edc3748a71df8ddb33d6f9bcc9024c7170bd7a5b81577f9594a87d90fe96a50a62d31c01368173aadd7dda6f7d4c413773649fa7e5aa0c3cbd0fc760666ce5d5ec5e4209c4eda0a8ba0d66e83ed3337067d8ecfb81d3d1c1bed7eceea2582f276c43fc15d5c2bf9d2558d3c3f4d8cdb8953d28b0221c70330c346640f1ea1acccba27466cc0ec3c14729a78f62c7537b1ca5e9f9bc74c4571be9b67f04533b1f8fa2f9232c216ecd81bd120197b558b2733d3d9bab706f67670327465722b2be2c6e3f2ee507620dce326f28400857cc28c697c9b10df0d093965c21ebc42f34d71963ca85db
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (59 mod 64).
+# DIGEST: 58286fe273bf572a76a2725933dd969777c303c1
+KEY: 4ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+AD: 3541a11be112a72933c7b5
+CT: d0076d9cc2f829a33a0b1972f6c0d8c67718a7593975798e0667135db3ce31b4d9bea98710909313a4a2af88bae720963ee738f26bde44b54dd5820992569e5d2eea000baf5de9e0f76dc8e0b93244a8474beb7e922a5f30a5b5977611594af25ed35aab12a61de68f215d73173fd38f586b8c509459a5f7587d43
+TAG: d8ffaeef22eb2181a48da72bbf57ba4562e3a1ebf9cd2a872f155fbadeb78c47e64ac6419fa1a9b1ce5a8e78e60ed1f8dcf02535613b959448f754b70d7159d2dd4814122b35418d4e554992b4789e04f018234c91de44b9de80f7ab406fb6fda6f086fc6b91ace53dffe012d703e71861d0b3ecab86a287a76857781254de544985ac5b11bedf29138500598f757ae295d8577ae7e597e9cd915d15124c7f1d9786f9666bc4b69eaa18e28227d87bdc8935e537d12360b53746ad0d7834ad830aa5307f69c3e4ff6e37ee6ba8937f75723ae4f64c2a04949b0db60c979fec6f485dd0cf14cacf5e8d0e624d9a8578e4028b8076a9cee1e5a0ba5b96e9f0f6e6ef98ae84a0
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (60 mod 64).
+# DIGEST: ae701e5c8672dfaf728bf0f43f5e5247ea9ac13a
+KEY: d4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e78
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+AD: 41a11be112a72933c7b54e
+CT: 298f670117678bd139c60399dcab68bb0414829b458c747b0dda5dbd67f95fa393bfd2719f815a12a2b7c6b3e769b61ddb4651970b30451cee6166545d8e4c4554c8217898186dc02684c5025ee692e12130ab41ce75d79a4ba1a4dd02e0af581a645979c1a3c8c12f5b13e9c1113316eb31b8096b4eff1bf3f7ca10
+TAG: ee9c1cae63b819ff804cc5a34d59d17a76539b7850d5164ae8ab252633acc10145c2c71b1a10b0a87cf2db361c6aeeae533201457c5952feb347f739b3c236845a887fd0974b052a4e71cffaaddd1f00c64c47251ae446a5875e1e1854ca2c032b4e01dc995f35d901b60d042aabcaad3c08cbfd12567cc789408b6710d81b6b7c6067e02f263763d74bc039e0430bc1f3b4c01f95f54492a9c5b81b8d279266b378bccc9073bf1f1db1ddd964f9b6b7ac8771ffbb55d1ff9d973cff3d4eeffa277427e0cc41a4457ad6c2f035b1c0f93880aca55888cadabcccfc9dcf53dc3924a4c03a5a7bf8416bba76d8a362893193811ddcb02b0a9ccf2ffb6902d7e0c434cc489d720487f4664d60f210433b8f71d98666
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (61 mod 64).
+# DIGEST: 4f498d0aa9205160827626ef80c163275eca1f78
+KEY: fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780a
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+AD: a11be112a72933c7b54ed4
+CT: f72c519566632f89513f3f278407845ff8096a5b63929f0ea6009c3cae0dbd853662c4017ee5729eab92f2c475f0a45533de67d4b941d4b16c1964986d8f4a16cc12f02c28442ddf5790f321b3942cb65964587f3fe55ab28064c52ce3d3598d3431788ed2c26fe1b196abfd35afa0f7c8206a6bc71d61cc4e1a086c4c
+TAG: f8c75274342950e4893ca3b0e9fe95fa51343c628e1f04d9dd19ed928ef7af0a106b6bc6b70d0ebf552c0acc51b5af94dbb9f4fca444ed4eefff63e4746af9852d727d4465695b1113eda1becabbc56e2860b55b986d6122b93bb822865ab8bbf1409aef68cbe720befe0ebc6dbb639b3be391a161c2d9ed65a2898b3ea7cd993827aa8f2c60dd0d9e926cbffd8bbf6ac43fdbb61ff0024cdb9e668bd9980a39530a526c3c9cbbe1e4f46ae3e8229bc5e7c8b91855eae7a2aaa1b827d8b99ed19843aafb76cd361259c29dba7a02dfb40d9bd2d580aa12a6951f0f53ad5b283443c5bb8b4c9fcf569b30830d1844860256c18d753a8d80d1d0e8656623b1a06700fc513a7099590aa566d48eb6c078c4472d4f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (62 mod 64).
+# DIGEST: 8c043825b2a3764e8a0cc35a011696fb3ed03c2b
+KEY: d0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+AD: 1be112a72933c7b54ed4fa
+CT: bc6acdf0943ba34efbf9eb27fe9e968f23bc1d4f1eff7f86e836621422e7ad8e1adc03249475b6be8ec5d3e96e167af7e6b85ac87b5da2364b1e0d87d5c49d43ddea8e9b796580fc4fea7774f8210e4ec424aa029717937bf76b148e8af72e8badcc3f12dd259fd4dd9a325d81cfc7a193fb756b5d140fb703aaa6d71496
+TAG: cdbcd83191a554bf922180902fd060fcc63a8dc39a90ccbca9fbfeefe9a09a9da72c8782f6d3ccd9e2b5a80816eb5bb6919580a8ec186b8b1e388a561b6c931b22dfe62544456f7344f4c18c4823f167b2ebb8a93e3edb8181f358e66db5a3966eae5e893e76b16e8bd5da922720f754bdb6edf3496b62d79b14f00f24c1b30ec6ea16d88cac2b336f2bd057e68d6075907de3c9e7434da017d8bc5348ad79ec14182e07fc70f4e33ca2aaa2216d29aaf4dffb583c1b5159eedd66a2515127c3db358c1ccd89da4cefaf75a6eb5a8a80396ffcef783973f552645885e20b91dc0cf4485e94d943ea4bff3704a4bd2e23388090fb7ff707cf80b0c71f6d4560b3be71edab2e0b8d5ded1998f3b1df51225495
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (63 mod 64).
+# DIGEST: f3a432271c9be858725fd024071c4f479ca9a971
+KEY: be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b7
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+AD: e112a72933c7b54ed4fad0
+CT: 0e87c57c18fdc439c968a9dab086c88271be6dd00843879ae1563e4ed03d69f9fa09a29c1bf99b1c859323eb8452acb2f808f051669bb5e097e23b947369b5a0577157995d729a75ae7a65e293acace3124a8aec53328439e5f2103fc3a236728682fc129a5b0e203bd730303fdd23962d6ea7a35aae3691f6721dafdf18fa
+TAG: d7453e8aea805b4c95ed51f1033b386cfd74fef1c205d51fe351ec3b1a3bb2e2b7debd8b20c688f4c516a61fbaa690eb635fe2974a71f45d1b4e2fdf3be4724c3eacadbc6d295ea9b6f53c249783f35898ee4818a67ce5b002f17a48199c779b17482ddf5448b6186cd979dea3d9c7b0ae3f106c4b90c960dd8899a67e9f18767b49497519c86c0b391098192299e4f85862d150bb3e439f05fc9f937c888c4f40684c25018fae0c6fedee92fc0035d073f3704f61d93e7e321a19512561676a216127e6a716d1f5ea43b67dcfaa1ffde7380c066efdc8acba10f2e790d4839419dbed3d89634ae785f7aa3ace1fa1720757066f4b75b883c0ed592b8cba79a400d5e442e23716a7a13c252a7ce156e219
 TAG_LEN: 20
 NO_SEAL: 01

@@ -42,14 +42,707 @@ TAG_LEN: 20
 NO_SEAL: 01
 FAILS: 01

-# Test with maximal padding.
-# DIGEST: c6105cc86e18eb8376c16ea37693db5c07b77137
-KEY: 8503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
-NONCE: c55b436965aabe477e0cdd46be99371e
-IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c748
-AD: 1df3f4183aa23fd8d7efd8
-CT: 7265eea4b391d880c6bc72d3282f663e5551c0a71ca35898047362694ee8f2710974350a2a38a13b0434d312
-TAG: ead153f0c9488b88357e81187178465d2416ca97dbf7460c9519ed9957d9e74e62950447e49dd233e9c504876a90fa79273e597ed751da4f32a2c60cecbfb6641ca2e8938774cbc324affa9bb027d219730d57ca1981e87d0dcd0551618493f79ff8c0366383e0698a009bd976c63f089a8b901b5a08fabf0d3f798c349743634d5dd35a2195cf0b74b67d36d65be1aa920831906acbc57cd880964ec948e9c11614104721efb62a47600ee968418b1d197c3ce6ba6246d5ac1f07819f67c2cb3ca5162aedd354e2314d65d5e863964db421846da7603b9f11c503966834ed501885763da3e89a59f89f1e31f78111324b79637dd3b6aeeb71ccf2557f9725b86dd13088ce257cd6ea71706ff8ec9036f56d76c4
+# Test with maximal padding (0 mod 64).
+# DIGEST: ceb2d295bd0efd37c6c34dab1854c80e986174fc
+KEY: 37446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+NONCE: 997deafd64b1fc65de39f4f03541a11b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba
+AD: 2fd6773e0d0c302a5f47e0
+CT: 2840fb36bc8e03c59de49315bd8a6e091f41fb020cdb174ed0ab84fab8f94c14e840fd37fc13f48490c2d2ffd4efeb4da8d98840f6ee5af812bcbbeeb7f2992b
+TAG: a767b9c80eb4ab9270c0c08d6adc1bf56245929a79a4511a8a4ccd2c996611a0154c8101217b46b049331d3109a42093f223a8224e11fcecee906b2ef52e5650da0498e3f832101b7ef66fdbcef302f362e570e5e42d5dbc33d0d662913c78a8caf3a9e2e22949cf6d212efee4d9dc8d03fd6a00d41f3073c4b73149e8bf05d23b2dd88aab1c87ac948a3f96be79c52efe9488ceb9a1c5511b441a6ba4204beaf339539ff9b4443000b5b7c00261c663be3087c395ee448e724d1cfcbe10e15ccddcf50378fef972fa3aca38fdb1d131f1bc7ce166f4476a008883292f8422cc668e1c8e0cd53cb25a64324d187b14143563d8d1af9371602a068da959c587cd6a383d1ffc74190c0499b2d71390cdcf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (1 mod 64).
+# DIGEST: a07054c760cc66fc704edf950201005031f3faac
+KEY: 446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+NONCE: 7deafd64b1fc65de39f4f03541a11be1
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2f
+AD: d6773e0d0c302a5f47e037
+CT: 2e7e6cd84e03e35d8977c9e1d4ce6784c4db3a87fa1b82e6f781e284e0d3914eb56acdde0374eed6283cc10e1f329821fefbf888dfc8fb42fa574cb64df6d88d2d
+TAG: 80503493bfa3c2cd3817bb145fc579ebe050bf0e6310a29c9e1a7e98371833a25bea5c82bb6128cba6e27e7e796b49b49cd55ad123f90aade4d76a636104e5a4f6fc9c92997c0706d709145b208523c0c890394fcec38507fa0bad3d24fdc921416501e5c9b6964db81572bb933b67c4b5bb2070ad5068069592d35902ab93bad8d5121fe15bbb2bd27ad946a21f2ecd7e95c7f4c63ddd00589ac304d638307e798d9a55bfde231f5bd8a8f89cfae591b0234662647c3b42278f4157c4fb44fcc51862bbb2f03273f680d6dccee49b51bb4b881e5a1768dbc537e67073b796047fbce6f90eb54776d9f0237978f129af7efd4a3f380547e883d9976b38819acf9e0411769fc6898eaeca53f5def25f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (2 mod 64).
+# DIGEST: d059c266cf6233af730b7a229b19356a4c6fcf06
+KEY: 6f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+NONCE: eafd64b1fc65de39f4f03541a11be112
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6
+AD: 773e0d0c302a5f47e03744
+CT: be77b79780ae8ccda54d5f995f7c1beee8ac61735285e34d9dd137058555e723daeafe392773f428ec528a14c2f52a86365c4929d98d4504c669db1d984e2f84f7bf
+TAG: 24836360777dbacbbcea10d08e3d975a0bd32669871000178d167a1e40a6723b7c47ebd32e5df52cc4e0ee5459b355f285a0a93bd9fd016642221a335a2f09a4635f71d8575bdd081caa14b083aed01444df63e5cb01377b8a3ac31006c92621a894b71d50c85964234a5aae094a931e5456416236001f46d771767aee47f6b7c3493fc10b9f392dd629852623c1ff6f1e7dd3346d1aabd132301fa16ce88017fe3ca394d1c685942f1ed7b37f84a25682142b02ce138ae9b21c85db410cc3c266f6a490ffdaa0ce95e8b1f2da7f6e6ddda2d4570dc5619605fca903e47eb62d7419dfe49f354ac18762abbdfe5431a863b6f7371731ebb09ab41aba79e41be8603060fe921e4dc8b7f422392640
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (3 mod 64).
+# DIGEST: 8aac0687e33041fcc18da154b41f20a6af2bfb28
+KEY: 5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+NONCE: fd64b1fc65de39f4f03541a11be112a7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd677
+AD: 3e0d0c302a5f47e037446f
+CT: 82aba2e22933737ef55346865375b574f24066eabe39fb800ec790df3ad05f85a760332e8a1d45e7b0c2d969ac5689505510fe035db4ac1c5a8a01a6f6ac00ad3d8344
+TAG: 090114b0a31c301edc2bed8e25298d4f913558ce3f6f607b0fce5f9e7b1c953601ce9890f0d8e8d6a71c5ccc4e0aab08942628d21f467bfbfc4996863e8fd296b7ce153568999980ac2980ca68b16c0b2edfe5efcfff121a7e4dfc8dd9387442c4847f7c572f668aa990334dc50a54480f673c338f1ea9c81cfb9d482f6e4ae163e412108ad5775aefe89173229efd58a0f56b411008f87e3aa307413779538057f5d846a1586920b1448b4fda27b65647b946bd5b7950a5e3e37ccca55b359b4726e26fc3d168a9e8bef56c1a61fcb2b55cca61bac0123190572c939584ffae1e913b82bbd8057f302a900d2a1a7ed1ab4a1b7c8c5cd56fc472d69d013bb897ea3d72d299da0df5fcc7a745dc
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (4 mod 64).
+# DIGEST: 53658226c112b86438dd27b58a71f9e36fc73c1e
+KEY: 91d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+NONCE: 64b1fc65de39f4f03541a11be112a729
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e
+AD: 0d0c302a5f47e037446f58
+CT: 3eceac2e338b4dfd9f4840d77db69ed23ee286b522cd4a324b04b1865cc772914c8d84abbf0db1a3a2d15401759b18d6fb3b7020cca1e31d136fb97b26bc772baf5a363c
+TAG: 1b6a98c7f9b8c5c560add0eb46d2d7559ebce0894b876f0de8ec37031df30667cc3ea54a4e71d8bcfe575d6044d9f70852fcf9a1a6756643e28944b59856ed1ce9958045eae0aa64bba55b64aac0cacded741293262550b085b4cb143d8bb8f7061eda2911c86e1afce94a8afb4db1060c2da1e9bb0ca8747d71b706134e44bb7e4b73518ca9201d610860961a53438d6efb51031a1ba0fa9b437b8a3aebc0479bace7843b319c02b4987490bed351be2eced028a2d0c97a1e30ccbd820f4b3f669e33b74c1b550a8d9782b9ec7fa45b24dcd5b6788895d6246a4cdfb015c605741047c1d2323e207a8a622e55b6a19401bb67de62154392edb28ab3cdfbb2ae2f21c3181ee8033130e95e05
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (5 mod 64).
+# DIGEST: 6b7d5268b0b5037afb5be5af6a0ceb34e7656ac4
+KEY: d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+NONCE: b1fc65de39f4f03541a11be112a72933
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d
+AD: 0c302a5f47e037446f5891
+CT: 5cfcf9e4dbe1a74e748665bf393c6fe93807ea36556590a1f2814c2b445988c1f6c2815f6b1f0fecae452d1bb89a055bc6f85bea11d99d0b0c62db8a81e3f0f3a557c208cd
+TAG: 8e73adba964c6868bb3da63b0d528a22eea8bfb4be0b1030070436f5c442649857c9c4a32759c5071d7d741692368497a978b5668b912cdfb0c404e514411ff111ea9f1224cb4a9256dc57a8a4677fe576b554cf6e4f975ac3a81eefcaa0bb68ac5bb26b1bf54bf034a50a1b3265e0baa8a900f048246c7ea825234732c3f5b34c4ddc0adc46178d0adbd9a524502061ad4c6df62dcd8f8851f270dc452be39021d5f054b7aa35f5235739894c659bc06333d0e564c38521d820dd7cb0dbb8a018543ebe7799cbd674a14821a6f92d776aed736fb4ce19ffe6ad5b456c09cc597443ae1bb41be9ea0213edfc1339636facbfdf56a8944cc548fd35fd5fa4a7b8cfbce736c6c96465326a49
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (6 mod 64).
+# DIGEST: 63efe7af502231420ed5aecce9a28446b257828d
+KEY: 7df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+NONCE: fc65de39f4f03541a11be112a72933c7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c
+AD: 302a5f47e037446f5891d7
+CT: b2e315ef97a1b89b4625715c61946446fe1bf27aa60e65d0ad9849f71ec53ccbee951d3628efe2795949f88795b354df0ec68b21cd699cdd0f92f31f3d6013a4c1116165b4f5
+TAG: 4e9eb0387d9121ea239b27016805f35c09c90904d9becd9ce23d77233e8b68c86e17f92ac31794be17386e5fe2f40e83147a7dea38bee4b9776fb4a4da85408b80ea7718d542a47e7e5d7db38c18560dbc37d49f4fae2e013c4b89ab59f2a529b389e2ce5b2c9f0883df472fb9ac58bc5e27dc21938344195de25f1e3c015b68e6c6f6111e037010a075e78e852f9b0b8e568359ba22eddd71714403309987ed20e381b8ff67f5fd5d9e8ce77b1517da2cd4c2909f83fe70b65af0ba8dfff1e0860ccd217a19a96d94ef3cfbe1214e204d4eab8045f97aaeae0946b455e01099513c5a763596c7495de135bd2ea2b9c01e7fcc5daa0e88bcb45ce5bd044dc300a281b2bfd18f6090f7eb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (7 mod 64).
+# DIGEST: 1a555c300a1d1bd5b03cdd6bf2a678621624eb05
+KEY: f660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+NONCE: 65de39f4f03541a11be112a72933c7b5
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c30
+AD: 2a5f47e037446f5891d77d
+CT: 8221477092da15c94ec15f34ef2d540c87ab24236ee4d97ed3543f49f2daec059be7c0f157f2d869bae0bd4b9d214bd40ed01484c28019d6349cac27db29050831e5974b5426a9
+TAG: 9f10a7816f0b558aaed826c53d63677dc443bd48fe1faf9d8e8542db0b3959d6754d0771ce1a23d67561626c7c521401c0a8882656ded33ace7965f5978bfa1c960ed9eb3831f45d28a4fb0ea44cbd9118f39eddbe3c56886bb4bd6593e13f2bf641e88adccaf76ab0356cb77654a1b27597b1b5fbbbf15b6c7673d92aa7073745721a299797b77c5b205ee44da405d634f971abf26bd7cffb21cd6f952eec7bc214d6ee0a31622c78259ba14072536751b87b968cc5e6ecb21d1b64c53f7ac24dd9344c2a03dbea3c5704bd283a8d28eb2ba5e4dc1b16a0edd6f4cb76aaf746b1a987d58ed73eb2b266a148ddbc033bd45712a3101f7b536d2d902b7e124e199442b149e3b603f199
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (8 mod 64).
+# DIGEST: de9156349b578f2f44945ec6a676a67a829daea1
+KEY: 60ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+NONCE: de39f4f03541a11be112a72933c7b54e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a
+AD: 5f47e037446f5891d77df6
+CT: 8a9f0d731d72929136ed9e6993cbb28013b336540f602c7203e6a38391dc07c8c3ce5b4ca62df582dea366c4b0b5aaabcf1959a7f0bc92047023c72225f5c071a588d95774f2e2c1
+TAG: 84d60af507164a4f4958b6aed0525028918bba60b4affc1afea92c0ef485679506ffdf649b0d9bcefcfb8f1503b2e48937a3e732785d85b11a524363a55fc994e756148a3b7b2772881aaceee2ffeb0f18bd85feb215fc8352dc76d8ab5255d56db5e9f10c42b4a3447321d459ed20e536062a33e6cc598a61b905bcd579e6d68cbdfb94c3b100e05bc0009b9841fca15d909de6897276f9177cce5b049c45954b7cddb7610127c9dd40a61bd8e47b7a165940ef3084a0b523955741414a12d34aed68db231db939b1417069516333b2c0c57e843f098a55e375639ebd2acf658de1f385a1e29c5eb9efe14c16e29488a32bbfd127592c7c45807f2b3e8f57144b9cf60130592b62
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (9 mod 64).
+# DIGEST: 12812df3aa7f3bbc899f6f248f5590e02570c292
+KEY: ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+NONCE: 39f4f03541a11be112a72933c7b54ed4
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f
+AD: 47e037446f5891d77df660
+CT: e3af374fb6f33c64fc2e4cc1e1b635bbe890f02359b6adb2a747beda433e003e30e1803f2169ff6abc81ff8095601cdff7aebae5fd8fc012387a70dd7db18e7eb79f87fcc1821ffdf6
+TAG: 4f9730c5eeb9cb32e005afc571d2ed5b2de38670704f854c838d00584becf8583ee7e79d9609bb73abb70bd01ab228bcf6070ee1c1c97d4f6003f6a3ccb4b8af43dfb37bbeb707e1efa51b0447e6b31e82a3fecaacad99014a8d502c3db8a36665f85d62938de6ffe30c4749535bb124129caa1fa465d04c1005e64f7f4397607b4e6fc31b9c34961b7276185fc3211eda045c06a28aec0a1e0a0e2f1f6829a1ab372d0bedd711158696b062b9dcfbff4925dca71d4ad7f7c610d40bfc6e7d04f4990d6efdd059679c7137b5f5d28c9784fca307e2e1df33dfec10a242379ff30984c62c201738edd60007c9d56557692e8f73e5d0c83059d568312b3504de9691ad3d9b30a4a2
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (10 mod 64).
+# DIGEST: f3c89f21c327fca4aa400fabea9e39780378e901
+KEY: 82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+NONCE: f4f03541a11be112a72933c7b54ed4fa
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47
+AD: e037446f5891d77df660ed
+CT: 98b22a9119610480bdfc5cb6e2a950ccac8741690574730b87fbeb113d5daac699c333ff21efd0e73d2252e95f64dd2699b940b490259cb5fd698756713c0e53ff69a733ea13587cbcb6
+TAG: 63600a3d7fe8a782af7af230da63bc84dd993bcffaa5f76e5f63ef56407d0412b831dab138d117fbc081139cc49946a7631f488c11946c10530806ce7a781baa3bd072300a5cdf8aaa3b2657ea3732c1e24271c447e6d7f6a2afa0bef27aada30585c33479debc10cb72febb181c7f5f77490b339285bfbb0bf07c545ed5a0f3f183fefdc7138e330095636956328ab85a201e3cd6a2edc573d75327bdf615ffc8e6fd5e133558b831e24b67751098320e9afdfe7c7ef4598c29563113052c568263612fdc3c48d8e9a8a407bc2918ede467636dc0185d9423e9eaefef4126247012d5f1930c56dd9dd7c34d397f388e4f741953d76bb1eec911079936a8dfc584fb5b7c84e4
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (11 mod 64).
+# DIGEST: e8e41988fad6c8b44c56544964cfe0a347b35b1e
+KEY: 933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+NONCE: f03541a11be112a72933c7b54ed4fad0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e0
+AD: 37446f5891d77df660ed82
+CT: 8795d6c225aa78fccaaff86101641081f4a440969633ca8d7830ffb14f629fa34dc4c15e8ff20a8940c7a484ee94503372e658615eb3fc07c2d2c399ae9ad7a77d684512d0ca273f77fcfe
+TAG: 534574a93db9658b653cd395e981cd4a8992e817ba058f692c5f0c1682745097ed441781afe30827bcaa29d061e2d1554a949cf7b62077b768bc1ca8679618a5d2b32c0b7e735db6a27fd762a60aa19e60a60a9edb02f20e3e99fd4653732525a0c8d8042bd3ba5387f93a7e0da483173b3abcd3ff876badd75b81741abfe2baf21be1006d1cb85bc543ddc7493f8faf4e27619686ba324cf651a16e7ffc23ae7786eb8823300a5c65982228aecde99f53d43f86d9ec0d326eb3ece9f6cf1c6bf92d1599c5f9c391e9ba189195665d3018c38207717502bb60e020773618df614bb4e0309fa0809ab215f68f0d9d46c28950d3edad6c4f71dd5af9d03dfa39ae62482601ff
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (12 mod 64).
+# DIGEST: d1c7b2c04dc25fe7b742a1d659aec20e1475ee4f
+KEY: 3f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+NONCE: 3541a11be112a72933c7b54ed4fad0be
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037
+AD: 446f5891d77df660ed8293
+CT: 694868cf990a1b8ef42fcb2b45cabf1bd78eee4b429c11b27a827762b9c319bc54a2b2c8eb2ac85063ef8ac7da8bc35b16c0a98822981dc9b246381780da7833eb718bc8518e2b176656ff5c
+TAG: ca1dc8a003fd389a1eb1cfa4bf9746cdf45c548f8e52e0bb0dd456c1369686e0975fada75cd8fb261a01828fa1375941dcd8c718f82d6b64222dfbf7143ce980f3936b78e525c961b7d72d5d68127d0f98de541853ae36408ac489c5629c82f00a44dbdc89d665f94fb391c4a0618f31df9bcf39a07325b600265daaf53c2762396f9f6e83fb4f545aefaaeb447d4162ad401e1da2ec090d78d7b354d80fa975dcea9b897fc0f16681cd9a1aedc78cdcbf26249e18132e518b75849af55de38562ac32c50819a35156706510688f3a81e13e3bd5f61a0c2a8655c251f4732258c3cf34694be21caad599996c9a13303be173f916e90f606dfe1640bcf35e892eab6ca70f59ca019d27c58cb69b4cb3bcd484198d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (13 mod 64).
+# DIGEST: 116e20ff1e79e0af464d473b1e7c187f4dd66007
+KEY: 62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+NONCE: 41a11be112a72933c7b54ed4fad0be90
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e03744
+AD: 6f5891d77df660ed82933f
+CT: f2e78e183884c99ad7f199a02d87a1026c832b9a953919a98c2487bd0d724be407994fcce9e19b5a69f15ceef5d3b95c79d5fffede18a143cdfade5c0f80254cb38e47cc9c82488116640aebe9
+TAG: 11f4ab3470df6f43596f9275964c3ecc22543daebbdb99004eb6c1e001b2119ef9b247f30481117102a179a7ca72c556a029b77d0ee2167190923012aef527b8a432576f8948a7dc77ebb79fc7a9dd1d981a4bab9c00e498c09902ffb9362113f6ad3ac6c1f792fe27d3a71aa19b9f769f2417ada3d303e3fd2600484c9f6b43e4ad834e60ce4d4885088087a96eb52ad989a9e9a43aa53a78e513743a8f08cb472a144af5a6abc17f217715e074aa470ba71d2b1b75e4ff3f597c4d1993412d37f94989c1df016f72b26c8d58d78a8a3295108e9bc061facdbc4c708a1d7e7c95bb8e365d4e933c0e519d08abef948abb67c5a3ebe938b91613ae9bcb6079436af3acbbdfacf77e8b935686d4ef7ed47b5b10
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (14 mod 64).
+# DIGEST: c081d0d09b2c9eb39a372ef4a7b0246a0956b0f9
+KEY: be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+NONCE: a11be112a72933c7b54ed4fad0be905d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f
+AD: 5891d77df660ed82933f62
+CT: c7de96bb45663dfe6da2a64ffc9ddfa7c3dc63077079bd4bc2ce52fea89924a75664782a5026fb5a099ec460eb9c6d7c3d5ea383092c8f4c67a70fc499a7689bfc27df4da7c185d573e6f8d70cc6
+TAG: 1d6cf11ee4afa8efb4e025dc32e0c73a6fcda2aa5c892031c7fde0d0d69e38e9e64e88a714184fbe73ca0f1dfd35ba3b0378a474cb4aaeb942a529cd199e20b7dd62654b97d92dc317975d5e26ca1378d41799a127c44a157982dc3677a4dd391e22b6906d303c2c60cde6052ffbdbe5f8bce22bc2ee42975f9892b68f228cb1f584b1a3fb2f15cb7bcf3d9650e72e796c46f7738986be7f7c30dc56c179299c9c368090f68b96735673f2279366122e5cd94d8d4ca2cbeddc3502d833bb365756cd511577a7499c199f403ce114ae47aabd351bd27e4595e3955e1d1c617a3d0ca2d6e4a2bc3275f5ef706fc4e02e48719958d37d172ad1473878686fca9420dafc83e0baaa9aefb1e50c98d6006ead6bd7
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (15 mod 64).
+# DIGEST: 6f7bb1f9e2772eb909c315e653e4737cfed78a18
+KEY: 8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+NONCE: 1be112a72933c7b54ed4fad0be905d41
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f58
+AD: 91d77df660ed82933f62be
+CT: 3a77c0f70f9044fb3817d57be4f4e5ee4b27ffa586327f77c18346f9fef2608a552b551ac549f9e8d47c4959196162862fe2a35e44581971c2974d4a65a47ae719a7f5f070ad902b8a9e022abcf303
+TAG: 825fc7dd84de7f3bcc941d0234090a9409e47dda077e0f3fd000965bde1d4ff30e15b23affe14d94515629f8c018d085f41aa3ebfd0498f621593d57aaec4bdd0e22df21668451b098429967c8eb8789f92a5578d177e5d2e326fc14fff272eb90368d56a777849cc5a1d54c6a458d32c26f4cf99e0f80c91e6df29aa53edb03df176b9873f5827686faf26dbb038813a8170f59e3ad85ad698308748d112b7fbca45156a4410cf32fb34fbbf27b66dddc0680f2bcd7cac6b8cefa83945fad84f77a396630029e6bfe9f15cbf5a884332de5ea7f558d783858c18761983080c13f9c06be367ad856cf159656ad140e84d6af4b4c3517b90f5ec0a8e6fe18d42ce3d194f695f9b7440d4118b8170705b766
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (16 mod 64).
+# DIGEST: 172f4992e692a88f49628e5d3937959be01aed2e
+KEY: c55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+NONCE: e112a72933c7b54ed4fad0be905d4120
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891
+AD: d77df660ed82933f62be8d
+CT: f2f3a3d985eb38c406bb0db0d141188c680656db8a4484abad2c8973267e14458e2be7cb52f06ee2a0f68eaced13db714296319b2b3557454f5e9cb47e8943ea3e66f7bd25c5757375be7bdd65fef53b
+TAG: 2c441fd3259628cab417df36374ededb37b9775c0ddff861a5b957a9237265000be0857b3b8482ccc5a348dbb9f4529da4baca8a8820468b1219fe4680221bad9a527d93ca499a988411021e0f9cbfbacc7851c63cc1886e934238d9b7f9cb6b330ad00da830b34c7e4398d148af7599a87770102622e7a68828dece16d4255bb319c75ab0046defe72269fe67780b34324eb3d57effa216411caea5661e64d8151707ffa86752c876590ec46926b7e963ced6a7fa95b1bd958e618bdf1775a9b3ff18c91ed490f39cffe0ab03bb5006cd321d8e6bbdb19597ad7692eb7a7685e075de1d383089f46c8a4bf1aa948bf08b89fde28696147c767f5fdf2aee8b8d4af2903452fc5876aa226d490140a55e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (17 mod 64).
+# DIGEST: 00133da1f7c63fd5f0eec364e9a359be02c1d3da
+KEY: 5b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be1
+NONCE: 12a72933c7b54ed4fad0be905d41203f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d7
+AD: 7df660ed82933f62be8dc5
+CT: 02fd26e7b51a1bc6ab6735045d2e42fdd1f31adba98ed5f8b3e89450853104633abf6cbb70ecfba2f5b39dc06f419746abae4a51d33829bb04140275021d183ba079d58c37d4147e8114bc2e3d1542b0be
+TAG: 4bc0c3d3487bb74931c27253f0f0931d15a627ad88ac1ba563d97bcec53524870d8fefd1300feae23772902058f5f4a0c1c67eb5e4ca9d4f98692398a9019c3263d2191361b73038e3c9252502ca72070f1155952b3a0c787508d7c0c96e02036b2a26513fc69b19f1c51629fd7bdf015c0c45da5de1d6899f3cc3bdaea7a3d7bf1d0e8a8430fdd7ec70f93d7bb62fab821c1f0e9ad564d04081a3fb70b43b5ffd990e53938cd34084411c0c11db13bf2e28c6fa299c720f3f68ad751c20f6d12ce79382a1d0c4bf3a6bd3a695b3040193eab3c73aa4ee751447a5a46845c86e22909cebcbfc8b653f352072aad19b725dae4cf4d1c8bfe55605f0eec27682a6a365cf2e3e94ff769c2aeb328fbe6f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (18 mod 64).
+# DIGEST: 60a6821269be6c5b985576b245f106128eb0b325
+KEY: 436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112
+NONCE: a72933c7b54ed4fad0be905d41203f5d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77d
+AD: f660ed82933f62be8dc55b
+CT: b2fe392acc286bdc73cac1aee34ecb3a3e3ae2ccdb065618e3c4a17f2b2668a2c11108b0bf8a8ffe20800a698e73c9b6ed4b0da61bf6fc22c33c75439445061e198f018f271a8698d87185b7df77daf9e757
+TAG: 7a3dcda8c73da41cca4a85a9bb5226d8a94f2a39abaad492ee978b6051961be1f0023b673348fa17eb29430a340b3597c6aca9304be30abc5129bd65073aec837e55fe06c7787f4272e75c32b3f1777451e17853f4a4696cedbeabb57170f77efe9db657572035af08cbde5432478dc339147d433457d3a15f8820515a6f267dcd14cd9489352e1561414e3e1e0a85129976c24dd016d4621af0058ef4e19fe4bdfdbbec370fed7ef641434eb629fbb16fbcdd117e9b84ccf7ada8324f9815e4aa42c12d4f0609060545997afd4e6786a0457b0b2fc73ff7856adb51223d2408ce4c414ef2afe52a3bb67be43997898ba846045e96a27acf3f1bec0b755e424f57c69774cc13ada5227c7642f563
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (19 mod 64).
+# DIGEST: e2593f3b6741a9ed9fa188fc06efd057556ee624
+KEY: 6965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a7
+NONCE: 2933c7b54ed4fad0be905d41203f5dce
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df6
+AD: 60ed82933f62be8dc55b43
+CT: 8780167385b8856be346b71b042332368067d5d9420b3793fe94bc1ba92991756523c7a8e0114af8fa7296ffef8fae01796b47edea43bdcaa8832a08e823c45c1ccfaf1190cc7fc73a67decbdf407c72740a7d
+TAG: 974451fd4d9d6d1f88be4404869b435b4b687a1150b31a0671c93f52f76f2e4dd71bf4a3583f68ea5fa4a0dbf8c779f83e8dca1882e9bfca3e914e77ccbf40ac94769c44f9a8bcbc35a4f9920c6860078d369f57b407d353e8022263061bc974df29fa7c862f3d06213b1190cdd3e2091b2e26532356560efc3b21a499f4841869c993272b70f153985d45756a0b3250a1b91ee3f25a6afbc202f3ef81dc607068fc7214e69255342e662c64ffd8acbe86992ad20ce376d92ee0bfbee6a72a1f83f470d0bbf6ec22b364e842b84736d3923de92c488c102344fef6f78624989460a2c45fadec2a7bf722e2e6a34162363cc04720a50f0d309f64f9322a11b642b97f023cb82a521af6b1759d37
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (20 mod 64).
+# DIGEST: 17450a437efe239e1858ac4062f34024305372be
+KEY: 65aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a729
+NONCE: 33c7b54ed4fad0be905d41203f5dce99
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660
+AD: ed82933f62be8dc55b4369
+CT: 2cd2031084f8742da110ab5d8f7290828857c867b38427c3f53be0dbe2cc94527d2f0aee90a38dee77c0ce115ef650b2ae65094e99ac9bf6da89e5440c1bb4f8ccd163427bb95b3ccd629e6881107d6c9a80cc37
+TAG: 026560a6675920dfb199359bea1a03ef0d7d67d359bb6b94074eef54047e92a0940f8eb5d08aea137b7caa73904b66a8c99775e0d859e4c91d68dfab271a9401fb650a9afb83ec4b42b97a74db1908fdca0a06603cde524524ecb3bfa15a96b6e250edb83e7c59385357c075bf077ada33489dae99c2e5d5f17cdab9d23dfae4171e564bb91e3e78d61dc7f1712c2a4431e9451cc1f58df004d04ec50f77a2681969ed91e07df4ec90fd185ede409a5387538b115107a1fe22bb999082d4341ff5a6ae7af33cb27a64eff64492a08eae3c18e5914971e514f55e65ca93a8a19d7d4c2f3df76232cbac674c480e9f4316a8df7ed9d62f8144338249732dc1c3dfcc8647804c13a03a59eab926
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (21 mod 64).
+# DIGEST: a35fc7d25f90dd9cbd35910d5532aca8aba88b29
+KEY: aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933
+NONCE: c7b54ed4fad0be905d41203f5dce998f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed
+AD: 82933f62be8dc55b436965
+CT: cea9c7528706d506d75cf085c8475c081ee8c6145ca11610b73eb3e103a706faa66062f8edc10abaa7c3edb3fcaf43c202c4812e768fececaa04564414f45816fa5c0df5b7518ea3859be75c4567565358293e9232
+TAG: 32de5af09080604ec6b6fc5a0a542837a54131fc87b1825666e5d56f09e15b76d47fd8086dab709567aacc3e59d395656ffadab861ba9a0e1c1b30321ce334b68724877ec6806245bdab9bc0f8e5af6582fe91a2ad95f7a6bd0ad1df9f9c2d2c20f78f2fb0bd2653fc8e8fefc9255541d789a0059820b30902c3e4344b68d4603b3fb8f5001df91fc9383dcfe76f219933078c602fe2813b9e59e8f996f8943c96c10f27d02f5bae69789870a61abb6c3b118f6cc348188495798b07424a750556a8d1e444b47283b096b9cd8b98b790445ba8ad8245a040a3cc96c2d72aba1474f949dc607c386c7cbbda952651f6d3260c82e5a06c517a89c5dfbefa069136e3c094ee1af26fc4c77e21
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (22 mod 64).
+# DIGEST: 73eff0f03358879f900b6ebd515f0f4e5a6929e4
+KEY: be477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7
+NONCE: b54ed4fad0be905d41203f5dce998f8f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82
+AD: 933f62be8dc55b436965aa
+CT: e967973079db00d2257d84817ff4c5faaf98024ac7eb71d22af3cbb92a001a558f5cce2e8c293d6dc2a968f69cb2731bf65954affbfdef4085123aa06baf0d80edd8d04ad4b1d48120f0db0df02ca13708f66a567ed0
+TAG: b8f6b6618dc8b59b07566c1aecf97a9933b6546fd8882d14cf75b2065f17518722b5fd77f9449cdf4feb87e7943f9d48b56ab891514f608767f1711314974b020804b7227326185bcdd338e3a9df31f6c3a0190b25d02dab04ce23fab918d6176814877ffba65e410bab2ae256d4f5f937458d24a144f3c45f6fb27e9f95490e95eac4575d49d7dec6f72ebdf3efd9dc6c83ead51652223b18963651b8d957b7aa050b022e4beac68f928de0d1094dc756d8e1d2b89a1bcac0d3d40f0f71e67b166a6a56d8ea91df5c930566640be524f187be2065127cd15b2417f7d80b6a8cf781e0e90c6ef61cbc902e935ffd2dc9e84c4170fadb6f76b15d77c72b49b8aa30ad1efabef37d55b4bb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (23 mod 64).
+# DIGEST: dd6cea270655225cb4f4231f54c19eaaa146eac5
+KEY: 477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b5
+NONCE: 4ed4fad0be905d41203f5dce998f8fb2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed8293
+AD: 3f62be8dc55b436965aabe
+CT: df01c1a140da0e422919c0d34b231fa3cd767766fb35f8d78d715c44b9003e42cca112fa1543d74ac05e00da9b5740c03b5c4d1e558ceb8629adf3adb1771e6edd5b986094f724e675682e65af15bb3c0feeed8cb3407a
+TAG: 25a40fa2eda366cc951e8965249500a657316c33538f874f861753eb038dc5cce0425824f138abde55bade8b0500af1f61b8ea69d4bd68de3fc403021c2224635535bc83dcbb429a8ea6c0ca2687a34e02d1dc45e7bebafd26b4814c0766e7fce5238767280ce0424a3f16a30b943622b8c1abe4eb6c279333e9d8f7bc32afb915bc5b0328147b57d02d68584afd85107302e3c84983cff39256313c4462b693c256edbbedadc50a52cd2a3c8255c1c34ba87a70cb652d74d8375ede59a57514bf5bc50532acc8be4b438daaa2d7d2caae6c291ea2c78e27766b6e2afa2551f3287a6a2a4bf747a1706cd66fd724fbe0e7e81197b1ac612c05cde5a62fa0d5c43d01e6300c7066057e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (24 mod 64).
+# DIGEST: 34dd9bf0ce19eff890ecad474388779f63b0af70
+KEY: 7e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54e
+NONCE: d4fad0be905d41203f5dce998f8fb2ea
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f
+AD: 62be8dc55b436965aabe47
+CT: 889ed4c7bd5455821c5b95a67a277a197140816784e820ad8e126b3d3f0ddaca73e3eede78c1c1d3ff5c2a98c0cadd644393b7e3c2273aea2be1c6fd20374b71edbed5658237d819b5e4e206698c8cc8c12e017196776bbd
+TAG: 57da1b6d2a9717b7f6f37f21dd9c686414ecd07bc24619b9d35c62c3548586bf726bdd33fcbbf64686556d1ece930f37c6f4c8bc1931a10c50269cc1dcd95bed9d9edb0463a266e6e51d2d90fa9c1a1a4dec6d21663df4f4b99060b37441cdc09386eb785b7cb0183df692d7846483998269e36d06bc7e3a010ebc798c83a5de0c4d6201f2b5b7187a7d99d109741a19e267cbe458063aa1ee66c7c2e0449549d03a9cac20d356c393de63d466ac3e04d63b88c26768f0b3fb18564acb1515ce4be0829aa99cb293adb9a0d3dde529827abeae270611c35277a4b373fb099cfc86a99483063014ec189429a243438447c9cd47a333b22e2c1c84845b79e23a661d411570c510f42c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (25 mod 64).
+# DIGEST: 7db8cfbd3b29f96d752346eeda3c2bb0bd070099
+KEY: 0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4
+NONCE: fad0be905d41203f5dce998f8fb2eaad
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62
+AD: be8dc55b436965aabe477e
+CT: 13833f78c9383bb4455972d6e7d8f22597e65de7dd01afa28fd99f9734366c522bcaef59c41487d84b3f84c1e0b7e5ff6de84206f54d5ae80ce80fe3cb68ea4edcd15897fd6fabe2a19904010538005668f2b05245e28bc0eb
+TAG: a76458445b8ba4572e8aed335eeb6ef8126ccaebe8b4be3f799e1def09f8a81fddc2ddde86e2d011c4b61eb16bb74cc5a2c7e1b6d0107f6b749b93fe9f6589bf4ea2444cb63f5bdd3b65827fff3adf32044621aa164160ac4662506b42b0b13ac148e09abc016102ccc988362f5cf64b969fc056e3f302a830f9a0b7f3789bac1c940d5cd7e2dd61aa3c6b970c3d066504093d658fb5f9ac7fb22ce306f5a9d495ca7e29d02bb39123b5387c43ed9fa1b8a061a339ced5a9393b7dc6401921d0fe424c1f168451286961f8ac199c3f8f8d4b154c89d290a27cc53695e082bbec8a338ee09826555a3fba8fa4bdb663ba932db800df0a1b570450f33f936cb71622854b84b260c9
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (26 mod 64).
+# DIGEST: 4abaa8453e8cfdefd918571a961d8351754ad5b4
+KEY: dd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fa
+NONCE: d0be905d41203f5dce998f8fb2eaad40
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be
+AD: 8dc55b436965aabe477e0c
+CT: 03065bb245ba12ab90903bc081198fdfe45d7d3c6fa3b1f76bde831917376ec2a5b2ac2cf629de6bd3f23025b678ea9cc3bd7801f5510b58432a8bc17999304fec4de7ab9ac22d75897cac67ed57e30d4745588b36695dd005c5
+TAG: 92877bfb09987df366759a1776b758dd9943472b933d5720e4d199002d4f3ffdd527c2cdb16993da7aec2ee53a24f6681c22fdb9f9f69a89704b6356441c6e87930b2ddc47bdc1fa0df00f7490c16e18a095b53288042525f60f0f37be0036f9a7dfa37ed3977456b3d8c4c4b2c47879a4495bbfd6a512fb59a40b20bce316ecc559aa825b4be8dbbc5dbe06fdd074c1f2132e954fb74fc97075e9c5052a0f86bb431f7fd99d62080140e0457f8b5deadb9b2528e61731488f25f0574283a1b30c80b2bfafcf0e4343ceb83dd20d2179a38866780025516e5f8216ab70c158ddfd0ad7a446969cc9f6eaf5c984ce8e9c38fd3b8a007a1c154bb4330fbee4329b8335f4ec4b23
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (27 mod 64).
+# DIGEST: 0fb9d7ffcc7c9b84f34661d472ae2d4fa25d3d99
+KEY: 46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0
+NONCE: be905d41203f5dce998f8fb2eaad409a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
+AD: c55b436965aabe477e0cdd
+CT: 04c76011b9c4cc8ff18038d36a8c8b91debc8d0929ec173cfa5450f434308234e6a368f17a04ec0556dcf5ace0efb5ab51956d0daec5c530129aaa78309c3d0a04af17d02b0f91f70a82b2ea03522659f76d1919731ca52747da3d
+TAG: bb70d9741043c7d3d9a3c5f7d2dc1517a91729b54dc8f49291e2201331a24fb24ad212398617237c77de3d6266fd32341893a9c8bb42e60123bf3bd4fd70a065d6f3d0ae98434d8cda789be46a5e5ad05033d18cdadb36e33fca58181909dbd3cc1733dfb4b6dba689a66f19bbadd35f830d6af1edcbedca45b2810cc82ce83d39ef9d6d17aefec9b7199575e8d08df3ecb9a407b41a9c1d851e923072c96c5ffc60d3987ad10f27aab7792a198a17c8bf88c586ab11cee5008ee7ea769c56ff8d644b51059b9b2ddcfaa92d3b3055a4b3921bf95c5c131c2485d869f642cd14cd4eb9b73740534f6c48c63f76c6f1e4dfcdd9dc3c07593ee6032a98aa10e1b7f095c505d2
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (28 mod 64).
+# DIGEST: c68fec315401703e49722fe4b39cf28b14e9f50c
+KEY: be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be
+NONCE: 905d41203f5dce998f8fb2eaad409ae0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc5
+AD: 5b436965aabe477e0cdd46
+CT: 5d9af50991ea21f041a766d8d9036073eeb0ac083b8069619ee50c64c661bad73a9e2ca7f8b49ad9df79e47b49ca3c8ea9dc254854f116a49959c91481ba96463521bfdb74902a4b454d2c6af72d130175c33e8764b64bc93955f9f3
+TAG: c3ccb45d8e69eccdb1f058a490d8de92f255953c16f27e21b49e4f29639452ff846aa45394972d895a0fcde901fee45211e835f6e4152de7475075e1e7ed832d45e0407eac1c6a0c88de4a9fb44d961b3be197e45af38a88d1070416c419046f6e43496e6fc1750de734c7773bba9b402dc96683d624117249f3d3f3d87f83a140018afde34dd5980e86e157d632acb7fa5400dd272fe74abe46652eab999b9ac1cb65a4a609f3bf9cf3c8434f9eca0bd440d665e772629c0cc76e0d9009e47f5667c0a0846ebbb1c1b23523262d3225bc23e3513ebed8f67c721cc0886efb251b374ee4e79f60c6fc7bfb81ad9ac88c0a782d3c4bb918cd21ca1f3b8e311f5e48b9e6d738ade59dafd07ca721aed0f6f7f98f1b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (29 mod 64).
+# DIGEST: 15e1aa5285beab679aaedbf51a86b4aebbe3d7df
+KEY: 99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be90
+NONCE: 5d41203f5dce998f8fb2eaad409ae021
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b
+AD: 436965aabe477e0cdd46be
+CT: 182dc2f9f412f305a8fa4813e8c8eb7a41f9708efb516fe3feaa6ae94c89b4437cbdba7c738fb97ef9739ed94d988bd60af5359194d2b5f8a48e3f5482c3be294ae65ce803e21acdee157d436188980be8e58c95a7a5a33e427473d4ba
+TAG: 2751722d2433b908076080c82895c633135bed9c7486d2fec286ea11b279b5029784972d39c8732cb1631841a60e86ad8b17c41e9c0b54ea3dba7b15121532b7d7a7fe8f92e2280481c73590cc38bbec7888932be3d10ab251157ed0335ea1b06a379c4d19d7d860bba5164da684c9d0eeb20e65c0c63a60bf94f65fa4e0f61bb94786271d5ca588093446fd563a6d513d81d590244807ce399f4bbee2f09cd8145634c1ebf06bb408489fa362b06af21a934b1114dd8233c8cb629df7fc5ac619fe2701de7daf7d7295049e1909fda9864fd7cd088316be8dc7770237748de45c3dde6d476d233983392e1a3a96f9c6550d5a7df61e3818492806db44121c277df71b9e1e176e335a68f2811637a9ce17919d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (30 mod 64).
+# DIGEST: 8cc0b1164fc844e958e055b7ae43f2f95c29e8c3
+KEY: 371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d
+NONCE: 41203f5dce998f8fb2eaad409ae02116
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b43
+AD: 6965aabe477e0cdd46be99
+CT: 0990f57d9a7e9b64bcee741e158eb5749e9d7b34d43c6429754689d87fc45daaa618fc62d3dc111e5a1a7a06b2b14c5b0f3e2e463085e80da6ce4a6f7815cbf871376c8c87a36555b8a74e0a14421e1e4d74f7531546369ca81e4585f86b
+TAG: 4e2e000dd4c6c0eac8aeb581fd352c8c8d4033ea944594afdaa87f05ae6be756e46cf27b7ee6eb01e9f4eb50918d2b438fc0d1eaaf7c6add8078a6a9d45be1e813c18b20eef740c85df67de7765974544f5482f9a0012192f3d84b2cf6c01141f6a8040158cf9ba03c5a1b580cfddf0a682955713a4cac6e0d3b6e273db3a91a1b8096f85fbc3c7a67e893885bae3b4c65d03d111da7e199780de379c6ee07a3657ecee397ce0c9d34ee5d39e8fc4a64c86a0d68182ea48b91c76f63011d0f0cdeaba4e1ff6a19686c5223a25a10af0fce79437322c0cab4786fdb4b93e687a1c7154bd294d784169b1bc7cc5c9f3b8bc3e1d8b808b448f926ce8731ab30a33cef85f57053ef081a8948178030a50c247e53
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (31 mod 64).
+# DIGEST: b51001b6ff9d27bccf3103a4961280e0a1406257
+KEY: 1eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41
+NONCE: 203f5dce998f8fb2eaad409ae0211641
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b4369
+AD: 65aabe477e0cdd46be9937
+CT: 8d7999ec7a80e528bd6a8d2a9724930c93ee5cbb0c888d9b7c79d2449e638c03f3143f1927a1b261d66ff55bdeb7ff6616da99a2155f465d7c91f54963e7cbda7b61529381204ba43c9681260799ce66fec9b0e9882fc0ab474fd9134adb66
+TAG: e9012cda52183ec3e658c42f819dd986216e84e14eb38a462e3db010070a3056db6b148863afa9af5849e3ae963730f02bcc2b419f9cb37659609dc730008a43c41e87312b546d3b67e1f092001bd8a1b81ea304126801f149b0a37d826e0fac21045be4087f76e3c44a796bb55b6e4565d44cba7a8a48d4ffad797982256e87b95f6599b53f2ad34299d90204acc139d115b66c78a2072c741c43c81bab9dace2c0088b2a5dacd917e75ff0de07ab5febad79eb5e0d03012503110bc0f62e2aedda35c9bed4b7c2131f96a4d0c9ca4d133ee032a787e499c92cd46b33e5bfb7f1d3de52db0c7e2a15232a7c3c064c90bcd23366bf982bfbd9694e92b709a86afa4c4a6eb8d5e9b48a20ef409acec78a8c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (32 mod 64).
+# DIGEST: aceed075f31ab159f6610f43ff0a6ed3a359bee1
+KEY: b8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d4120
+NONCE: 3f5dce998f8fb2eaad409ae02116417d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965
+AD: aabe477e0cdd46be99371e
+CT: c3e61ff897b490847e6539236d2e3b208baca2e83347b7ea2ac714f65a409638e59a5dce5c3a4109e6d6cdb8a232f5f8a2577101f9fb53aa50918f924c1a5361ef98d6672258b4adb37ca5f30d22893dbde262fa9cf72d2913c1901d70a0b7c1
+TAG: a49c692364eda34c22ad3745a4339244b687f596bda16d4ff61c6697996214bffc78fe54bb30321d37f17a7ee146dd33771b9b922b475ed41e55de39f1573683e4c8147a9bc370d6f75882c991073181d3f5eaf31a9cfe0dd205540cf6a2b6c0898b3d1ebe351c7e036e136088fe88a07e2c512fd488dd5dfbaebe10e6627bebb2cccf1e9c985ec9f1924abd91d29f0862403c24496ba6c0535358de379a60adb764fe00f5e09f3487b075713a85452ebc21205279815653b39af6c7d84cb1a10178006c1b4ee3e53028c09ef59817abc2335fa2ee7a56ea18e2cbe533b7d30c80609151b58b3c711314b35d3be3df1cb6d5cddffc316a940cc78ba1734da1c09d1d05c2650ce3a0fbd60bedfef7a83f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (33 mod 64).
+# DIGEST: 976ca4c9819e25a204a024d05fbe7420f717bc58
+KEY: da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f
+NONCE: 5dce998f8fb2eaad409ae02116417dae
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aa
+AD: be477e0cdd46be99371eb8
+CT: 1944f256989b6acd7dc7c334d10ce71d9f2980cdb6adb03784061096955a3e10efe7cbf1c0aa1caab97cdeee4d08a8ff34d68e1b53a0df58e79a4c1d5d9b7eadb2430c0b8049b6c43a848fbc5e5feaf16c5ae08da38f973b18e33fde747702b882
+TAG: 6e0c7a079e170b669fd211bd54c2cd2c51bdd5dc84c84e0da6104dd1d5f6e8b27847a4def48c030c515b680a5db67439f300d184d2c8fe18681c7fa25840b80f53ff494fab5e1694a604c1c12b3b113aeff88bc2c5bd31e84cf5474d6429b4cd08241e94a7f4276054fed2f2a0d863eac2671c9af96045447d6422b8789c4674feb8fb27098b5ef613f08573184271899f735af845e6b7ed9dafd4524247178415479fd60da081ae076331df7ea141df29a086b76bbe35dfd4f983e45b2f1316cc27d88c48b87d2934833eeb5bde5df0866e4a9d8894fc275d6677eda6ac6b41a0475aeb9a55ce7d7a04820b581e8565c9d9919685bdf0f163d77ac45a15e4717e2e716e49ddd079f18295bc7a05e7
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (34 mod 64).
+# DIGEST: ad8cfe7556704bb1974e94f70d8743d147c5c3b4
+KEY: 7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5d
+NONCE: ce998f8fb2eaad409ae02116417dae0c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe
+AD: 477e0cdd46be99371eb8da
+CT: a850ddac6117f7b13e15c17621fc7c99f2276ed7337cde87ada287814150f8b3f3e8ba7108a1237fa6a9ddcebb07c234660ec93b8279bb4614be85c5973603568e885f5f8ea102d0621b5ba77fc58af4285c15996d6868c520f3e09ec5b6a468cc82
+TAG: bce897e6a5dfbd940ec2c477af3411901f0f2fa9436ff3b4da7354189f097d231b95741788b45e9a56e7ca7a41b265489578bfe8667b1cd64a2ddd765144e770ae13fc2e9ad24575bfb97e0e012869ebfb52a9c7e181e79bc260442d166550435dd5c08b131ed3850f78a2e1df8a1ed026d9310a83f0b8449cf2baec42d7d7e31c4ec56d9d25246b34a479ecf8ab850c65fe8b2a6361fd185c25d6f253f556aa46825c535a4a54b855148e032d3e1ecb8d501802db1eac194a4bf7f3c70f8b8c33cd88d3362476e2080cbb4482fd9453ead6dc62a0dbc0649e41a699c53427ea8ff93fc9f2353356f695642ce7db49fffca401e9c275365dd0a339e3970d5810c5667c234986a65e1ce01e827e27
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (35 mod 64).
+# DIGEST: 1dfd9608adabb5a55e12949f1c4bfcd5a77cb703
+KEY: ac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce
+NONCE: 998f8fb2eaad409ae02116417dae0cef
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
+AD: 7e0cdd46be99371eb8da7d
+CT: 0cc80c78b73b1bd898c6af38846d32837ed0712ab7cc48b01c6dd831f37237ca7634c90aba35b35da59b60aff8e6b9a622f5a481c98c03fc76c1375e4602e96c08a465f3085ec86b0a8e1ce8757df761400be6510f1cdff60b05bd46271650b9e5d5e4
+TAG: 34a24675223b1e1d363b941da5d1566dc42a61c7c239a6684a497e7ef90a78d29c1aba0a9be91a8cc8a7cd578c77e62db1234da2b913e9500cf81df22cf481ee43f0818be959ec7fe49aeb7be270d227f633f65a003b19060ffe8bdfaaacd2c20ac65b43254252fb2fa8d2264f5664f3fdfaaefe7216c3f8bc6957656d218d5f98f5b377fd675a21d16769c499b82d4fa54be52ef8c96222b83fbe5bd3b456c9d181cfb5ce23639749e9e22dbc3979f07910b83c200c82a3dd449e5ae47486bd7f2cdc26c3beea2d3c490a801bf587e323725be1a76c32396e5c5ea24a9933706260d5aa16c847e00bdc5d96b0b96652a2c73e6141367debc228af6f944bcfd65a9269a7fb8c912c25ae2a6e8c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (36 mod 64).
+# DIGEST: ad2b43eee27e6267d8c5c1c3d558a07dcd6b1f5f
+KEY: 997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce99
+NONCE: 8f8fb2eaad409ae02116417dae0cef45
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e
+AD: 0cdd46be99371eb8da7dac
+CT: ad918e7428ca106cf043d6626772cd45ce998f32fea28c3253fd58f0fcc191bb4cd250b5dc6a7b352bb2aaa66601e280576fa60ad8c3aa58742462955fd7f33ddbbb5036128617c1fc3bfdf83100dfdd069042ad1887c2821afbcf822756226c69779d88
+TAG: edae83839ae4bcbcf7da661a302815b024d7576e65ecb70c183411003b1d6c769a13de3444f82c7783ff5593d9983b369833cab8dfc80120e35bc86d3b00c307338163bd5de5863a1f2daee49b4f535ce455b131eba334b7c995dc25640833c6c0a7bac710ce37ae2b85e58179b57218e801c4a7e5dc19cb3c841c11c299a72efd9cdf249e9c4423cfff588895e38e5b2d166344ba53b083da555ae4a1e0278f5b7a557e9aec08ac70da44858306df69ad968c017f8b4c24a0b562be19e1f6416841387ee3cd9c8f7c8b3dd1fecff0609fc77c4d86fb1e387cd1932775e58b928f4022821c0b9dfc43912fe0d0755b2bc2f88682f6b11eaffb6caaab1e295755d1256810ce16d70b306ffd6e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (37 mod 64).
+# DIGEST: 3dcddb1e4f49633e7b7bd36f4056d16c53be7f5e
+KEY: 7deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f
+NONCE: 8fb2eaad409ae02116417dae0cef457b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0c
+AD: dd46be99371eb8da7dac99
+CT: 8ef4db8a8444ddd056428a25b718aec0258fe05b5fe8d6d972ca6762875c030fa2b4822cf03e797a53046749e39646c8c6b373a1d77287f4124c19ef758eef75db8e4e03309b3d14e918bfd9499ae5c9e2f3079ab7da8ca7f00ab69d14ad96fdba1c58b813
+TAG: b78d95ae68ef1121b27bf93eb67605bbcbfce1e0293fa37e0de4a959cc0a1a47a374f6727edfa9aa5a330e5c3df90a30d371304258624e8015a2fe7583e362f045087ac9ff6bfdb5371d9fc9d55f7dd91bf0310450c36d33538ad5f6057d0c8a0896217643c4f95ed6c93ec95dc6df838cd43d6f60dc3d48d489922dcb1fadc586dbbef4200a6b1d67d2024493fb4dfdaae7563edb5ae93fa2065d750a10919484fbb1389f93d2f28b62c8c6708122e0abe0ed22ddba815da8bd80393fe274f545e463dfc5f26bdc207f3f056263e799b3c89f9c740748a37b7f28cdfdbd9bc89155e466e9a1830dd6d0a206d27a588c56c3b6dc92d5202dd30ec0a2e1e31a0da1a5ddd9d905204f47cc25
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (38 mod 64).
+# DIGEST: 25b982a242f669c013cab1c18da425330090e3cd
+KEY: eafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8f
+NONCE: b2eaad409ae02116417dae0cef457b9e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd
+AD: 46be99371eb8da7dac997d
+CT: c107710a85a49250f3a4401fdf07a44f96560ca5e71d6021075b7b6e3ff8fd6f36c652f186dc82c8a21a8a743dcc007e6710214320cb5c5e788f8c5b020e4d0d89ec2fb780c9ea915966b9f9b1e2cb0f26fb6bf1aba6e6501f2571ef1299918d4d2e6b367e22
+TAG: 3e7739cc9f98881f03a99d95250d460497e445cb24b4f8783c0010070484f8f379d74903d9a99f6a621791763af4e8e94ea305642643103b2dc0a0c1342f66154a0b4c4cac63e79d7121a2a44991273a9e1111208b3d9a5b6d11a6a28c83d16c9099d0a0247bf4670717ef0e8e6bd4e48c893ae189cab4f916862a8ebdfc0cb26cc545a9a08f01f8b4ce545914a35924f728c4e914b8cea6588116e9ebf592d4709e0c4efc8f0f8379fb30e35e36bfd68946ada030e35af5ed510a6061471659dd6780c1356c3dee7f69ab449a402456b63abd7e7763b4020db5216f099ef78a2125b42fe508cf94976b8e4e9ed65b38c254818e6aed084c037efabad7bd348e4e16099c7709cfd9116b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (39 mod 64).
+# DIGEST: 9d7958e23777ff2472f5a24dea5fc19c151dd921
+KEY: fd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2
+NONCE: eaad409ae02116417dae0cef457b9e5e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46
+AD: be99371eb8da7dac997dea
+CT: f90604401a507574dcfe5d7c5e0c36c5fa65d9a8f0a25daaa9fe5c50ffb3758f52c9c883c2f85d879f26845a130044d395b58497979cf24a9e18ee1f27d1eac4d0cd994a6338c5755c74419111b2bebed645c3d8b8071a7b5304eab2c33777eda01ce489f4a6d2
+TAG: 8a94c9c05afa552672247d156dfc8d60e9e3e1e9eaee6e58c8fd6c1f9d41bff32571526cf035ef595cb5c5b2d64b2a98bfcadebe5ff66a6a2299af8e00fa27e621217c5ee1542a86ddaf93e293d01f20ba5f9093c1fb7a1b911e659027beceb9518f59d20cc54f958945dd44ec38f73fd475647a008de974e50facab9e6e878e3968249a91b4f71f4f86486d5e3bc2abd6dcc67989f58521ee78214dbd29bb7aca0f601842b1d36833748069e409c58de54f7f6e6f17b9e05127568a1566e70254589675f2802c153bd5106afa59e00ac753fb9c3f67508deb5bcb4e25d47e52852acceabb8e5e955e16c0b4448cd313c73ee2195f185f8869165de7f30a68efcfba1adab85e2eb975
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (40 mod 64).
+# DIGEST: 09e9eab51bcb9faaa3bc3e473ff66b06e39653fa
+KEY: 64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2ea
+NONCE: ad409ae02116417dae0cef457b9e5e16
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be
+AD: 99371eb8da7dac997deafd
+CT: ff258ef9f318036586c5ec9e956c10c9423ad3a8a5468527c02bda6878c45398b0c78f3fba4eba3785282b3aa4586d31b238fb941546bdd6e3d918444d45f79b2a5ce3df0e8769a952243cce1f17f736d21e44d8d49449e017e9aa5ea20863a2f6b2f7025de029e1
+TAG: c113b619c1829f799e045047dc1587c35eea2e9b5735e9acffb8d5250acb5340d7e48f261c58f6e1dfa213980d35df3f14938a5d6c20908290444308c31cfc08d07cc3258a5221e3c8d72031ab52ed92cca76a189eef780048623f82af821d521b0489068af4ff2954bd73dbccc6d6d4124760a5c71fbf88435af2ef8eb24197c8d7b23358baa411d87dd4439249fa80b6f00c4a4c500b0b7113151bc4f385233318ccb3bdaf779d41c433b2424bb3651db990f9fa72649d657bb823f0e73fbdf08e6f81aae0552aaf37370f139e85da70fa52422fabd155d567988d1d2b930f89f72725d97c1b1aaa67217c552ba1b6a51cd97bf2ac7017a2a97298c6d86bab809b9b4a7e1776a8
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (41 mod 64).
+# DIGEST: 7b17b7cb19107af8fc4671420e461060e2ef3e61
+KEY: b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad
+NONCE: 409ae02116417dae0cef457b9e5e16dc
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99
+AD: 371eb8da7dac997deafd64
+CT: 5e654ee6344f96fa117a2e1f9cdc08bfaca9c83b1c4d61891e49077c8ae7a8aa604e1b19995b32872087e04a59ed367e42f0ad3998cc2112035b33104164403a948ecf73c516f74adaa57688cee9417456f996847e0c637120478f7d88288b5403f0697c4834e4ea7f
+TAG: 363ea1d1325e86bb389f4c97a844b76e43d76fd4750954352aa52f5cd174c3d902a71a8265fba870b1b0e3a1add011914df362dfbc8f075cb45d2cca5498b48c49f0872f8371bf37e334c33dba4170d101dfebf14a519d37647748d92ccbb24774caf56204c1e7efb4b765b63d5ccedc308ccf06bf614e7695bfbf9e416df526ad21c4fda82cdce18ea647b6f99fd2bfebeafa94e8b9e83fb2d85fcd5f8456ed2e374ac383230dd39c528408e3b53a92a3950883f6eed412c1a5875a5db61b98c089daf3419522fbabcaa33479d4f0140963f1bb788a2471aa0384b44c0c69a4fc46a892f9ec8cca4cf0d048e30eefb1a74f8fecf77a4d61f97e4835a85594d1df3a345f720fca
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (42 mod 64).
+# DIGEST: 48586ad2eac603c136911b28e2c69f101a8ef371
+KEY: fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad40
+NONCE: 9ae02116417dae0cef457b9e5e16dcc5
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be9937
+AD: 1eb8da7dac997deafd64b1
+CT: 59201549a3446dcbdf5c3fa8db930606f6e9bd374d8405e15d55493a82035491811f784fd4f0e3bdb6bdd2e01558783a00b32c53d7be31525343a5a2d72921222e32891149f8dd38303ffb584485df15dd4c6917d4d8ce80e1dd5192f30770873895a0219cafbe8dfaaf
+TAG: 30b74b701e2777b537a16fa9b2d3bc9a86d718a4440ac3a0475eb675b352f215a847a286f042285b50764d14ddd3b3088189d7e26b96cdc33856347f3173c7cf4c9696ad560773e65878c4f8db001bf66a9e27e7f42593e9dc3f206e64502b4a11a235d5ff29cfeba3fcff20afac264c691a847a0b6c599bd9f7e4a57179f46b3880fac1b6cdc10444ee5875470d25c8a7bc20196aec1f028aea628092b5ecc973a058f083f4157dd9202d1f6b09c72374ea668041ab18045a383242b5e96ac127f6ff263c15d0a4999f61153ffc5d53bb77ed11b5b8bb3f2071b8ab14d92d161f7e39470913043b316ed3bf9baee35f8594785ff0f99a39b72e918bab81c49ec6c4c4ca459c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (43 mod 64).
+# DIGEST: c37456cfc543ba6e5848b9b8f4ac5a58a104b521
+KEY: 65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409a
+NONCE: e02116417dae0cef457b9e5e16dcc5b6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+AD: b8da7dac997deafd64b1fc
+CT: 54a2f87f11c6597b3013a0de46b61a8fcc28ab021465178138cdd76ef01c2701b3a48ca4d3cc885173bdeb33b7b27f9064d2f09ec187d0c9c482522fb29bb421595589aa69ec2ca4155f503bdb8f0f8d4d2f08531c0deaa386b9adad07e8aaa351e76ab938e435c7eee05b
+TAG: 2b4f8a42097dfe879397a6fdd13c8e2611399c3c53d5cb5c0e41a4a49b99522b127dff5bbcdf4a5c6fa79440e8fecfbe1df30d34df7c3a399cd79164cd39ca50a3bb6ce2b95a46a3f50e47c9041dbf8f39aba1e807f66984619c62499bb5f0bed727c5214efe67ae9863b99daad6b2814484f9e96c3f6aa5a31417624052c69252de37d7f913e5a2715459f945958adef369e59fc7f704ba9d9646870561efd3c1bea0ba785a8a39698d7ccca3e0b6a6dc3b2570650ebaee1e133488b3a227fa97a8580737cb4852ae3e04c11df82816ec4d6bba8f9e63c9c48383466d9d145d27d18358e822af696a8d7c7aa65e2bc7ac32204a8271684e3803347423608666e23e90345c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (44 mod 64).
+# DIGEST: fc113d192686652653a15887974eb1f9b8e32248
+KEY: de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0
+NONCE: 2116417dae0cef457b9e5e16dcc5b6f2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8
+AD: da7dac997deafd64b1fc65
+CT: 0f0483dd1e9ef91f215f7f9817b7f82e0b96c0d3b2996b2a1d878d0be3a70c07a4bbbba3721e646405a8a7f44347557d482d7899044af37f6df054070eb4debf7471072af1e4c98dfb3c192e956b2931967d7fdf200b464be1ff1955a658bf86faa659db9fea5c63d26c13af
+TAG: 176eae7a290cdf30272c219178d7a011400870bfb2ff611142d4e16fff9278cc5778770605f8914f09c3509fb6ec23bf5cdca390cf8dc0390502b3ac3026c47c167079f12302b6ea7eae668b6dac95a5541124aba8ecb8de4cac6c21ba17a2423ed4aac69e3292f3f4f031e9f54702c432d514726cf02ed646e0f60ed672b5f212e62aec4e51c8b8fbad3f1689f1b7dd775111695a342a279f7725da6ffa0e5a2ff5550159208bd30d28267c600e6b183dc1f72fbb4fd8013c5b4ec93f19dee5864bd854df3cabd5c813d4e3ec083d55ccdad4a0178e5d6cd262843d6309059033b987e366e66c67a3fcbba86730b5fcb4786989f86ff9b8a7318302123e0d53152a2a82a7cae76a81b017fc0b883ef6f8cca921
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (45 mod 64).
+# DIGEST: bb6e5b5be84ee383caac0378cb6f541726ecf61f
+KEY: 39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae021
+NONCE: 16417dae0cef457b9e5e16dcc5b6f256
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da
+AD: 7dac997deafd64b1fc65de
+CT: 978a10e04037ba7f0dec2576efaff6e5e4de5ab80b4b0c0b8a6209e22da05b8be0f832883e371c61c23b5bef969c004bf2a0f0fc8fbf1313078e12af2b3569a98ae5ee76a9bbb6da6806be3356c02dfa607c26094fd876d8f9dcc0395f3fe356b0a51d1f59582a7bdc7da9971e
+TAG: 9b37a729911834f666621a052c9d776f126e500cab45ddae7ad020874d77976af6ec581efd91dbf46ccf346a9dbb3a42d08d23de1cc074788f6887c0b15d98610b19fd2c00752136af3faa32e933518093d667617ae1dfa4e4527779bef7ccc9a1b82d8ddc0eb1d7d9247d0382c6d98ab29f60bc897d28483f1c69fe9b0d37113d237f7b3c3509411058e1c0f36fac6014b6c5937ef005a7fc2e3352da4866384d63c6aac2fdf74cdd16acf782022e4c5f1fa528cd6c977425ab19d800664577b5e5cf0a82e7ba75716c75bdf87eb8c7bdf7346c89d453bcff89ed0b93d9eb1452b72390a799498e31ae691460e5daa8ae3506aab4877cb82e3378874c6c97064b33f969786ed84e81cd1c2e2925b56266ca72
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (46 mod 64).
+# DIGEST: a27799fc2e00e7abec4c5939451a834c4606cf7a
+KEY: f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116
+NONCE: 417dae0cef457b9e5e16dcc5b6f25607
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7d
+AD: ac997deafd64b1fc65de39
+CT: eded0eef58434338153caefd914cb98ff516157445bfbd25c3c5cbcc0ad68ed1bf049ac292da027acab0310ef08d66040341721524982165cfe7f6dc495f7f5f36cc410470e3b42045b718f580713dac8074b0e76a0345d11c94a9800bb5e5eef1cb8d9ba5818799cd1ef69c4ed1
+TAG: d7459df78edeb89e01ea8d685b5780b94ac339c36750f2d5bc09009c12a22893348bb74f8c38f96451e5204e0d940b9b84c6a89eea61d6a78eff111b806ad4a50c8456d13f79288cd3f3bdde755083dd64d13e1c887d8df5102deb5a23055a02b6cab1021efe6add18d00be8c3afd6f8e80bc539c76003caad47c1cf95085bf48bf9ab6d487ff4cbf5bbbe0f2a2972e6a165a2e5ad230f58fff76fb8ed563b810684daf4b5902ec8cdf2442c323e7c7630129a89432a1795380a949f1113facd9ee148e2d38d4457b508155dba0d8d4812aec13d67050e70e2ff98a1fc1dffa01dcc7eca4349a0b14f2507687314c49b3fe7cdbde2ac840bd8ff7fb7c36a037e7b7de485183fdcfda49a2281645ec1b153ba
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (47 mod 64).
+# DIGEST: f30eaff92a640a397f98e6803623e8d1f0c1fea6
+KEY: f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0211641
+NONCE: 7dae0cef457b9e5e16dcc5b6f25607f0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+AD: 997deafd64b1fc65de39f4
+CT: 7c433fc5255dd1e11f67c499c6a89c16b4b09355818cf304f11167bef253dc60c95486a840c3a8f77440f63a5c6a855931a90eea66a281d51d4198679e1420c824ae5c8bc0231444b65b69832b84c7b5ee2fb8484ac08727eb0cba0c14e7e0a9071cb0cdcf73d5d83ce53bba361ee4
+TAG: 2e73871e9d71defb381e4e7d49d5d45880fa3effcb0cfe673ab52805e6273723cdf99557ed9ca838aa2229fe8eeadf7c6d94c91e867ca023fbb2d2835e420a3b026fb5e3915e38a7ac02d43a8c6ba8a149e99abec42967106bff6c80adf9be5c76503c95053c21472b9a338ed4c9c11b161ce83e2d6190f87e4dcf169e945335cc5acd699b983629d0bdc452f678232be0d31b9f231aaf4c3c3df79b1b8b2fd8802df0b71cc5e26b2a5c5c5ff0616bdff6cc7b1f09aff68d5e15dc9d61c1cb6a2c9602eab7794eb77af8bed198fadd854e8f8a47bf6bc11a8f75eec584f1901fbf012d1fafc03604ae49f9585272845677a1cbc27261d5d7fbe9bf1f1c9ea42c61b110cde99a3a602fc9eb6c825656d804
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (48 mod 64).
+# DIGEST: 7227537c0113a9f46f7d332a0b37ee5303483d00
+KEY: 3541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417d
+NONCE: ae0cef457b9e5e16dcc5b6f25607f00d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+AD: 7deafd64b1fc65de39f4f0
+CT: bcdda7eecf3331f4e7605cfd33789ab585318bbd35047755402372403a4df125e7f5bdf857e49a3f74cb8e824576a226c1942fa86de07bbf564cfb384d8420a367963020613dd2f6bd4f371ca1b53532a7015dfdabd07497367aea8db92981418eff6b51eaafe2b6d5b3b4d1b8b95659
+TAG: bea683141d42033e86b38d5e0614716ed53b7db5df93b0aa48b15e0111a46ee93c2971df88fa885f8f32e81222d9bb4b605640395e37e1ba474a17f0df48c488dd5a6051be2323f462cd94f81261289f076d60cf5907cac601e2709dc191a9ac5ef784733140ba8d45edded7e58d7316f92a9bd5aa86d6f8441604261a38359a8cbe57bd95522db7029db058a8b175eddaf8f258f2f479b348451b0786f15336e18077ba23eac377ea367d7e1afc08607ff63be2e613fea2e6097192ab41e40342e36688bad628ec273897c86e75e0b83d0d85fd13e850f29cfbe171a8d1b33b72a344a9e2bf292f0dad2ca754d45651a2067d9fb18c7a1845a9c145d4273ee2197dd0b4da66e88a7425a72fd541a78b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (49 mod 64).
+# DIGEST: d76570385cb65d30c3d636ff25c5efeb8d1ea08e
+KEY: 41a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae
+NONCE: 0cef457b9e5e16dcc5b6f25607f00d03
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+AD: eafd64b1fc65de39f4f035
+CT: ccecdb03830e84c5267a5b6f68dc909cafe94a1c872602961e8467b4b2723af537d79d723fc4e8f0397fe169186c23f50cf9e78af3156f507bfd38181dffcc05695583863d8a167df062cd16aeec0cc548a7b5e16b148ced8bc2a60a33a583779fef6d7160e0f6c31a03b8a0f1ed8e18e9
+TAG: 5175c37f295f196bcfcaffb35c4cfecd88d1b9c773d3162c96eb74a23722e599ac728ad68e2ac70369e0c6d212826afe93cbbc61abfc309d3f4a6f0d22421e02d711a6c97b6592b561b49ef5f6516367cbd966414d9842eb963c79bd4a8e1550199fc9cbd58b5fa5b898db2244769a950ee62bf915a074d5196732ae69cdaff05266bbc049903f5d7c702633741471bc3f8e44a426d201c5ad5987db33687db05a42778617c253576361fcbeee62707d9119cc76fa0627fcd65df7bdfd26469bd4e0265355cf885e2e515d56307adb91be258befc45ce8b238f6177d24f38ec56f0d64a46124161992a30f8a64355823397012af08f1df378effd1f67fb30796956fcf28b0ff35f618060a955b6311
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (50 mod 64).
+# DIGEST: 170369666d1f2337b29b5f14af68d47910388e7b
+KEY: a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0c
+NONCE: ef457b9e5e16dcc5b6f25607f00d033f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+AD: fd64b1fc65de39f4f03541
+CT: 2828ec3db18423dc583c7ac7dc5231da07af1756d7c032a866c64155626be3b3a686a93699023f6e421da24596baf99b45244d07d86a8973450afdb87ff2e9dbab6fcef52cd476f1f25f27f6bb3abf9b406704a14ce9682613125139b238d985ab8f68c17f7b824f279c01d820fb70502dab
+TAG: 6af6f94f0ef92665d286e08fad2845c4c43f985b0cd0f09c6c6b4899c350a1a342f024c3ced7e54bb00b96d0e04c6d484e95b585a687258f4bdd1c00eb1d3f44e959b2dbb1444a292c81c92e3b1a01622fa377a583117bc2e170ea8c033864fe7dc09b7a9b1b5826ac8e38fd5849ac9024bcfb1c587be93b3da485adf297a77ecbec2a88fcd82e7eb952b6d012ec439310f624fd07de7bad33a5a59b72d88cb454d5da32d52012258c8754cc61dae82b26f8d6df7a4ca384ea88a30e12d4b07bc413791cded177d325c03a5a6c532641ca46ba2560cb3072733282305266985bc4afac41b171b28aae50266a00afb5a778e1c481a7799f29ba588ed3ebc65183517a31944921ae3a040731666daf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (51 mod 64).
+# DIGEST: 7c52593d1d37b0dc380297231c6cb7b64e04c493
+KEY: 1be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef
+NONCE: 457b9e5e16dcc5b6f25607f00d033fb9
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+AD: 64b1fc65de39f4f03541a1
+CT: b463f7f24871b617a1001d2f73f9eb8fe39b5fe0b382d420af876defd68a893add2eb6cac45e56d669f4ac67a943a3b32daf0932072bd701f9291b5020bfa9133d2875d8f6ee78ce8c49d45b80329831799f1eee8c712683300e49c57dc8c1ad0b07465184483d669b04c183976289e3ad6070
+TAG: 2e8b0999a7792a9cfe5148a8730e28ef92557e1b5d9c318d27d12fb1356fa0dff3467e865c530d4f20fdb765f7ec7e56b7ba28fb49309bdddb413182b07670cba711d6e5e3c086b4e4211f0f19666590bdc9a121e1430f6b0c64c07eff2d81e47a02d375fa46bf8d6fb8708f3a247287b595be7aa19414e3d2d39785a0bc8ef46b547bd4805a8460fdab65d81866dbc496581ec548c51f601e13289fcf3e45f1bb4a7777f9a9243282681aa1c746fac4a8433e1f477950eea76c24d318e95f0586eb5d21a16f8b2b58a14c4780eea922b97de4b1ea292f842c662534bea84213924e837cb546c26f3bc9951eca7593f4f01e3e6360cb14248d127a08d5e0b77f438479035769e0e12c856bf3bb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (52 mod 64).
+# DIGEST: 09a1659100052d13bebb4defd7f54f975a58ae2b
+KEY: e112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef45
+NONCE: 7b9e5e16dcc5b6f25607f00d033fb95f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+AD: b1fc65de39f4f03541a11b
+CT: adfffd8a654da994aa8adb618cf69b25ad5dff201cd3a84314796e0228ae3e01be77cd8052e950fd74e3d8fb0066705874a7319dda8bee7bf7748ad844a70b1ee0d774a6156fef109dba8346a68b48458728ebde458e5bd777a26291f98cafb175864fee2d335fe5a38f1738df9a5aeb13f25442
+TAG: 0562ed87899d06eef5f3a7680c110360e5338af0b78416497e18291d4e8a75a219942acedc7d1493a15f6d35d1d8cd27b2bb26bcfd58dab2c747b4498ce1e56568226987124448509a7852588acf2dae587f0d13ca2ba54c50ea37c10e6c525b04caf0aa519662f258dee7fdbf17568ecb924c0f26701dad0952d3a57a8188d046439d7e35d73adbb39559adef95017029a9f6392d7282a1c84eae663d840184da4bbcbcf9c262d69ed2a7743aee175150e03bd3e6c38a8a1a762614ba2fbbb631ef56ffe3746dc95d9a15eae1f4f88e3180569e73b25b8eeb8474ec8dee041cdfcca5219514c5125395d83de633bf5bb05e4771e7a583f4e6a6d20af36235090454f8acab43984fda3f5740
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (53 mod 64).
+# DIGEST: 230c3353ccbd95e4f0acbbb0073053a0186f833d
+KEY: 12a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b
+NONCE: 9e5e16dcc5b6f25607f00d033fb95fb0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+AD: fc65de39f4f03541a11be1
+CT: 985481677ae867b2427182edf3de86d7b9956a4970b107ca7e01e90ee7cb02c6b9a46212e1b8ce67e7aca5e2d96272c2f412b5f16a7c1d00fe597f1390c3a686724c4846c78ae66b26ded18adb40f0d74c33a68032b97d440104cb7acc755ad7383c16013ec7fc519b293e4c624b132f91c44202c7
+TAG: 62eaabaa53e386ce7d064c718e4761d14092263af3027efcf5c343ab46e1133d3131dc3cd7dd6b8b8d9ae6ca172fc10f5887dafb169aab9f0e7eda4a5b3436750ccf47f2e3e9965b46f3dfedcf38d61dff3cea927bb3ee8509d6a4288f2879d04095eab6b9e154d0e22da31cb51638ae978a0c5cfdac346ab551d359fdbe9aa34e9ceb15051d7e04e9788240a030c0ab7c19d00f32da1df539f08d158f34a1e3fa6ee8d10ec0d99675a3465c889fe2b6631ff2765a6b83f594315768fdb30c27d2747a6e9d4c5724a5e93704a1851d606dfe97150667309b27503b09c85d86ecd83caf1ec456ac19b7fa273af74714611b3e9a3359354c7b983d700775930bd90a629d88a3cf7cf17f5058
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (54 mod 64).
+# DIGEST: 701e141608e71005d32dd1e29cd068aea736c9dd
+KEY: a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e
+NONCE: 5e16dcc5b6f25607f00d033fb95fb09e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+AD: 65de39f4f03541a11be112
+CT: a06030a844e38f9e049bcf318b10e1cd2db6b60a2611cf9788f0c1fb31a366d2038b3a1692865b926196594850807895523a851a993b77e49c911f840f28aaa42b4f427eead4e2a578d57b101bb4795aedcffc58212e0eaecadf503e3b208eeb72d53072caa44677d6667a0d22639db7aebc2f70ebb6
+TAG: fabbfe986fa42c58408b2f008c7fed482ae568cb39c938aa531e49a85ee71fced2cdd2ebe97a35295977ccef50433b41c511d424a47274599f3f2a28678a4936c1382d6a9f5d41b4266ded97a2fb11ce4e4df03f9e976675b9b35eafbbb399eb86a79a8023de822f8c0d83da5516766f141f83d8075a77e7c55e987cd181f02d8d6f7c90775bace579d25fa1a969e4dec07a5ddbef63c67b6d76bff54dbc7fb87f8af639c392a8a32bee35255e24cc63cea90445ddbbb75e4c594d6d1441e198720c2fb7674822e52d0298fe24c6e1602fec34038e62a55cdfb5d3fe6479fe6b02b5fe648792636e03213e402f02e2a3cad928996e4b1d2fecbd97ec5ebac5ea2f9c4989599648b0577a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (55 mod 64).
+# DIGEST: 9aaf96b472ea76fd9ff4adf56dab5fe0400d18d6
+KEY: 2933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e
+NONCE: 16dcc5b6f25607f00d033fb95fb09e4d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+AD: de39f4f03541a11be112a7
+CT: d934f61f94d2b0aef2b63668352d2af2db2e225d0c8dd86b8d7c901de7425dca2a0d2f3bae9dbaef4946d18ebc2d9f4cff5c268cfc80b89c35f7b1a3de12173f9377a7ad9b33751fc89390cea9b44e80423702a9848c6d2562d24838e3b0511b81a737a4b65fac394da45f62f1f3b2bfaf0b4f3f0c5ca5
+TAG: da6ed936480fd159c32347d94a17ae7bf9344d4bdb1bc0921d85456e9b48a2e2c24769bdda1cd6bed0b44e980873ec3c79b4346849366ca6d6a77e8b1091c6657a009691733da37706c0f480244ec0c7839648cd0eb63a28eaacdc8b60b1ab59f7d83bd142419a5a548df23f019e560c0c9a307b4c2498f69386eb13d4dcc64ca77c8f5f7c4b6e0c18a058eac72426ed4d541477e3a036b9a450af234670c94a4ceb7cd19c9ae113477431fc2ea30738a95c5753a4b8de9e0e4e1a0f7d52f67b2957a39ff1c6eef88bac3b927ab004d64f3522e0db7e80d27309b864996aa2bafe615139732cd492608cc128295132a4f40a70f8bfbb5b18b2fa45c55c87db39872bc5c1e3300f446f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (56 mod 64).
+# DIGEST: ac6871d354eac507556770d8b6bf10b5240273ed
+KEY: 33c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16
+NONCE: dcc5b6f25607f00d033fb95fb09e4d00
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+AD: 39f4f03541a11be112a729
+CT: 413d2c3fbc77845409ad66cc13432824ae4ae109379a9617e8b93d4f9b17fe0d0450476c3f98c229bf35e86fa792dceb4b3864761dd442c294e43b1cafe1fe086cd1ca5e1572fe2b3753c20a74b663b536f6e686d9765bafb10566f2b5cf02ee24e3dc69cb2be9392c991848b840418835603bdd83b2cf0f
+TAG: 5df250368694b1d3b11119d8c787df534fe4526eb31af32c9289b0eaa4e9455b5cd4a44c13a335857f67fd2662317e086c1a299d794830ca08ca99df1aa79c8f49589dab551cc6269129b731e4d560c7e330fea2aeb5f06eab87738bccaae53b9661a78f3f08986f454519097a6c43837931a56caafd581ae52343dcb71b98ee0b36cb7037a1eac81f308f292eca92ff2c13c3b807aadaffc832f43ed98c0cab6174639b1ec48f3e8e3736f7a20069aaddc2414f1edffba78bbbc04babfe6d6f1a5ae8f77931f78974edb257d2ea6d5440bd7c8f8283ac0e362e1959bc35bca6f257da511f456466be60ff7451887e5ff221f30547e586cc76e7bf76dade793565d733e5705bfcf5
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (57 mod 64).
+# DIGEST: 050258d6ad6bec54f8bc48c7ba2d669d6416c11e
+KEY: c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dc
+NONCE: c5b6f25607f00d033fb95fb09e4d00d6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+AD: f4f03541a11be112a72933
+CT: fca448fd13c6877aa9fc299953dc631df8024cebe774bb14839821b05485c4a8f1345697b072342343f6a5479d99d5ba0ab29db7760b1e21b37969333473e6fd16bcc5b52e1d6472fee31034d515f66439f092341036a48d637ec84d22af8d1848843aa33e3b2059f7f90a0db47dc41d8af3b5cd76f4b36ec3
+TAG: 3071b853c877cc72cbec5c249fe76736e87793118f0890200b64cc9b91e26448b327dd87eb314c4c074af49091051b69122a2d13b8a7fc0b15a87e7e26b791ab3a74e399d429ef4e6ed69f2036e91909b11075ef19c6554f21b5b9b90fe20c9c633f71c666519774baaa12d8f819ddddbb592a99689ba34c44e59792da3d7750f4cfbfdad6e295a73ada8957eb9a7f7bbb4e8f82d4647bd41d5ca2a51cee58be3fcaf307382efec054d880b5866a38aa0dcc72911c9e9ff902ca3743873618b2b35c45cb32e496ac7c8c69c1818583ea5016a57f6e912859b1b1a22bd701113e6cbaac2a935a94cc3fa0b9d4c23ee573b0054eebaa3414c936aee6bd9782385d690c1eb570c5ed
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (58 mod 64).
+# DIGEST: 70060f86c76e53512933c09deb5872eb23efad67
+KEY: b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5
+NONCE: b6f25607f00d033fb95fb09e4d00d617
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+AD: f03541a11be112a72933c7
+CT: 8c5849a917c328d68cdf4fc279b29efb0c3c1921621276ca19206c9941a5789b0aba7283e743f94a6e4142f7febc9ad35df30daffeaa5cd0cffe0fa2e4cd5ceb687def585b2634774a01a3f00ce2ca9951fb910b4386bd0d61d1e292b2b225ac55000fdce10131ba163c97f810a2b350fc8a59348253549e0cbd
+TAG: 5beab8f1449d50a6e4a1a747fc2b9864cad962480673db6451ef7aa42b42e7f0edc3748a71df8ddb33d6f9bcc9024c7170bd7a5b81577f9594a87d90fe96a50a62d31c01368173aadd7dda6f7d4c413773649fa7e5aa0c3cbd0fc760666ce5d5ec5e4209c4eda0a8ba0d66e83ed3337067d8ecfb81d3d1c1bed7eceea2582f276c43fc15d5c2bf9d2558d3c3f4d8cdb8953d28b0221c70330c346640f1ea1acccba27466cc0ec3c14729a78f62c7537b1ca5e9f9bc74c4571be9b67f04533b1f8fa2f9232c216ecd81bd120197b558b2733d3d9bab706f67670327465722b2be2c6e3f2ee507620dce326f28400857cc28c697c9b10df0d093965c21ebc42f34d71963ca85db
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (59 mod 64).
+# DIGEST: 58286fe273bf572a76a2725933dd969777c303c1
+KEY: 4ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6
+NONCE: f25607f00d033fb95fb09e4d00d6172e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+AD: 3541a11be112a72933c7b5
+CT: d0076d9cc2f829a33a0b1972f6c0d8c67718a7593975798e0667135db3ce31b4d9bea98710909313a4a2af88bae720963ee738f26bde44b54dd5820992569e5d2eea000baf5de9e0f76dc8e0b93244a8474beb7e922a5f30a5b5977611594af25ed35aab12a61de68f215d73173fd38f586b8c509459a5f7587d43
+TAG: d8ffaeef22eb2181a48da72bbf57ba4562e3a1ebf9cd2a872f155fbadeb78c47e64ac6419fa1a9b1ce5a8e78e60ed1f8dcf02535613b959448f754b70d7159d2dd4814122b35418d4e554992b4789e04f018234c91de44b9de80f7ab406fb6fda6f086fc6b91ace53dffe012d703e71861d0b3ecab86a287a76857781254de544985ac5b11bedf29138500598f757ae295d8577ae7e597e9cd915d15124c7f1d9786f9666bc4b69eaa18e28227d87bdc8935e537d12360b53746ad0d7834ad830aa5307f69c3e4ff6e37ee6ba8937f75723ae4f64c2a04949b0db60c979fec6f485dd0cf14cacf5e8d0e624d9a8578e4028b8076a9cee1e5a0ba5b96e9f0f6e6ef98ae84a0
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (60 mod 64).
+# DIGEST: ae701e5c8672dfaf728bf0f43f5e5247ea9ac13a
+KEY: d4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f2
+NONCE: 5607f00d033fb95fb09e4d00d6172e78
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+AD: 41a11be112a72933c7b54e
+CT: 298f670117678bd139c60399dcab68bb0414829b458c747b0dda5dbd67f95fa393bfd2719f815a12a2b7c6b3e769b61ddb4651970b30451cee6166545d8e4c4554c8217898186dc02684c5025ee692e12130ab41ce75d79a4ba1a4dd02e0af581a645979c1a3c8c12f5b13e9c1113316eb31b8096b4eff1bf3f7ca10
+TAG: ee9c1cae63b819ff804cc5a34d59d17a76539b7850d5164ae8ab252633acc10145c2c71b1a10b0a87cf2db361c6aeeae533201457c5952feb347f739b3c236845a887fd0974b052a4e71cffaaddd1f00c64c47251ae446a5875e1e1854ca2c032b4e01dc995f35d901b60d042aabcaad3c08cbfd12567cc789408b6710d81b6b7c6067e02f263763d74bc039e0430bc1f3b4c01f95f54492a9c5b81b8d279266b378bccc9073bf1f1db1ddd964f9b6b7ac8771ffbb55d1ff9d973cff3d4eeffa277427e0cc41a4457ad6c2f035b1c0f93880aca55888cadabcccfc9dcf53dc3924a4c03a5a7bf8416bba76d8a362893193811ddcb02b0a9ccf2ffb6902d7e0c434cc489d720487f4664d60f210433b8f71d98666
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (61 mod 64).
+# DIGEST: 4f498d0aa9205160827626ef80c163275eca1f78
+KEY: fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f256
+NONCE: 07f00d033fb95fb09e4d00d6172e780a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+AD: a11be112a72933c7b54ed4
+CT: f72c519566632f89513f3f278407845ff8096a5b63929f0ea6009c3cae0dbd853662c4017ee5729eab92f2c475f0a45533de67d4b941d4b16c1964986d8f4a16cc12f02c28442ddf5790f321b3942cb65964587f3fe55ab28064c52ce3d3598d3431788ed2c26fe1b196abfd35afa0f7c8206a6bc71d61cc4e1a086c4c
+TAG: f8c75274342950e4893ca3b0e9fe95fa51343c628e1f04d9dd19ed928ef7af0a106b6bc6b70d0ebf552c0acc51b5af94dbb9f4fca444ed4eefff63e4746af9852d727d4465695b1113eda1becabbc56e2860b55b986d6122b93bb822865ab8bbf1409aef68cbe720befe0ebc6dbb639b3be391a161c2d9ed65a2898b3ea7cd993827aa8f2c60dd0d9e926cbffd8bbf6ac43fdbb61ff0024cdb9e668bd9980a39530a526c3c9cbbe1e4f46ae3e8229bc5e7c8b91855eae7a2aaa1b827d8b99ed19843aafb76cd361259c29dba7a02dfb40d9bd2d580aa12a6951f0f53ad5b283443c5bb8b4c9fcf569b30830d1844860256c18d753a8d80d1d0e8656623b1a06700fc513a7099590aa566d48eb6c078c4472d4f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (62 mod 64).
+# DIGEST: 8c043825b2a3764e8a0cc35a011696fb3ed03c2b
+KEY: d0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607
+NONCE: f00d033fb95fb09e4d00d6172e780ab8
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+AD: 1be112a72933c7b54ed4fa
+CT: bc6acdf0943ba34efbf9eb27fe9e968f23bc1d4f1eff7f86e836621422e7ad8e1adc03249475b6be8ec5d3e96e167af7e6b85ac87b5da2364b1e0d87d5c49d43ddea8e9b796580fc4fea7774f8210e4ec424aa029717937bf76b148e8af72e8badcc3f12dd259fd4dd9a325d81cfc7a193fb756b5d140fb703aaa6d71496
+TAG: cdbcd83191a554bf922180902fd060fcc63a8dc39a90ccbca9fbfeefe9a09a9da72c8782f6d3ccd9e2b5a80816eb5bb6919580a8ec186b8b1e388a561b6c931b22dfe62544456f7344f4c18c4823f167b2ebb8a93e3edb8181f358e66db5a3966eae5e893e76b16e8bd5da922720f754bdb6edf3496b62d79b14f00f24c1b30ec6ea16d88cac2b336f2bd057e68d6075907de3c9e7434da017d8bc5348ad79ec14182e07fc70f4e33ca2aaa2216d29aaf4dffb583c1b5159eedd66a2515127c3db358c1ccd89da4cefaf75a6eb5a8a80396ffcef783973f552645885e20b91dc0cf4485e94d943ea4bff3704a4bd2e23388090fb7ff707cf80b0c71f6d4560b3be71edab2e0b8d5ded1998f3b1df51225495
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (63 mod 64).
+# DIGEST: f3a432271c9be858725fd024071c4f479ca9a971
+KEY: be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f0
+NONCE: 0d033fb95fb09e4d00d6172e780ab8b7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+AD: e112a72933c7b54ed4fad0
+CT: 0e87c57c18fdc439c968a9dab086c88271be6dd00843879ae1563e4ed03d69f9fa09a29c1bf99b1c859323eb8452acb2f808f051669bb5e097e23b947369b5a0577157995d729a75ae7a65e293acace3124a8aec53328439e5f2103fc3a236728682fc129a5b0e203bd730303fdd23962d6ea7a35aae3691f6721dafdf18fa
+TAG: d7453e8aea805b4c95ed51f1033b386cfd74fef1c205d51fe351ec3b1a3bb2e2b7debd8b20c688f4c516a61fbaa690eb635fe2974a71f45d1b4e2fdf3be4724c3eacadbc6d295ea9b6f53c249783f35898ee4818a67ce5b002f17a48199c779b17482ddf5448b6186cd979dea3d9c7b0ae3f106c4b90c960dd8899a67e9f18767b49497519c86c0b391098192299e4f85862d150bb3e439f05fc9f937c888c4f40684c25018fae0c6fedee92fc0035d073f3704f61d93e7e321a19512561676a216127e6a716d1f5ea43b67dcfaa1ffde7380c066efdc8acba10f2e790d4839419dbed3d89634ae785f7aa3ace1fa1720757066f4b75b883c0ed592b8cba79a400d5e442e23716a7a13c252a7ce156e219
 TAG_LEN: 20
 NO_SEAL: 01

@@ -42,14 +42,707 @@ TAG_LEN: 32
 NO_SEAL: 01
 FAILS: 01

-# Test with maximal padding.
-# DIGEST: 3519ab2b2943d2a50996628f6c26bea29f84c95af4c128cc3af012bb358ee9f7
-KEY: 481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
-NONCE: c55b436965aabe477e0cdd46be99371e
-IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8
-AD: afa22993a340b9b3c589c7
-CT: 7265eea4b391d880c6bc72d3282f663e5551c0a71ca35898047362694ee8f271
-TAG: 713c1f8817ca022f454f0c6c7d6efea46b86d79baaa4341843404a416f301640d175a628c7a80fdf1b37d1958b76888c69e42404a406005a31f52a59c308729063c6512864cf59608e45639630c5711ced56adf09840c4aa1d1c195b5f9fca08e6631ee9817a4792012dde00b4fb3bed7bfdd6dbdf6bfe82fab5f8406f783874b2a56607bffa361d773c9a7e5c0dc945e7a2dbfaaa5797551685a4700f6ab397c906630ac018704ad0e8697498fb9c1d5b843d808a5cf3c28015e5021dbea15f548745ed8c38ac250632efc66d0fe0f619b942fa90a41fefc779c8710c83ba586ed6ecbdb5b281003c93846299c86d09c7cf88bcfe76c5ffb1512ae5db71c1cc42bfbc03e6f3dd17b160e4b5696b2741786d5ae3f934e9d6ce0a4c372bf876cb
+# Test with maximal padding (0 mod 64).
+# DIGEST: 6d9cc64eaa0b3c7482d8431bff6d24c9bec634ef6459d873af4ff97756c9fe46
+KEY: 37446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+NONCE: 3541a11be112a72933c7b54ed4fad0be
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba
+AD: 2fd6773e0d0c302a5f47e0
+CT: 694868cf990a1b8ef42fcb2b45cabf1bd78eee4b429c11b27a827762b9c319bc54a2b2c8eb2ac85063ef8ac7da8bc35b16c0a98822981dc9b246381780da7833
+TAG: 47a2e2e74bed25960a83686013e0e10c057acc81e21d44bbc7abdb4e4dce746127f3e700bf3dc7183e6e9c2ab3a205b00ddbb0404fde852f7c0525e17c036dc56c7646344100e379a765bdf5bf776b957982befdfbf21276841df2c4dff60858e495f63b7760166c9a6da21092b58eb9eefdcae0332e291003a5d21b4ea897d0fc61d4e4eb6d2182a05a0d6aaf1ac924dff58d9618cf3dec05283788796c5126850db94de1625c6081da29969720a9fddb7186e6e1dc7ab1ad0e684118847762c25f820585720138651e08468229533a3ff3f1ddfd15fdc301318c603f49946548eed95d29d38c82fffd73f0c9df69116c056d959ce9198788ceba78cf4ee0fd890f6d72b59b9702c0ffbcab82674b688afe0348d58d700a83ad10704d004bc7
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (1 mod 64).
+# DIGEST: bb57bd76fe5f29b96ee3f2d62d8f3c4d1c8c986c0991382834046dc907fe1ea7
+KEY: 446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+NONCE: 41a11be112a72933c7b54ed4fad0be90
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2f
+AD: d6773e0d0c302a5f47e037
+CT: f2e78e183884c99ad7f199a02d87a1026c832b9a953919a98c2487bd0d724be407994fcce9e19b5a69f15ceef5d3b95c79d5fffede18a143cdfade5c0f80254c99
+TAG: 24e9ae181761a00bf1d1af920bdde00d9e1ef046fd7f5b8af753a3c9da8fc14b00a5fe6bed0baa8e378f49d1874619e01567d914656397ac8c4e3c098211e08c6551183515a2c2c08d485a9387737568a22d5209de3084020da27f64abdac4451536baf006228325093a5d92210f9134bf2600bd6349b152504a2b2fa69a2ce1dd25852e4f57d0c7319862f5c4b663503aa3465c4b8696dbf853178f64b1f8f348e7fb7c423c05038a49bd0ca5363a5db1ae7dcc144a13edfba63a6ebe2a7df15eb313bc7e8b5372bd1a309ec41cdb78023c383a98c903ec28816cbe95b1a0696897b9d4afc9d4f22eece3094e473c94aad55f7041a499dcb0f7d99dfc101c313dd5c651ae01968899f152e77f8aead394faad8c545dc77ff89bcfe11bf32e
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (2 mod 64).
+# DIGEST: b09802c727f0f85cb590791372c52bfdc2e69de36b9695daaf7a93d2fcf56fda
+KEY: 6f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+NONCE: a11be112a72933c7b54ed4fad0be905d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6
+AD: 773e0d0c302a5f47e03744
+CT: c7de96bb45663dfe6da2a64ffc9ddfa7c3dc63077079bd4bc2ce52fea89924a75664782a5026fb5a099ec460eb9c6d7c3d5ea383092c8f4c67a70fc499a7689bf10f
+TAG: 8ce29a56849f32a829c3e62c81f74a4e2c37206dca2fa9f736f65a2fb378849d181c06874de6db0158e629661ff7ec5b157cf8bcaf5dfe015c0c4168f9b3acb55388eb2a5d5bb7503ce5b8a03320f4799522669bfdfea3d97b9c960dbe3bff25d58b660785eb0ac73f5b2a18b7fba4b7369824ec18f7c79482a5ae6ee52f563dbe1637664a3081dc7e682408f473413c87d58cf384bf569fb41b6172b7d85f43ac06709d77f270659267561a0f15f7486dd61ee840195132997846c4614d0c2a9a03ef0f4a8de1d7ab6417180f184510452539270ebbfd4b13627734a183d8f5480db12077f6044066d4cb321d67caf4da996704b2ca40411222b541c84241ad7bc0c5835345e29c70b881ff77a8a20c3cfedc30df1b913c9fb722665de4
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (3 mod 64).
+# DIGEST: 13588ebf114df38b7b59f890dffab8b1a4c85f090c3f4a0e508603ecd34f78f4
+KEY: 5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+NONCE: 1be112a72933c7b54ed4fad0be905d41
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd677
+AD: 3e0d0c302a5f47e037446f
+CT: 3a77c0f70f9044fb3817d57be4f4e5ee4b27ffa586327f77c18346f9fef2608a552b551ac549f9e8d47c4959196162862fe2a35e44581971c2974d4a65a47ae7b8900e
+TAG: 3f71cd59844c0498f849d2c2bda9945a2b33db723ea572de20a8e6df9b2721f4c065f00d66a6c69621cf6131a4fd5d712f14bdb226e66e494c97e096aa7d5f4c9e8e83f87a7a5f997b33cc3b6527d9a441375c859fb3ef82ddc78f86eb28cc883c528698ef592919e702b3a290d1137d995a91d0eb1e1da9688eb168ff7dfcb443d655b8336de2286b9fecd446d05398f1e25834968ed5d00cb3f3e3bb8612a17bbf958d516cd18b637f9b8b3082acdd32e87950539f08565e7db8321d6d84ac2d990cd183210a2c6309b30e944bcdbe9b17002b60c4fefb6047cceb6d89a1ed947c549addb0e528c3d525f85d3ef43f0abdb2d5d2043b7ff2457392460f28c1cad181b76c9ec6f4aa9c5843e792f4e9597ea0cdda36da0ff3e2090b8d
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (4 mod 64).
+# DIGEST: 25c98c13e308408c882677b48f3a49a53b500146eadf5bbc0f5a240ab6ccbfb8
+KEY: 91d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+NONCE: e112a72933c7b54ed4fad0be905d4120
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e
+AD: 0d0c302a5f47e037446f58
+CT: f2f3a3d985eb38c406bb0db0d141188c680656db8a4484abad2c8973267e14458e2be7cb52f06ee2a0f68eaced13db714296319b2b3557454f5e9cb47e8943ea91e0de64
+TAG: d54b96ed058f5c69779994d8e841d4fd61470531e8fb5e7a6a85eb99d4676a8b2be1c11b27657f4fb0555b32c96c34d7f76212d8304029616998b4aba7b56dc29630a8e7602580c078966a56ad0dc188e347e37d819eab39cdbb2c44edec032eda568e87eb8851f6a6bb3275527430fd6b56ae80ee20be664cb8e11a7ac66365c48a06c2cbc7524f39f3e5931af206e412a39fe9acd7e6a938c26d71916b0f5d9c9c4ed3179eeb581a8ccedc626b60cf04b7e04d4ed61c009b29c839c66bf3edf7becf8403bf032190644030b93f559ef11316747d0ba898473977e377789a161c9b0682aba91120065d250bec31113f21cab32b0e4b0d1ad4295fe650728322453e4279eec0c7830b8e4acc92f3fb1916e069c69d37794ea3017235
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (5 mod 64).
+# DIGEST: 3fb8ba4df90f52332bc7a20df805fe903351279e0424c232365cfc4e62982296
+KEY: d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be1
+NONCE: 12a72933c7b54ed4fad0be905d41203f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d
+AD: 0c302a5f47e037446f5891
+CT: 02fd26e7b51a1bc6ab6735045d2e42fdd1f31adba98ed5f8b3e89450853104633abf6cbb70ecfba2f5b39dc06f419746abae4a51d33829bb04140275021d183bfc990d727c
+TAG: 6e129a3a1de6045a9ffe8faed80494aed9d21635c29cd38c7d410a8ee0b690be4d7ece4de27862281e26b7a7f2660ddc18b33bdbbaeedcf68e068cae4a4cc9be126c66dfa14059adfcf4215e9316bba088ebee16a1532277b90dba74eb853c5ff5e844ffded2fd2f8b243496172cd1247618239fceb1432e6e2a8188145753b4e66275bc00d418d6782167b943b78a40816365ac7d49b5d8833046f032732e0a134202c5555f5b43434aced634b6e7fd0dc3b3bef955800822be1802392a424e8ec250dc1a223cb58393b49270f1b97f3021f9aa9d9f4980c3512e1fc297fb963d41d242000867c2873792b0211750688d6047e599ce1a390bf039a6061740d735fbdfa0e3b5905e1b24e9e4336a3f91433c0ee3dedade34c05285
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (6 mod 64).
+# DIGEST: 23f13497afad98ac65bd2a1642935ff7185a839a672fd94b18279ff92202a3b7
+KEY: 7df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112
+NONCE: a72933c7b54ed4fad0be905d41203f5d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c
+AD: 302a5f47e037446f5891d7
+CT: b2fe392acc286bdc73cac1aee34ecb3a3e3ae2ccdb065618e3c4a17f2b2668a2c11108b0bf8a8ffe20800a698e73c9b6ed4b0da61bf6fc22c33c75439445061ebc8b6fccb4ec
+TAG: 738a07f02a376df628555d3755a9a76ca66cb12c6899bd77f49af1cc8b266b8a19ebf74d4b31c73ddcaab06e43eddbc931e35fece138f112e3c1eaf94d0eb568988fddb8b0c34f067d72bf6748b5f929cfb06b793df87a5fe17924df4841f98024e9b0ec1563244265a13896cd60cd1ca8c6818098d06470db3d9f7c873f33e3ca913a9238b7344a6eaaaf4c152ced9f5c9d20de930aeea453381ce7bda0f89804799e439dab022934742d0f36a61538973e98006d5f576900e0429a7ca68c0388895e05672949e5e4d1978381a9486002b7c3bcc39c4b07a8a4c6bcc502ff2afdaf29a77099c520a1a8517824dc724683e3866841de80030af402ab282cf27c1c749256ed40451bc91bd2be4d768df1718fc1ec481761000a4b
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (7 mod 64).
+# DIGEST: fc71e48cdc62c15988a84f32ad60aa760b5766c892e559fa1ebd882a587ce590
+KEY: f660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a7
+NONCE: 2933c7b54ed4fad0be905d41203f5dce
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c30
+AD: 2a5f47e037446f5891d77d
+CT: 8780167385b8856be346b71b042332368067d5d9420b3793fe94bc1ba92991756523c7a8e0114af8fa7296ffef8fae01796b47edea43bdcaa8832a08e823c45c3608580249eb9d
+TAG: 049a09e2d5e6ba8673f1963aa2d64759b4cc8d4b3583b103dfbb7595289478f13762fbcb464bc64b1b7704e3f72390ec2c9644496616c4b119b880e4a04a47b15a9c490df71c27c4dd47b3f2f46cd1cdbd2afdb87c33ec9af66a50f4757c0b9d0ed4776af0acae1951393c1ef95597f32057ceb35fb61ab2f34ccda4cf9fe81c7aa8ee4b5b01609460b2fe156478d1585d2a118acfae5f401761310f7d8b48973b5b8f3abd0b2b512aafc8e5251133054d8e0a197ba95f5900307a7f9c23e1a859e0e11091499030d7b51b410f4602239a278bd363185e6c7a1a31bf6aac78e2687a5aa4151a636bf7ac6bd89c668ef466d1cc4aae653736d296e4b6d9fc4c9f9e5f9ab51699317af018a009fa5718fa288c3618fec1e0fa63
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (8 mod 64).
+# DIGEST: ff4f42d72ae561abda38963a2713bb743038589bc2d7efa0f3fab298630b9c02
+KEY: 60ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a729
+NONCE: 33c7b54ed4fad0be905d41203f5dce99
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a
+AD: 5f47e037446f5891d77df6
+CT: 2cd2031084f8742da110ab5d8f7290828857c867b38427c3f53be0dbe2cc94527d2f0aee90a38dee77c0ce115ef650b2ae65094e99ac9bf6da89e5440c1bb4f8021520429171362a
+TAG: f3966d82808723b2398186d45098794ab366631d753a69f949c63dfec5c8d5222dc8765088fd387fea234286771a2228c05dbbfb73ce4a403c5e90a790e34fc677d685c9a7dcb6d8173956865e6c48394e4d95284d2e02c162de3ba4cd09516a321be8e07c8836408a76abf8edcbe767053488d6b07974b92d84934ec5b82856a65e6938620f4a6f346d654e3bd5255f3ca3fc5ee91dcc851b62d7dbe4f050e1fd65c6350ddb07314b7b05c00416f4a4787c82bc1dc6c7b25b4407c5bb67f32f5fb39c77c47782694e7c6086bfe6a6e873d7ba9c4c93a9e192b3e9c9ab47a91ef652021434ec1dafe189d5b427602c5694698d64549b7f734bcb0482c25267c2dbb985110e40834d536feb2491828b748feca9907d687ec9
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (9 mod 64).
+# DIGEST: f4f7f147b43ea50a1f5a4f19c093ef917d3b92b46e5798e18b5294b0a0fef814
+KEY: ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933
+NONCE: c7b54ed4fad0be905d41203f5dce998f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f
+AD: 47e037446f5891d77df660
+CT: cea9c7528706d506d75cf085c8475c081ee8c6145ca11610b73eb3e103a706faa66062f8edc10abaa7c3edb3fcaf43c202c4812e768fececaa04564414f45816a4138e4d35d7768b07
+TAG: a61a67eb499525e4456b9853222c9612b7663dc3cd83aa9d78e680963fe2e1e23e69cacfba013e03c50b477b20df9ade41621e48c7ced451b4acc5d002f325bc19a237c327dd5d0f0af14e8cc60dcb8001d6d40c9b49d760e6135bd7a3a8ff9e313814ffadc6a5e6c285ee470fd05599465950c5887f9d7b4a1d1a7e80f8c5c76b41f51f403fa10b5140bbb68b2d7f3d2e19035357118ab72f327927ab75b369db9b426c176b937fc3fc92cb02f383aa069e07a223522fb7118a8440aef9ffa44da7a7c880b8513135e4b54f8fcd53ea1e6be7fdc2e7924ce529c846e67ad9460acb86ddfa938cd482d4216315806d45f658586006aca019fe6e2dd3453df00ae296beeb96a751dd29ef350e6da085059a8d70a5793abc
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (10 mod 64).
+# DIGEST: c48f43e4386dbf727ca93d57b5b2a4ccd8e1f27b201db03000660078b773faf7
+KEY: 82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7
+NONCE: b54ed4fad0be905d41203f5dce998f8f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47
+AD: e037446f5891d77df660ed
+CT: e967973079db00d2257d84817ff4c5faaf98024ac7eb71d22af3cbb92a001a558f5cce2e8c293d6dc2a968f69cb2731bf65954affbfdef4085123aa06baf0d80d7c80645d2d0f528a374
+TAG: 00a4282530b0993737f2b1b3464cd5545fe2ada974f00d11f5737f9a165229c23b8f5cd13a9bb1d7d909b78b8101ba0d7903a427c076282f9fab0ad68598779d22bb0f9001c2a108d43bc4fef5e75147f7195cf4ad831d27d6e54adad6031985af12a41de780a1661764d87aacac5a94489c6639a655dc9682646e32d93dd2c0a8bf0a525908760a715cbc3aa5596bb641bc6cd8cb16b4195f66046ae3f19dfebd1a3e2bda23e00ac4055b0176be89ae987badb83291c4acf781855946c1b445efa542ec97fd4c9aea02a474e3d8eae50893fc827e4c44b4f5f18e773013b37e66dd7f4874b399f765f6f41a81e0407169ee1fb93b15a43a5d3b9538a9acbed534628bb961f2d02a2b55570bfa4fa98bc69298acafee
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (11 mod 64).
+# DIGEST: 4fb8d7ccd762998c343aef821e49cf91783d15669105b725eb1123ddc16ea445
+KEY: 933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b5
+NONCE: 4ed4fad0be905d41203f5dce998f8fb2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e0
+AD: 37446f5891d77df660ed82
+CT: df01c1a140da0e422919c0d34b231fa3cd767766fb35f8d78d715c44b9003e42cca112fa1543d74ac05e00da9b5740c03b5c4d1e558ceb8629adf3adb1771e6e8cfde8edcdcd8de584ef28
+TAG: 520d6becaa190f3c1fbf6165ff2c4e7b62b8281cc4e77c542a88354baaf8d75b6d1f15ee26340a58c9e2fdbbc5864c307d35f7866a67b3db37998fc20eebb5c83270f7eb7d53c9352ab4c6f59cecb74d53e5751c6da3dc2a09dd90e3c55a0651ce4bf433da143527cb751a6c5fd97c7cd8dc4eb7d90f2f1919e975933468573924c9d1f0cb36d5da802cbb3916aa6f7264a22883792bbdd24e480e8d9adf44486efbde47afb91dc1131bbf2b0568ae91c92022f72185244b9fcf545449e5c197cc77a8dc4485e46daf3d9f84d3dd3facd793f0a2a9cb0f03395b8a23537efc0f922e51e5a43ecd0d3d4256851271f77c235718e4b444e12cf7bfb10a7a4354de62d1c62a2e3dcc687d40ab4ee6f0dd7a20fb32ebd7
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (12 mod 64).
+# DIGEST: 756ef874fe4546df371e012dc34660cebd6321b67dac201988cc72e48917d7b0
+KEY: 3f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54e
+NONCE: d4fad0be905d41203f5dce998f8fb2ea
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037
+AD: 446f5891d77df660ed8293
+CT: 889ed4c7bd5455821c5b95a67a277a197140816784e820ad8e126b3d3f0ddaca73e3eede78c1c1d3ff5c2a98c0cadd644393b7e3c2273aea2be1c6fd20374b710b88bf2700f8b4c556698aea
+TAG: 7dc1a08e3e948acb236f2dd5644ba6d8646ce8bbfb98b658807f6fdfd4e406be67b7a0ff9fe9868e013b7e3eee72aeef4ed6954047521046354c5e665fbaaad517d35fd7e633c1fae894aa36033dd2825506a3be826172b79ba6c1adc63533edd7e8b21ea9178e7ae9e191dd597ebf83a760862718200d4a23235c7460e48d415faa2426f0ec7edcbb0cbbb9ad15ce8580aad6d1934cf1549876d2bfd10710bf367796473fcd5b36189a32950a5fdbe582975860f289ad1da75c3bf72ff8e7627a736b7e0e123009dc47ca15dfa4eabb590825b2e584fc78262822758246549e3f7d436a2df974f0ec5a00eae4d9a5bdda4a9f815ae980d70befe63962b14870d1e72088fb410edb5f2b2dbe137e03702be94233
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (13 mod 64).
+# DIGEST: 01fbec0db232a15b4f3e02a14f412e296a0f2c7bbc539ea1e5e835206e197929
+KEY: 62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4
+NONCE: fad0be905d41203f5dce998f8fb2eaad
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e03744
+AD: 6f5891d77df660ed82933f
+CT: 13833f78c9383bb4455972d6e7d8f22597e65de7dd01afa28fd99f9734366c522bcaef59c41487d84b3f84c1e0b7e5ff6de84206f54d5ae80ce80fe3cb68ea4eb40914e915f36730b911427c6b
+TAG: da212acc6ab53e49e8e5d773c0f7911de1d9ff05c2cce077c77690af36bdb44c936d3ebaca584f7b4e08c43be26bc0adb9765fa984e8da7ba51a4b88a3da3fd8077ed5adba4b12da076d97c3016c05441baa10e28120aa1f023e52c558d6f4197be54313706f890d036b6dd3837c86a70ec9a8f035a0d339df73a50374c3530740b4d158efa875b57295366f21c81a3d8403d278cd04d0c74df93f01655d1e223f0151f098dd30f72a8b8cfe1fca085d482232633e23a813a796ddff3c314c706ccfc6ca9aae43d83cbbbd8fab795e98475fd2c818e74a1bb8436d190d45307d2e7909ce8fc2d94a6cb91fd13cff020e561e89661416c19ec958de8f8db7a32a5117c37af975b3023562a5d7e768aa7aa306e3
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (14 mod 64).
+# DIGEST: c49af18a935082656e153daa62270e736e336727424bf48be78da0b7dced9de0
+KEY: be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fa
+NONCE: d0be905d41203f5dce998f8fb2eaad40
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f
+AD: 5891d77df660ed82933f62
+CT: 03065bb245ba12ab90903bc081198fdfe45d7d3c6fa3b1f76bde831917376ec2a5b2ac2cf629de6bd3f23025b678ea9cc3bd7801f5510b58432a8bc17999304f7b183e9404a235f1e0db578d53e4
+TAG: 5f62471a66673b5967f2ee748d4f8c0e50c1a7bae064fabfaae832a53d4b18eebeb1eaa8cdaed0967900f46ba0f66ae9e8492a4cdc4feedc7d6c1176404d4d9eebb4d0c474ae07d008ef2e8e4dce39dddac3f4b759a34ce37d8908ff16825e3ccbcc84b6fd6276fd72ca4d4479f6c586253e4f8997cb76c66bc3e5b3151be6914454f176c3386a029b2e254dc73b9d5237f5a9abd1aea0cae50fb9c87f6493f5fb8e02d12bdbbd2709690ee6bc8466ae98fec44d8f39082a1d2187647ece97fc95816121e0152677cde571f678a594c18de4dd8b4bbf0dbf4faf5da7c00b81451d728e87bf4607866b342808bf0130a3e516e87cca43a6f4737da23261d5382fde1b2c2e011380177c47ba4101a8503dfcf8
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (15 mod 64).
+# DIGEST: 8d6f1fdc3d60175573775cc289d7436b88d10dfa029e90e10e513c8e739666c4
+KEY: 8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0
+NONCE: be905d41203f5dce998f8fb2eaad409a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f58
+AD: 91d77df660ed82933f62be
+CT: 04c76011b9c4cc8ff18038d36a8c8b91debc8d0929ec173cfa5450f434308234e6a368f17a04ec0556dcf5ace0efb5ab51956d0daec5c530129aaa78309c3d0a2a48687f6dd146c94ef9bd1b755db8
+TAG: bf249369d0e07ecf93c9d4bbf7564d81140741bc564ace2852b680e2504bacaf181e1379810b5283a7aa4f24e2c70f956658d0e02e4199e78da1dccf480e3f8095ce3e273985c31de6f14f57b5a934a1a9eeb443164d176ca4fc0e9eaf09fad485a380a6d654073d08c17f26883b1d5e02fdca8406dca07a97cda68b400e5c0fce90ebd82ad9fe285769da0492ef30dfb13110c5c9146cd530ef0d757bc2b14e97ff983c931fb1cf2d64bbe5f9feceb7baf68bd13f8de5b4dda756acf7c9922809927df5ddf53f46288387d38afdb803a86fdf86e0f0f431cbeaa626aca0b942ed46fca72d7710cf7e0b466f88c913d04cd140037767cd7d1fb0a8dcc943ac5eb10c8d65d1bf00c6ccdd5db219db74f3bf
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (16 mod 64).
+# DIGEST: 11a40304bc276c51e2e7d8e3fa16f905bf050f3861586be68ca4257b1e6cc566
+KEY: c55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be
+NONCE: 905d41203f5dce998f8fb2eaad409ae0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891
+AD: d77df660ed82933f62be8d
+CT: 5d9af50991ea21f041a766d8d9036073eeb0ac083b8069619ee50c64c661bad73a9e2ca7f8b49ad9df79e47b49ca3c8ea9dc254854f116a49959c91481ba96463521bfdb74902a4b454d2c6af72d1301
+TAG: 19c6ef896aa751a22b3504609e8f4497a4987ec3469fa6578e271d77e8d15a2eda3e8db8b6b00b40def47a16dfcd41c95ef6e2a650aac71031b4b2733ffef47d1d68c79b2f6962874727ef36613f0461f4b1a4db9f30121d7656b53c2e31285b0e4049b5ec8db3d813e9c1b66c7143813a65ad18618dbb0dbab39e12fbafc6b26a0f034311fdfdb1181117ecdd42cc2964f759b224c455fb5b69ccc25ec0831ee24a84c51985bebe23c238b48ab7cde07b3fc79f70fce2e514ccd2a5c91227824a58ff0e9f15226ef30b55510f870e6f75de34ac0deabbde13536075cf72c5c09d51264f29145f47163069edc421c9b818ce727283a09d7bd415bdc6201e632781b58eb8a9a519520b9ad994cc6524b464a6d719917a6691f6b1537a6b363aca
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (17 mod 64).
+# DIGEST: da3fd1aaca630fe609395b45a44384c57f779505188c8b12391b9f34de17dbf5
+KEY: 5b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be90
+NONCE: 5d41203f5dce998f8fb2eaad409ae021
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d7
+AD: 7df660ed82933f62be8dc5
+CT: 182dc2f9f412f305a8fa4813e8c8eb7a41f9708efb516fe3feaa6ae94c89b4437cbdba7c738fb97ef9739ed94d988bd60af5359194d2b5f8a48e3f5482c3be294ae65ce803e21acdee157d436188980bcc
+TAG: 35fa57f8dc3b68320462a41feb88654d838d684efa009c9cf0e68c79991045ab69baa6d662824d50fb589690b54edd144466b8d7332430da1bb53ccc0d3a640ff8eef6cb0d46c6faaaf81e9479fc2199ef1bb2256754c392aad96a5d702a269ab2e07cab5a2ec93d4c29cc64aa269c4d68dd7c54b1bb20aa4fb0475193e97a7ba0acfa719eb00a8651b64f57924e24af34cd9b369d062ec327dcaaf1cedddf11c3bfa578215cf8e9f958e63f0ae8e59ee783cd11d0c3637b91bcfa083a60551987fd6b225dbb502a700a94e01888b871b274e1b73f2b9db05a504cf420f47c51e5b235aa4d9a2c180db3687b021d506c96f4697b4ab510f3fe54d5c07f0b30f5eeda6dc542114f2d16be454b1a186ee6ee6aed6f8a07043527475b7df6cf5d
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (18 mod 64).
+# DIGEST: 2ea803a4525d24849aeda1b0adb81676b32d99c42bcd0011932085424a0a8078
+KEY: 436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d
+NONCE: 41203f5dce998f8fb2eaad409ae02116
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77d
+AD: f660ed82933f62be8dc55b
+CT: 0990f57d9a7e9b64bcee741e158eb5749e9d7b34d43c6429754689d87fc45daaa618fc62d3dc111e5a1a7a06b2b14c5b0f3e2e463085e80da6ce4a6f7815cbf871376c8c87a36555b8a74e0a14421e1eed77
+TAG: 52730d53e2849fa94025fecd80e64e2a9a0a5f88a6a88890754dccbaa84c2b4ae10825a15f389490cc8f87de08cf0f4f82ae824b4fbd9f016dee50b5d586b7e03cef258754a6a82550cb26177a83f9e7bbe0b3b17d60a7a89929b2451a79032f6a200f645c6c53838a2debb81f756a2a37ced064c673291591e29ea62bea505cd612e3ec55f0db630a2e7ac545b68e64cac59b639e1b80df1d3cd98a0e00865958b64a9bc1dbd0897fc5d6187989ceb766e71cdaa0de7df0ca36100b2541b5faf97092d6309ff4dbcc896dd5e08102fabb76042b8329a0691e571ced8da3cff1a6aeea3faf00197c4e0bfc57bebb1e2f8896fe71dfefff6032bb7459686e2d4828c19b8105ad6622328c5bbe8da11cf0087aca05686e53b432fec4d4c065
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (19 mod 64).
+# DIGEST: 6802d4c044d85fe270b3761ec10ae5cb4b912a565e00cafc8eab935935523126
+KEY: 6965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41
+NONCE: 203f5dce998f8fb2eaad409ae0211641
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df6
+AD: 60ed82933f62be8dc55b43
+CT: 8d7999ec7a80e528bd6a8d2a9724930c93ee5cbb0c888d9b7c79d2449e638c03f3143f1927a1b261d66ff55bdeb7ff6616da99a2155f465d7c91f54963e7cbda7b61529381204ba43c9681260799ce66f7b8e9
+TAG: e3d5c0e2427d0f24ce9199efae32408cf0a22b62e59aee3bae992b397aeff675d4e723c7ca2f0671f95cec68a21be86389508910ceceb13f6b6004e965656783fd2ffa6881a96bce6e3cdd80adfd6eaf7c57c836743a1b486979046c9c7d8ece2b871ad5c9c4c3401a467d7c0ea30fc90bb8be5cc35a1566120ac14eaad9a5c99f944be06eca9d473ce82125dbf4f7e3b0add283ae31098e26c94a6daa6f406c273ce3d91b801cbbe09731a8eac4ba38c6bb571f103a3557094a2a3b3477c4c3538e04957fc3afdb3cf7cb649bd6b6134c138da9e33c4677236244951898daa22fbd07f94b9b7091672ac0f6dca513de86186e102a51f59d6b96c80d64844e160b34c4f98248196130ec0965e6fa02d988f83f016b35e8681b4f8dfe39
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (20 mod 64).
+# DIGEST: d159516557052899ecffe8072d2cdb753939d812db2f8861e3ba7a837f0fe29e
+KEY: 65aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d4120
+NONCE: 3f5dce998f8fb2eaad409ae02116417d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660
+AD: ed82933f62be8dc55b4369
+CT: c3e61ff897b490847e6539236d2e3b208baca2e83347b7ea2ac714f65a409638e59a5dce5c3a4109e6d6cdb8a232f5f8a2577101f9fb53aa50918f924c1a5361ef98d6672258b4adb37ca5f30d22893dcf6d0349
+TAG: d81126eaf7e4e4d12f66810696ea8a7b26806b688ad1f8863427879fc31407a2d8ddaccd00bf3351c267e14263d0c138716277e47eb31d93204bf1020db38af84802b1f17110073ed04748b367d06fee5336a98866d3e1bfbd259bbedea78129beb3e446e9c451ae9b905eb1f19517c4d15e9ba3e9fade980131899178a0b29e6c35a81ce9701a59880b3cd925738302bb1495c0ddda69ee1aba582ed158df2ea84b75abf60d389050a25e7eed1b3cf36e0b04756f67819d21776c33ccd802ce04aeb57881f92ce940303971a2d02a800b8557b08805f055a299c2870789f5a2a1f38f9187be63d7e3e3a7af804d334319a79d9fea40684d9b03059800502c5e92dd0cce30de11d89e8d2c816589d440fa1fdb0e4cccc57c1511ef60
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (21 mod 64).
+# DIGEST: 8b4c76888085f1030618cca2b0ef708b79b68fbe879c266adab2211c35baebae
+KEY: aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f
+NONCE: 5dce998f8fb2eaad409ae02116417dae
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed
+AD: 82933f62be8dc55b436965
+CT: 1944f256989b6acd7dc7c334d10ce71d9f2980cdb6adb03784061096955a3e10efe7cbf1c0aa1caab97cdeee4d08a8ff34d68e1b53a0df58e79a4c1d5d9b7eadb2430c0b8049b6c43a848fbc5e5feaf18e45691b7c
+TAG: 7d89642640d19b0427d5d948adada9000755d3703a092201740a80074c1c4489d2edc363654e721de3c3d5a5ec5ae16bbc8534c23dd037989fa7d816e3c0030adeb88f4a36b8257732f33f2d58391b88a06e2d50055ccd71080922524c02c371713a755cf0636f7c6d5a9fa2edb366773e519125a3ae46ec1369416c028fc00570d5bb80882fba31792d42d3247d669c8b704f765125246f38d1dc1504b22d361055bc79a3195ce4cdff14a16008c1c6e7a5ee1a67f95dbe7ca08fded965ede2a0367eb13670c877685aefcbd7d7a9162b3c69f5d59ce3ff9dea4db78a0abc6eafa1c45666564d8fe1648b20b3a5ca8c19acae4ca514b79554c4c3eab74fb18ed41e061e6b4e83395f54eeb0863db3ed0b6509f7c9920d110d23aa
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (22 mod 64).
+# DIGEST: c93f922285c3abf65fd70f22abd7ef859a392a9db0a979acbc99563829e3fd77
+KEY: be477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5d
+NONCE: ce998f8fb2eaad409ae02116417dae0c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82
+AD: 933f62be8dc55b436965aa
+CT: a850ddac6117f7b13e15c17621fc7c99f2276ed7337cde87ada287814150f8b3f3e8ba7108a1237fa6a9ddcebb07c234660ec93b8279bb4614be85c5973603568e885f5f8ea102d0621b5ba77fc58af4d6df034ac59f
+TAG: ca216ce4ab900dc62f66dd21c314cbfb3a6512cc74ae3f46f3e8209bb2753d7559ea3ebb553eb57215fdeabe9fd10b001893ba2c92d3a9f7171c0b86427a416d137b239bb2d8ecfda6d6ce01bd8862079c32eef3c932bdb49fcb1b9940a9d4399630865834050f1d81635f894547420421d606729105123c49d6d34e267a7e8e9e27c85b048a1f83b5c0257cc4c111851457b431c5cbfc5302fb1c459f7f7e339f9e11a91c36df1ae2faa0d5528b80eb38adcf7de3bc1cb5e0cd066a67d2184950531a36331117f94166ead4c630425d22fdfd94abe4e7170f17c7247aa8d2f4872d7fc74cecd40ad4d5f3ae8895874d15cc7bf203196c6e9e8a515d8e4c70073eadeff727e57514d85e1b914c12229afbfd69f450aec61247f5
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (23 mod 64).
+# DIGEST: fecc2d68e7e0874de9d063a889b18ca83d3d5908aae064db20d723a8da1b3978
+KEY: 477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce
+NONCE: 998f8fb2eaad409ae02116417dae0cef
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed8293
+AD: 3f62be8dc55b436965aabe
+CT: 0cc80c78b73b1bd898c6af38846d32837ed0712ab7cc48b01c6dd831f37237ca7634c90aba35b35da59b60aff8e6b9a622f5a481c98c03fc76c1375e4602e96c08a465f3085ec86b0a8e1ce8757df76193de2a06ccbc63
+TAG: 9e4eb28cbb60fefd301f975e22d687098d06727b3b730599f3824abb3965911cd2ad9bd4fc70be6b62147b968aec7f591646066edde324140591632130cd71d7555c0fe87dded42808a41460cc45b27012d0d8e16ef8704102be8d788db90e1cf260a7a774192a850979a25ebdbc723a3af5c13aa7c5c86ff91412307e0755240f82fadefc1f23dc57c5f703346b5d8bb2d2811eb07dbaac1abd456b2864ab652059c54a5bc74643509ba0dc0778a946f5e40e5fb955468ad4f30365bc2ba0e42f6af17bb562fef2ce63a881077762c722c840bc7ac7faac11984c0a77283bb2b2984042456873e6e368f9139b5c50b424c97cb8b6dee50881be33b96decad3c2b5aa9298f334b85c0de683c037447a5036dc282f8b42aa214
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (24 mod 64).
+# DIGEST: a182bceec087418714d31fdad208a5d5c578fa8917a754e0b0527364378afa81
+KEY: 7e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce99
+NONCE: 8f8fb2eaad409ae02116417dae0cef45
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f
+AD: 62be8dc55b436965aabe47
+CT: ad918e7428ca106cf043d6626772cd45ce998f32fea28c3253fd58f0fcc191bb4cd250b5dc6a7b352bb2aaa66601e280576fa60ad8c3aa58742462955fd7f33ddbbb5036128617c1fc3bfdf83100dfddcbde1814d15ffe81
+TAG: 946a6de726a9f45f40fae17258b38b3f16fb8d288b876bd59255ed61091e270f16d6cb7f140fdd72fa1c45991180c1be805db33e7ddf3db5f928d533d182e49a178ffcd6f119bdc6400343697c2e6da7221fe849ef9ba1e2b68343965526c889377be4e60d3c46b6a997497c85c9cdf2931babc76b0da50fcc7e49bab9fc1dc42eb27ff4d09cd7c5d2ef558b5e5d2a0c0ba8a31bc7b25f32f08aa27542c59c1d7593f6db75dd12c7d3e12e45d76345337af9168ef03d8eb86581b651e61889fe3fcbaac6e925a99b17e4d414bd2401695c562b0229d168c65f52c3f11fbc6d817a3b691217090dd9f1bddc6017c87bb41f683de94d0ec564d2440c19e42797ee6deaa13479afc7872a0c7edf4c3b988806f7d2cf0811f946
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (25 mod 64).
+# DIGEST: 81dd23016c18f838fcfdaa8afa9c52009af9d93092e250bde67ac11e8588a238
+KEY: 0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f
+NONCE: 8fb2eaad409ae02116417dae0cef457b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62
+AD: be8dc55b436965aabe477e
+CT: 8ef4db8a8444ddd056428a25b718aec0258fe05b5fe8d6d972ca6762875c030fa2b4822cf03e797a53046749e39646c8c6b373a1d77287f4124c19ef758eef75db8e4e03309b3d14e918bfd9499ae5c96bf10b513ae9b38511
+TAG: 50c96ccda0e56e203860ee8bf4d6e7092ff1bfc02470e291b1e6debdd71353745cad7887d47ecdfeec6996bc1f44754515a82c4aba9ca7758b609d7bb6e0be19170428afd8017478233f2582cb0ea1c52d1396395b6c83b0694786f4bea423167293e479fde3fb906a213411684d65e889a3dc9ece6a188b86421eedf6f2ef14da596800a8eefbae2461395f960d9ee05c3f1b1d05fb94a4b14d214d1aa8fc3612a7b7267e7272fd7330d85e66969c0a1202cd2843da7c01981e7565bd98f3e8fb5a55d17454d7d1c43d9faf130022d85428213251c20700e1bc069243fb408f69e39a11dda7ef2647cc78d040b1ed4c7b95c965fbec6b32fa0c7d51cd192f12f93a02df3e03afae0fc5a517d2b6f1a807718f8a31b8d5
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (26 mod 64).
+# DIGEST: 20f01a20150588ee1067e30a2ab84904a34ac56cb9e327756a700b1af24c6200
+KEY: dd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8f
+NONCE: b2eaad409ae02116417dae0cef457b9e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be
+AD: 8dc55b436965aabe477e0c
+CT: c107710a85a49250f3a4401fdf07a44f96560ca5e71d6021075b7b6e3ff8fd6f36c652f186dc82c8a21a8a743dcc007e6710214320cb5c5e788f8c5b020e4d0d89ec2fb780c9ea915966b9f9b1e2cb0f48800ab75f986e8d2c52
+TAG: 4e7360dc7f6630f04c8f1d2f7839ea3f2389d40b2a0b50ac5e54be15b451b0c17e1f48e0d642dede861bf6ad751de565ff0d56d5595941fb6978084d5fd92ec0b26d1357ff33ad08811825acfc0f4370f3845af494d9851c202a5a3af65c1f96b6252a8c850c8ff4e14ed9ebbdaec69322ac90d060f0d1cd9591f0a8eaf9009c3d1835343d0fc1bf53616831ddad08c4852110333b31b733d5f8c30df3de0cc5b6201cc4fb086d3a4cbd6f5b09b7d2bafd20ca24af45e066c86d417481c984ab5c2aef71d11d1c1ebf714e96dfb4c0eea9510086d457529238cccb946e17f0e378725c230e15a0403f05f48df45ca3a1b5f7848bc49faa52aca2c5cffab9b59a0d91a192f89e3a50fb7b5a22dbe88c63daf4a5e4eb72
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (27 mod 64).
+# DIGEST: 83a45f4fafff7e1ec40a34e75a49a431478bbe8c9234da4c1b3129aeaf453d5a
+KEY: 46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2
+NONCE: eaad409ae02116417dae0cef457b9e5e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
+AD: c55b436965aabe477e0cdd
+CT: f90604401a507574dcfe5d7c5e0c36c5fa65d9a8f0a25daaa9fe5c50ffb3758f52c9c883c2f85d879f26845a130044d395b58497979cf24a9e18ee1f27d1eac4d0cd994a6338c5755c74419111b2bebec0dc90e28faccdb1a000e4
+TAG: f4b3d162e2284dec1a2dd88163b4f319604d87a6d4eb576a021119146a8f0dd74773f3c2c82ac1413c1a66683743c413c68dd3368dd7d855b6ba54a45705b9cca49e920427b0917d2efb2df8f05705d7a4fc02e019c56da52bd3e9de2f10b150d06c70c7d365b7bb0241db500879dc2a441e003d3b534f13153eed94c2b822ca12fd728f04131e96b21770d1455c01ed9e5da2662f4b270b47c2ea8d7d0bd82533dd42a94ddba06f076d01d0a2003a38db14ac31d01dacc0b28254cfc451a5479f569a68ca21c5babc4b47a6f8d3fc33b9ca8a91d6b49523c2d1fb490030b0bf2dcd3f621c2934af7f9e920573fd8ea86380c15785c1699eb93737b5e9748e07ae3579fa73283e5c0aa1294e53fb5b71224634aa63
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (28 mod 64).
+# DIGEST: ec9b1b48a2e7600c92e69277c9e55d1cf7a9135ec73cb736fd26718c5531fb7b
+KEY: be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2ea
+NONCE: ad409ae02116417dae0cef457b9e5e16
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc5
+AD: 5b436965aabe477e0cdd46
+CT: ff258ef9f318036586c5ec9e956c10c9423ad3a8a5468527c02bda6878c45398b0c78f3fba4eba3785282b3aa4586d31b238fb941546bdd6e3d918444d45f79b2a5ce3df0e8769a952243cce1f17f736bf39c070d9eaf57633315791
+TAG: 87eb4bcb34d8d52975e556030cd976f4a63b074e466a55996d09bba1441279f4784279e587c30548d4584dbaf30291b01df4a212aa83cb217b9423841f39e9806c5e9e32bcd9a6cf65771b47264b9c41544645c020cf132cde08ed38eb335fa01f54e6b43b646b30b34fe2fb14e38a916fb328d7c82de7961d38a88377454bd9b89d1be1563f8edf9d0779a3733b59ac1218c4d94d1dad1373c242114f20c359c37ab2786e7525ed4bd96312de1078f0343fb18b6f703273febe9c6a3be7ebfc4d9eb82b796f3fa86fbb3bed56d31cf0613fb03bdf4cd6b24fb5e8678d6c817998fa71ee8a839418faf9ac578d7f360e30cb5b592634b86e064b78641445bfe29883b444ee32ab3a2d25ba6249560c2b56f57ed2
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (29 mod 64).
+# DIGEST: 7b0d19af32e867b61fe57398a3ed863a56666fbb67100e6a5ff01971ab693fc8
+KEY: 99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad
+NONCE: 409ae02116417dae0cef457b9e5e16dc
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b
+AD: 436965aabe477e0cdd46be
+CT: 5e654ee6344f96fa117a2e1f9cdc08bfaca9c83b1c4d61891e49077c8ae7a8aa604e1b19995b32872087e04a59ed367e42f0ad3998cc2112035b33104164403a948ecf73c516f74adaa57688cee94174ccd5f9c7a9dfe10dd843d763c6
+TAG: 1463adfb0bb32cd1573ce92e65dbef1c6fa62943172705d5df92b654d50fef6ca92786a55c3e5d28b70739cc3be99980c67f646cbcb840f69aa8bab199aed6d77d070dfa605aa81df92d211c31af752ce517bea945c95fe5953e14c129eeb3e51f9f58fa56808c247f0154624724bc98f0fad295963906b4a186b6b759f3129ca39a5658bdd5dad91f73befdc71e8c21d9cf1517a9bbc69c065a1574f4d84997e4e1a21d69f2822afa3109482a6e0049aa34a1a0aa1778adec7f58ccea95678667743f30a15fb4875ad3195b6fb0b9d9cad0eb36a6e736280c7e3ecdbefa69c41cf5f97bd27c3b6ff11df050c51d90df67e12c03afeac273099dffaf0870176232df3965df87be3f53d41dc53f56120a31e74c
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (30 mod 64).
+# DIGEST: e3b7a347d9bdc63bb1c689eb823076d5ab24c3f502c328f70d71a1b3f00111d2
+KEY: 371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad40
+NONCE: 9ae02116417dae0cef457b9e5e16dcc5
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b43
+AD: 6965aabe477e0cdd46be99
+CT: 59201549a3446dcbdf5c3fa8db930606f6e9bd374d8405e15d55493a82035491811f784fd4f0e3bdb6bdd2e01558783a00b32c53d7be31525343a5a2d72921222e32891149f8dd38303ffb584485df1578e10a3aa048972303c2e7a2b630
+TAG: df451bc64666a07ff2647e41aea895a4794217cf995b36a5e71b0df002f0aa44dcddfa01dccf8eacc1aa729262c1e70e91181e2f2ab353a856dd8157ba12e300f20be0d828b91b04f67e7a3e54f4443e9f43d32dc64985b73a9b687c3acf82e495d9ed0565f63c355045e991c9af8e93e2b912519022487009632adb94e42be70c1268ca3abd10e1acc02a7283c938133b68b58c063c2da00dbea6407e5751ea03c5899a615a18a26ea95be5b82818acf11f51ef8fb49e5a0e742bc7da8e2669cb2833143d7b8fc990010a5885808ecb294246301be69479d21106982bf906b020441a88899cd6096e1afbca056bf66339a02bb22993c10cd0c6320419bd8f61d5dfca05d543076eab65af5ceda36c2872f7
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (31 mod 64).
+# DIGEST: 9ee27167f084f493a4e6e5b80c1cd07babdac057ed98dc28cea1f107ebc68787
+KEY: 1eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409a
+NONCE: e02116417dae0cef457b9e5e16dcc5b6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b4369
+AD: 65aabe477e0cdd46be9937
+CT: 54a2f87f11c6597b3013a0de46b61a8fcc28ab021465178138cdd76ef01c2701b3a48ca4d3cc885173bdeb33b7b27f9064d2f09ec187d0c9c482522fb29bb421595589aa69ec2ca4155f503bdb8f0f8d79a5870e0d0be26ac239c56803ea81
+TAG: 7975b116a955bd24273dd59c90130d59dd7d4344c2480064fd8947609ad90b6fdf2ece45a4c9bca094922af9c092336ecbb14e54737dc911218af7d385490a7ebf8e5e742924b332246d1c65ffa36a4d5d92f8549e1d67a7f7ee09d7a782cb8cc10c0d90222144aafa82b40e5347f42e937779515683062b6ce1841ea3eed2bc0af7b02567c2cec30d34ff6c7001a94c4e8cc28d4ae4f208b4e5cbd630909435e49edef7a63d036aaecd7a4e3aad81d8a9738bb627092e925ccb75440a05e0ae8773f7ebc11d61a49f4eecd74bc7d5512ddc3fd930a40637fc9f444634b09a9de52e35fd950c064dd7858d8ec0ec6cfdd62366aaefe6789e1b70e596e821352cdfef5942e280a3a02c7346f51d0f3f63f5
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (32 mod 64).
+# DIGEST: f6b15333af80c49e8ea591c2272618074822d453d85ed3a96c29f249873acfc1
+KEY: b8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0
+NONCE: 2116417dae0cef457b9e5e16dcc5b6f2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965
+AD: aabe477e0cdd46be99371e
+CT: 0f0483dd1e9ef91f215f7f9817b7f82e0b96c0d3b2996b2a1d878d0be3a70c07a4bbbba3721e646405a8a7f44347557d482d7899044af37f6df054070eb4debf7471072af1e4c98dfb3c192e956b2931967d7fdf200b464be1ff1955a658bf86
+TAG: 180e408dc7f0eba0dfd78cfabb6268c9f22c3d01895476a0b5e6b4f49af416fdfc2c6b5fa770db01bf14911c3287fc63279d67670966851d61488416a7cf636b0c4379cd07d0af5ac12a5fa73deb5f5b917307137761a2dc419c78519c207b66e04e018e650f202ed21751acd5ae72b42a66de3e93055b3bb4f69d57cbd18db29d6dedd2275c87e303725c8d7472dd3196aaba3d4182f72e48f3b46d2179e401a4dba81b87ee95c013da967901c0ffdc244f2b4c1645cce4731ef62a68ff1c5bda808d18331d64694801b6d668f6cc4be147ecf4c260f2ac53b6dcf65683ae430ce6ac77be9f9892af33d02eb928b4bf14c98088988b5dd2f2a9d21bfc4b745b4b701eed508b7f0352c84d8bb6ea5262717cffccbc4b8ad5f52c20c8dd122107
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (33 mod 64).
+# DIGEST: 02dd1eae128cbeb47dbbbf90e2f5cd63293bb0091815c93bc1153d46f176374f
+KEY: da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae021
+NONCE: 16417dae0cef457b9e5e16dcc5b6f256
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aa
+AD: be477e0cdd46be99371eb8
+CT: 978a10e04037ba7f0dec2576efaff6e5e4de5ab80b4b0c0b8a6209e22da05b8be0f832883e371c61c23b5bef969c004bf2a0f0fc8fbf1313078e12af2b3569a98ae5ee76a9bbb6da6806be3356c02dfa607c26094fd876d8f9dcc0395f3fe35630
+TAG: 963465dcde83c1f5833ec41c413660923c5ff60805f640a727f551d8349bbe0a90f41d97cdc07883aa06de8237b96a6d6118753745e4955855e056280106775ced9a7fe692e85aa99e5c7af4d0d619fec553ce1cc4f121b42bb7343968059b8ac5d95ef3c28fb672294dfb2cd58fba75aea06dfe70a90e40971551ad11929359d720f4c7da32373f57d85bd31b6cb95e2f0182c244c589ad4f9121cb717c1fd9298bdb4ae240dc9d144c2279924b2aa956a9a62c19b1816a88cdf83d169ba06849a012c83285daaac7560d1d59e2d24dea97a5b5e84fb1372dcbdafb746c4ba8b6ec786b9c21699bfd6cfe05c8be97731162b8eb62cd305ee5e275bc0371fe1a1ad0e74c0e518386270096dca101eb77ea0f9d23cb55d9bdfa3dc8352786f5
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (34 mod 64).
+# DIGEST: 137fc408ae1b3684a802229d78368f9fc2202311cd6f5da091b2eb998ceb048e
+KEY: 7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116
+NONCE: 417dae0cef457b9e5e16dcc5b6f25607
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe
+AD: 477e0cdd46be99371eb8da
+CT: eded0eef58434338153caefd914cb98ff516157445bfbd25c3c5cbcc0ad68ed1bf049ac292da027acab0310ef08d66040341721524982165cfe7f6dc495f7f5f36cc410470e3b42045b718f580713dac8074b0e76a0345d11c94a9800bb5e5eeeaa1
+TAG: 96f23023f81e6df33fbd6bb66f5d902bea2e91725f5ee0eda35fdc528d9adfc180a9faf9d5b49e015aa88384fa9fe9c22607292577079bb11bf074d5dbe0bcd683137449c15cce948e8faf560fe8e24fa764c03a8b5a8629e9c650cbe57c8e01da88659b6836ec59f362175df032a80ac4fa0a6d6f2110faec6067ad26b1182bf871982ce077b79736f29760cdf91c13939d8bca21b6c85cc1fbaa18ebb98dc350f1bb0ab4275f4a0325208a29b5f90895ea1552cdd9a1e05342b5be18bc5971252a1ae75cfce449c7b5d2eb0bbde05886a68e772e24689828c86c6f6d2717b8a9e035afbaab6c93789b015118ae6418b4e8388ee6692ee34c2baf02e45440088c67248c8e1803ddd0f94834bb3820fab5ed1a05336e99081290168c3fcd
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (35 mod 64).
+# DIGEST: ac9d4fe33627d4e9868c57a42aab21659ccc7efe18df8b57819b7d25e665454c
+KEY: ac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0211641
+NONCE: 7dae0cef457b9e5e16dcc5b6f25607f0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
+AD: 7e0cdd46be99371eb8da7d
+CT: 7c433fc5255dd1e11f67c499c6a89c16b4b09355818cf304f11167bef253dc60c95486a840c3a8f77440f63a5c6a855931a90eea66a281d51d4198679e1420c824ae5c8bc0231444b65b69832b84c7b5ee2fb8484ac08727eb0cba0c14e7e0a93c4eb0
+TAG: ca78160fd3dac00b2bd95406775dd73b99866fe209f372768f80c7c4f72ca9ae6f78808ac65fedfd62ea880f451ccad75dab2c692c0e0f4656bbccb89dfaac23cfd967a5a7fce24f7b872b417122cee869ce593c6025354abea20d5fbcb86d0d81af4314347b25e2d6f4cafb33f192fe1095b24285700c879403aa90e9096dfcc7060661fb32376c8674c68bd2b6bd801794b3e9a9c66818e2c6ea41db10f4b890bac070d29a08a199efd6c0c40ac555b419588ac084818aa194f014afc4de9d447ce09c02eeadbf6e706fa9eb46ad6934af479e51be512dfe6af009c855f822afa11c4c3689dadf989d662101404b8eec479e191df14604ff1b1346747078280fb41998bcd901842090b3ee068da1097f908fbceffcca6f81554142de
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (36 mod 64).
+# DIGEST: e59c699ea2887f6c829b7a0e895c45710aef6911fa3c930de3da61fc988e955b
+KEY: 997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417d
+NONCE: ae0cef457b9e5e16dcc5b6f25607f00d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e
+AD: 0cdd46be99371eb8da7dac
+CT: bcdda7eecf3331f4e7605cfd33789ab585318bbd35047755402372403a4df125e7f5bdf857e49a3f74cb8e824576a226c1942fa86de07bbf564cfb384d8420a367963020613dd2f6bd4f371ca1b53532a7015dfdabd07497367aea8db9298141229325ef
+TAG: 13440914c85b7e154828290e09ac244fe4cae2f9f3019ce37d2b34c8b04ef7be063990524798b64646f5bce918de25b19ca5ce8826fcbc26dce412f97d1a78dc121e0cccc20821a153b65b8d40d8ad8a5aafe9537521fffd26de9380feca57cff1151b2519a2b72468ae1c85e66cc567b5c828488e35f45cc95defbcb7b08cd440484d110a6cc8afe2de4a77cd19df6aef85547a082de228a8d4ac8a0862078e07ce324cbddd2fc233dc11c4e6e076ac1e5b4a7c85dee0e0a0250b8ce4be19604623e8346d5e0da8a95e85d12c8e911b1d8a0f93a2ebb68bcd5465d1c4798ac2e76fa65d7063d6bea3b32881c8523d127eb6fe74450cca213c9d29d7f6dbf80ffbb5395b20fed6ae0608a159a853745e4f842d3c4c3bbdd8762d2810
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (37 mod 64).
+# DIGEST: b0ffb7b78f23593d738e845daeb3ed175ee48ed5ed2d827565030b047dd0ed17
+KEY: 7deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae
+NONCE: 0cef457b9e5e16dcc5b6f25607f00d03
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0c
+AD: dd46be99371eb8da7dac99
+CT: ccecdb03830e84c5267a5b6f68dc909cafe94a1c872602961e8467b4b2723af537d79d723fc4e8f0397fe169186c23f50cf9e78af3156f507bfd38181dffcc05695583863d8a167df062cd16aeec0cc548a7b5e16b148ced8bc2a60a33a58377b987a53b95
+TAG: e27f5bb5d85a43237ff065bdf963bd8ccfcb59793dc01c52f8a839d7e018222cba303b6a02f05004e8216496e36415efa80025b00e0be713698f95fda502ebefa8369f5d99c080dc851dd7f1967f1977136e8698ce304dfebc2e023ebb61313d1b0b2b169c0e6e3f1d6fbff3b5aeeda703c16af90bdde0783b2776d94ffed024296a0c8f4141af04e5ba5dcbffe8680b4f5af848306e4e6974acd173556f735c954397a4871de74a12a88f3bda3fb590fbbcf3d14e1201d401ee658fa80b3a2e81f55783582fc1022aeee5f7e7bb8af36ed63c82fec6ffd875a01c9626d52cf91c6b7ceab2e195e2dc248769cf829250b4300cc23cdbbad6a8146314838ede7b7e1ef9ca802d110414f6e5664b91b801060b6a16329c4b8d9b555e
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (38 mod 64).
+# DIGEST: e8928848fef7e0556377fbf3ed36b4105f334fa17bd5c5fbe2117ef82051903f
+KEY: eafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0c
+NONCE: ef457b9e5e16dcc5b6f25607f00d033f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd
+AD: 46be99371eb8da7dac997d
+CT: 2828ec3db18423dc583c7ac7dc5231da07af1756d7c032a866c64155626be3b3a686a93699023f6e421da24596baf99b45244d07d86a8973450afdb87ff2e9dbab6fcef52cd476f1f25f27f6bb3abf9b406704a14ce9682613125139b238d9853c3fe5e948d2
+TAG: 7305f0e1fb25d024bc5d6d9026d1149ac535629c76f3c230a06398af0a1e1477aa6128eccd4714ad23b0008a32569a8fa3ed76a00c05abd5d4be887f97d8808eb9a25471e8328a1641bbc30e7aaf110b7e7aa2c81ec733c7be97be03140376ed808f00a710943ec9a5eed3bb62404d2267688dcc5570a21e56885338f12503edb7d1817586963fac14d4fd0b44336656e68b6bc1af82cb6211b9cd2ed0b5c2fc7832e759bfafd123f7812ebca13e000e80c0761d63807ee04f5a866a507ec2fa95b4ac5bd15502f8b3aa3cc906e41ee2268342a824850d17507405e7029c2ce61a3331bd0168f40ed99bb09d05b9bf8d906630e6b17426e83699ce9ea48ec0e0567fea02b62f83e14976444bdb80de1559df6c7b16c1f4639b58
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (39 mod 64).
+# DIGEST: cfc1420c24eff01a9e6acebe2a96090e25738c3e1c14da2c6f36f9e20a857165
+KEY: fd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef
+NONCE: 457b9e5e16dcc5b6f25607f00d033fb9
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46
+AD: be99371eb8da7dac997dea
+CT: b463f7f24871b617a1001d2f73f9eb8fe39b5fe0b382d420af876defd68a893add2eb6cac45e56d669f4ac67a943a3b32daf0932072bd701f9291b5020bfa9133d2875d8f6ee78ce8c49d45b80329831799f1eee8c712683300e49c57dc8c1ad83f7716753e7a5
+TAG: 5f037d241e016785b18877a82a891ff34b22caf1ce927a47a694a72d2ebb927b23ba264dd2bfc0b5929ffc66a18d1efec9dd91fb7b103e7f734269ba07382f320beb19bab4c6669bcc99c1306b1bd5f26ca8c98a520bb0c12bfdd4bf1b4336c550cbc6a3586f51702aec5c3c2d1923960a589ced9069b2a8aec7879ad627541e611842c8e6ef09e9f6ca61067a1fcc1947c1a3cb437a347206e9cccf6817e01f958e6de776d7e60100e6b8d7d350e59918522f96adf211430b32e8692688445c99204ef9d59c6d35e15834be6ec1623fe89c048251e8f38436197c21c65edeb0ee1334a4ac262bed07236c5b46b09e9c2dbf91772c4a9619b98b054037af1e0a5c1354c9f0f704521e310617b806f317ccb3809ee58d91d049
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (40 mod 64).
+# DIGEST: bdb122b808f40da0ae98fe9ace91fef7f2b39bc734f4f735f7cbccb2c00e4666
+KEY: 64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef45
+NONCE: 7b9e5e16dcc5b6f25607f00d033fb95f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be
+AD: 99371eb8da7dac997deafd
+CT: adfffd8a654da994aa8adb618cf69b25ad5dff201cd3a84314796e0228ae3e01be77cd8052e950fd74e3d8fb0066705874a7319dda8bee7bf7748ad844a70b1ee0d774a6156fef109dba8346a68b48458728ebde458e5bd777a26291f98cafb1684b200f84b13743
+TAG: afd3d8b88f6846623af7588123e57743a37939244e723b69a20568123485645d1c714c937aa5974666470fb040ae1106d6fc2b48f5a58e44aaa6ef8cd4b7704c9a424558a25dbd6986fc695001680505e03603f4237cef08ccc81e6319f4586cef9e3accdc88f297d1913418bfc75ce2bfc102cfe85d71c422c951ec83bb041a0e740f220badafb9ec3742f4752d45f0e949eb2e63b2d6409eca3b4ce438381fe551545684ebd78cf066262963564275a3486d6f48dda57656c2132f3ee874d11ce5dedb90ee58ce23da7ef7c126957736735a8c8762c1d5aa03542454f7ae6db0f13408f01950961680d7ca85b4d3f7f02d5f0e8f85ec613afacf90910d0bcb550b321b3ebc47170fe082e5e41675a4cd33bb5b11a5a4b4
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (41 mod 64).
+# DIGEST: a1c40dc7a17b3ef6c9170eeaa9500014ef9ada833615b6d40af3fb2e14d7ddb7
+KEY: b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b
+NONCE: 9e5e16dcc5b6f25607f00d033fb95fb0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99
+AD: 371eb8da7dac997deafd64
+CT: 985481677ae867b2427182edf3de86d7b9956a4970b107ca7e01e90ee7cb02c6b9a46212e1b8ce67e7aca5e2d96272c2f412b5f16a7c1d00fe597f1390c3a686724c4846c78ae66b26ded18adb40f0d74c33a68032b97d440104cb7acc755ad759ef9b371d04e4394a
+TAG: 02dc6b8ba61937d3e551c3207759d54de21b85ecd47c2c22160c6b7af023ede884eb7962d1238780e64fceba414ab543cb0177fd3223a7ad67f6bc74932de90aa195078805925df61081a72b96fbd7f68d2f26996f787ba7226528d2c26cc512347c1a639f01d361b5e1b41c359ea8b832408ccb0adee18f8ce9cf1dbc939029de54ff7748c9cf5a0c6c3b37c5fb0f39c8b73c3d2fbe5e20b393e00ff38b7d8ea4f5dfd8e276c2172b113cfc6cda46b930ea99c2c9716475368b69e0af8b2976c585bfa1cffb301f8b321abd1f2363227a9f2d195bdd772354e2355e9b027043d299f2a96721d9c0657f4e4f0820953173af30b832a8a90ca2f1bc0365207da62e857dab5abe31be5c6ed4d1bc01db223cdbca7c1c4d68
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (42 mod 64).
+# DIGEST: 677f053b9f421414ba91c060ec7ed66d27982e992da0372e5264898c9edd2bab
+KEY: fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e
+NONCE: 5e16dcc5b6f25607f00d033fb95fb09e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be9937
+AD: 1eb8da7dac997deafd64b1
+CT: a06030a844e38f9e049bcf318b10e1cd2db6b60a2611cf9788f0c1fb31a366d2038b3a1692865b926196594850807895523a851a993b77e49c911f840f28aaa42b4f427eead4e2a578d57b101bb4795aedcffc58212e0eaecadf503e3b208eeb36c6511dbf87f8fcd695
+TAG: 3c5dab36f4690dbdcdb16d6cbe1ebaad64f8ba09bc9b7b112ff64fb7a21ba22706d8fd26318ccbfdf0ad944a8e67caeb3a939bc5384ae29524ba853ada968303db3f56d3c482a37bd8f1bb4d78235c1eb7e9eab833953def9bbe913767b871b626677f0b9420204a7d62b6825a647bec84c0da4c406e1a891586681e1699d4e5c348b6582746178ed5e1d8985bf265d2bf55cb553d76f68d2b3ad81dd9ad1fe409a604c3bcff45746b8c426e73d424d6bf3d6075db622c7a5866892805e4d4d653bf98a8f512766ad5a27aeb8f6badc00c49901c13d8eaa01628c667c4b48fa437c7bcc088036b44e0a195d1da95fb9952c0aeeb1060fe8a21c8eb911247e65a48802e9e6a55a3a4c8ba9ef90fbfd4bbf22afa803673
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (43 mod 64).
+# DIGEST: 9c1c2b1853244d015dde7f4068220d7640501b1aca325b82c1be8c015b61e59d
+KEY: 65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e
+NONCE: 16dcc5b6f25607f00d033fb95fb09e4d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+AD: b8da7dac997deafd64b1fc
+CT: d934f61f94d2b0aef2b63668352d2af2db2e225d0c8dd86b8d7c901de7425dca2a0d2f3bae9dbaef4946d18ebc2d9f4cff5c268cfc80b89c35f7b1a3de12173f9377a7ad9b33751fc89390cea9b44e80423702a9848c6d2562d24838e3b0511bad71f4015da53ec8c435dd
+TAG: 1ebd06a10660cef77361e20c5ffc08b077df3b79a4bf3333573469e4a42585771daf5a85eebd7753c8a305b81c32ffebef51a9827419c7b0f1d1ba5bf5aa3c947ba2db788747256a5e8e8644a66ba7c04a54884670aa7ac30f14ede3f38686e0b482b248dbc3ab8e3e39b939b22c21db990c59ed728a2f11eff3508330f29dee7d314df8304af2609739419eacce7d06c9e3073581e91a811b2f96710f791baece65a19fad9f94999158dd1261f1ccf7881c0752488a6817a373a7d25d83e9a13c2241ee0ce9355a2fa908974dd552514de09fcde23a5f744437f38d740ea8d950e061c6e19d6cf58a8f032b24a9ab7b496478fece8e273f1aac381af28679996eae33b01daa3393890d93e27d7c6cfbb9c7e25ea3
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (44 mod 64).
+# DIGEST: 6bfc1f2aeae329867e5d7f268979743cf267d0dd73b7882abc0240ea586b21fd
+KEY: de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16
+NONCE: dcc5b6f25607f00d033fb95fb09e4d00
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8
+AD: da7dac997deafd64b1fc65
+CT: 413d2c3fbc77845409ad66cc13432824ae4ae109379a9617e8b93d4f9b17fe0d0450476c3f98c229bf35e86fa792dceb4b3864761dd442c294e43b1cafe1fe086cd1ca5e1572fe2b3753c20a74b663b536f6e686d9765bafb10566f2b5cf02ee77bcb753c13186c4d091927f
+TAG: 40f0ab390d64582df98890aa0edc3e6b920bf856ebbe65c87539980aa95518ae9feb5353a6881454f86ce986a8d5a8dd2c65c9baf91b9f0adc103983ca7346574d909399e4a3ea228211e06fa4ff8c716351482199c71a53d08c908ad0443d39d6c57c86efc1cefab52e701ba474b370e60f694ed871ecc06ed6f6f931fa277d00f94bc0b19fa2dac026126f745547c28e5eccc60557087d6ca78e83def0d27594c82ee365859fdd50261aa2d8f93f8a3925cb689bcd051bf45f001cbae68f91f294628cd8ddcf54d72570e15238336ba002c0595580410562d428a00ff88a80686ea256a3510bf70cf5028cb43d84c363bd3d463fd6231e708b9c13e01aedba7b703899bdfc5696616f8f3f0a85ca2e092b3458
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (45 mod 64).
+# DIGEST: c1702d4f70a18932e2f4d3951603ed904588a990123e0a02d29d7259afeedf69
+KEY: 39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dc
+NONCE: c5b6f25607f00d033fb95fb09e4d00d6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da
+AD: 7dac997deafd64b1fc65de
+CT: fca448fd13c6877aa9fc299953dc631df8024cebe774bb14839821b05485c4a8f1345697b072342343f6a5479d99d5ba0ab29db7760b1e21b37969333473e6fd16bcc5b52e1d6472fee31034d515f66439f092341036a48d637ec84d22af8d182850bfd4140616471d3b5b41da
+TAG: 8dab3658a601045d948222390159aef603aa6dd7a44ee2c0c5a688a6d87ae21cdc7e3a16521c41e1a4c4b46465484d32306b9cd01f92058e837bc0abbe328604bd46608ff38e225bcc898f5e4478d04f9a671a7993076a8ba39112f34d110c699a524fa4e7b1d6202641dbd0b401c17569bb207f61613064bee24c1dae9c3a67e7774682eaf2846c11bd849e33fb6c6fc2ea4ada8d115208914cbd6523a74ebf1364d38bec9dd913f01cd15c7e1e96001942cedd7f756194d0df3b095140d1d85bcbbb8c6810446b96c18c6ab728073bc89a0f6e13befec438f008ed5e13d4c4468436045773b173aff7096387d25bf6bd2a6d3555881f1b69b99750974b332c187583d0751720d554219124e6ba8944a33a35
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (46 mod 64).
+# DIGEST: 09ec84331099e1d602d0998d99c199a6037255a5a4d96bb3af54cfba357bbbf1
+KEY: f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5
+NONCE: b6f25607f00d033fb95fb09e4d00d617
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7d
+AD: ac997deafd64b1fc65de39
+CT: 8c5849a917c328d68cdf4fc279b29efb0c3c1921621276ca19206c9941a5789b0aba7283e743f94a6e4142f7febc9ad35df30daffeaa5cd0cffe0fa2e4cd5ceb687def585b2634774a01a3f00ce2ca9951fb910b4386bd0d61d1e292b2b225ac68617962b28bee0d40f195ff45a5
+TAG: 7efa8ddd692c0285de19d483dc17b89babd2143390b72e06375d88fa3f37ae611638c82ba20627ff311e8d29d2b4bf850e01fad1fc2150cba93d9fb52a21a1ca6c434783b66d5858eada584e4c8227dbfd329ef24eb1fc75de04aeaf811b09d67e5675ba0649fb784ed92c0a8893b77ba894d6799c4c2ec60a02dba67958927a22f5094c5620f89aa78544270d65213411c2382b4586e197ea45ba5d3425c2f4975a15e073370b358511155d222250148ceeab807684818324e48fe989eb12234d8023370de80a6fd942872d176f93f576514b1382a7ec12108d654bf0029196abcffb70c703df2157dc1c5f74f191bbf5892a5a6192bb0f1f1903ed08ac36a5060563405d150d0082ba646fca777e765f33
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (47 mod 64).
+# DIGEST: 7d506a5c0299a82f5f93dd69526156e0de9aa5cf94f9fcaa12064ef920a1c5b6
+KEY: f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6
+NONCE: f25607f00d033fb95fb09e4d00d6172e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+AD: 997deafd64b1fc65de39f4
+CT: d0076d9cc2f829a33a0b1972f6c0d8c67718a7593975798e0667135db3ce31b4d9bea98710909313a4a2af88bae720963ee738f26bde44b54dd5820992569e5d2eea000baf5de9e0f76dc8e0b93244a8474beb7e922a5f30a5b5977611594af258e26fdfe001e0e3573eaf8f8cbbb3
+TAG: 3443426c166f9329de723222f80fab5c2c36855a9fb63ebefe6c7675f247328b84078869593bdae8b217859332817d88ed6227bb64e338a4ad03e881399702ed04b00aa223e57a620cc2330b19eb36bb7798083964e169f8593c8bcd076fb6ab923d443af0656e43ec069e12994f49b955e5fa42b800541233099d54b9b06b061145cfdfb6c67870b6ad5c6d5c7098753d063fe238a8a72184654087fe21133899a13dd3606ad7d61bbfd380284af41604ad9fb7486115170b9dbda77cd289374fa79d3e3811d87de3b645b55d976fdde37e93bee6e4552d55ff5ff85775e0682df3c108565639592228f722c9543df2951463377928f04ed65ecfa0c56262d19684ce2766e160f45b2b43cc2a70e88e5b
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (48 mod 64).
+# DIGEST: 5e9c0270955ffa14e3383a79a1cfef00baec4e8be496c867cc14dbcaf609b61a
+KEY: 3541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f2
+NONCE: 5607f00d033fb95fb09e4d00d6172e78
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+AD: 7deafd64b1fc65de39f4f0
+CT: 298f670117678bd139c60399dcab68bb0414829b458c747b0dda5dbd67f95fa393bfd2719f815a12a2b7c6b3e769b61ddb4651970b30451cee6166545d8e4c4554c8217898186dc02684c5025ee692e12130ab41ce75d79a4ba1a4dd02e0af581a645979c1a3c8c12f5b13e9c1113316
+TAG: d0c431153a8757861b003602fd6d3ebb9e6724db6cfde4708b4838cc18c51b9bd17c2c84a66643b31768a745a221d8b4e7d2c8a8245b4c405ba37a8010e0517521b46458a49648b4bca3eea1f01b15e6c65c6434b6601dbff307111d2e77e440365272390524d527e043c5252471ae604b9637423cc9a4a0ee7a99859aadc26aff9676896d77bb8fd15d6834bee492ed85779b94f76c0c6aec2e10bedca5bc0a648fccc3bac478285fb85bbf0d9d43c03f7bba002bd0762ecbac2b10d42ab2ae9d3003a775628b329a282c55a27a17c9ecfd083c70c2633f2803e3ce7b7312186e50e48f1c48f42b8a3cffb4d94c14b86733fe374e12d0b68ffe864d04acb9295cc96d557b0634f44182c925f431e2168bceb72cae8ac3002434bc7951eb58cd
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (49 mod 64).
+# DIGEST: 57739c0c5b8e1f0255bb93eb53822ce8688a4078d971c0a51e757a0269760bde
+KEY: 41a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f256
+NONCE: 07f00d033fb95fb09e4d00d6172e780a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+AD: eafd64b1fc65de39f4f035
+CT: f72c519566632f89513f3f278407845ff8096a5b63929f0ea6009c3cae0dbd853662c4017ee5729eab92f2c475f0a45533de67d4b941d4b16c1964986d8f4a16cc12f02c28442ddf5790f321b3942cb65964587f3fe55ab28064c52ce3d3598d3431788ed2c26fe1b196abfd35afa0f7a0
+TAG: 272fe10ff7aa3a6e1e708647b30ea468b7676df14b88642bf6a45dfb07196147fcce3ec70cadf1a3c6e8308df7d1bcabfae38cc53e356d7a5a9205c3c4a4ba93330f234ea5d83163f4e0673f1b03414d7c4d56444b5772e574224229eae3b06c787d61931a5b67e148f57203739e16d4ed47a8a838179d2f2de404940d28dc348cfeacac92dfc099a809167422fc462ad433f1a7bd5d4f3398b1199492531c48975e4d8769f872393cfa05a821ab4cec2a173d187d59c8f5c26a3ff5b180bd6c02af9de6ff03639092fbf1eee9eedf505456eccc68327824898ac70d5f098ab8dde38511549e9520f41b578f715057b0ee505ef11ab177ed6c8bdd67627c8ddd5aba89fc9ab84fb748b02137f28f1aa59072929f067b8ca0fac0759d2c2317
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (50 mod 64).
+# DIGEST: 0ec4072fc3c850d4ee958a0af170d5aabd223b024c617df36f4ad245d0304c0a
+KEY: a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607
+NONCE: f00d033fb95fb09e4d00d6172e780ab8
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+AD: fd64b1fc65de39f4f03541
+CT: bc6acdf0943ba34efbf9eb27fe9e968f23bc1d4f1eff7f86e836621422e7ad8e1adc03249475b6be8ec5d3e96e167af7e6b85ac87b5da2364b1e0d87d5c49d43ddea8e9b796580fc4fea7774f8210e4ec424aa029717937bf76b148e8af72e8badcc3f12dd259fd4dd9a325d81cfc7a188b3
+TAG: a5343f428a33670552af3bbdb5b97ac5b52539ac60112fb6973224088e3089712b64f411d0288827180373d3989bf682c95a303700bb476887da936131fce26835b3a413bb24ffb6508d6b229b273954bda18670a04c65b2a30e4159f84bea5e60fb8df734c792bddfaee0599f19f62f54a37abd2a456aee65dac5f9bd946a244ade11308bcdcb14b4ca37fc1c7565077fea06465ddbc03b459fd19e69da017d1d45bcd427babfe31778ebe3629adce4c72264bb472762b6c4c9eacdc09584a05d375775e37be64bfdc5e0a4a3b63959188c1068afa05bdc12dba42311160c17c11e930855fcd0a7541b728f456866f577c57a979b4b9722658d237caf44b9fdd5ac55239b4e1328fbade275cb41a72cc4e08674c5f05223d8a5cd377d2b
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (51 mod 64).
+# DIGEST: 640ba3888e6cc260a6022fb69dbe5c5267dc8604aa92216e11888394fe59d292
+KEY: 1be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f0
+NONCE: 0d033fb95fb09e4d00d6172e780ab8b7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+AD: 64b1fc65de39f4f03541a1
+CT: 0e87c57c18fdc439c968a9dab086c88271be6dd00843879ae1563e4ed03d69f9fa09a29c1bf99b1c859323eb8452acb2f808f051669bb5e097e23b947369b5a0577157995d729a75ae7a65e293acace3124a8aec53328439e5f2103fc3a236728682fc129a5b0e203bd730303fdd2396270e00
+TAG: 0f83d6bddf9d40d259dbaa002acac91b5e7623fdde5257b305581f67322abc2bd2c78f06196f106867c67eb23973e26df8abb47c47500eaccbe39292cd854a9c2376f928f53d124f6489b959f7a3b70c52cd5c01ee29a77698dfb3706ef2d600caee9707e8c18fcb9622ef34fa396ef4851498f9bfc7fd0160199607db896162cd7d9bcad5c47ddd8ecd4fee7c9028dc546094e7386ae9fe751ed5ebb5bcce4ba084922e5358b2e1e5a3e0ec2ab08fb33e6c2eb50d8bf8b106937a948ca0ca6ce538b08974647d305e2489ceebd8d77e8541fd1831a0f7203c420741f3bb8f2d894f890c04c6838e82a8aaa14b5f22314402890852b61a3e95b1811c9bebcdf65a9f358c0b607362a855c70715bc3cc38bc97c01064a843cbb9f9e1578
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (52 mod 64).
+# DIGEST: 7c10e4553a91588e2c39060e9b438736721926cb7bf53858293ad763e9b70fe2
+KEY: e112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d
+NONCE: 033fb95fb09e4d00d6172e780ab8b700
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+AD: b1fc65de39f4f03541a11b
+CT: 688cd509094cd4bbc4084ae78885afbd16845ca8cd47077450408a85c8f3da0025623f3365a65f04d281ba5397fa74b6f90e01cf138e01ee22280fb3a7d4da5c1a3b0e0507bd46636984a0b91e11492ea47136b32c2f364cdfff19625878ba42a4fa736bb277740e58e4aef156616715f9ba2d84
+TAG: fd1520aec4df666b38a77b5e8921addeec555fb803e5f56edd2d5822cfa8e422f5cf988860969cf7c9dd58bc80cdf8f5964b91182f6f45789d029c844e406c4fc4fdf313bee180947df1fa9f51e20706d746723baf917e23f110c7fbbfaa15b7bd8539b4c399d4212eab074e439249c30647085d305760dffa861786ec18e4d8b1b94c0338723fa2757d33ab9b2e8b3e26f94a5779270216c9801f7c330bdfe7de294cea505f4cbf9dfa4dca7638b4bfc31e6fc582aeb10f606e77c095ab7ff434e104a8a68f43408b1ba055a7d2fbf80e1dc84e0c1fc6ef754c6af823027c9cd63514b962e31b6932c1d9420fd0b510f845546700a048dc1549ae7877b25266d838b0a848349b3ac1fc3e64503e0a2c79eff9e16940681629b2a156
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (53 mod 64).
+# DIGEST: 0e88468ae741a9ac1114e212499c092ba60869973f2cdaf456ceb336ad40cee9
+KEY: 12a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d03
+NONCE: 3fb95fb09e4d00d6172e780ab8b70043
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+AD: fc65de39f4f03541a11be1
+CT: 21be2dfd45845471a4356b8729da67d713a6aec1b72119e38626317384c349b06b04901a789f95bca41ca42e89549be13e29dfc322d3e88f9fc8c0129626c19ef5bd49c2ba8838c0fc3e04d48e3f5d69d99a07a9b69722f89cc896b1631f5e14458fdedbb6220da18328ab02ef8c72330c077b89c0
+TAG: 0e832bdd33e00ebd16c9c3f6aebb3d9a89838462eb293bf94f83ea9d5e7b694330a143ccbf189e2a6acc6be8b4195d4a4c29c311e89c0f61e4e18ffdcf6100c69d837213c64f3b902314465231aeacebd86d3b8a1186e23abfacfb50819792020555ed206029ce5f18dc0aff8a8f7872f6a28c6a07999a485a706a670cfe3ee5dc307610c0e29656935ac41faae3b8f344cda2e06f46599ec4a338d23adf76b4dbb15963707cce130a6c35cc42ead1715dbd55eb26bb9e54203a9635afda43f2269a518b83041dd6f519f33d521f221d60cdc86be9c5d188afe2e80ff43051544cbafa9dd958e41a0b26df06698535ae3aa826241045bb980e0009132f972a291564eddb45bffe5d133c8cfbf013c1cfdb05ae13aca462c8c4eb1d
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (54 mod 64).
+# DIGEST: 4bc1f00622d792e473151668845b2ffb30c43027972bf59ff86ce53a380f2aea
+KEY: a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033f
+NONCE: b95fb09e4d00d6172e780ab8b700433a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+AD: 65de39f4f03541a11be112
+CT: 71fd9ada130acec7deffa6a53eab506bb5fc80ed7e98e656a5282cd88cdf9c253a87832ac42dae0e8a476011b11cd5c075c74b0f29c1c966983f3fa69e00df1ea93fad4942bde475e7ee08ea2c5f6676145c3dfb8d07521133468ce6e573b789a71e59d622587f8fb76e93af95b0c47e347764302bf5
+TAG: 10e23776607c4b3980eb7ea6a3398defd2aad76439f34c2e360f60aefc52f030f969c761fde94aba35f80867065deb51773479233d91b1b11b52f84237dd3a20ebd8668f685d372ad884dd074cfb46e115aeb1e0d6de5001ac136bf7a0fd0bacf214c6f71a19709998fd23f9ecd1ef2cc4cd6cb8f91f03daf7d89098f47a2f29833fbabaf5b72b2ec17c5bf052ba3be3e6567431cd02be7b310b1c3fdd0c69cb0acf10660bfebde43ef5dfcb1717a878e024b027c07bbc6a809290ecfb99b8e2165ca10eac2d15846b6512cd1ad4065de5805dcaf8747dce9759c5e2b46b7e77b096f4da1601e0744a2c13d73b6c0962372628aac01c787be37605ee9910d4dbaf9259dbc28889fa5d405916ec57ac3a9c1e3d56257e4cefaaf1
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (55 mod 64).
+# DIGEST: 7ddb9526ac0b917c3d63a2c0a4cd720d4814a25e29c34a5b203d8aa4d4e0eb00
+KEY: 2933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb9
+NONCE: 5fb09e4d00d6172e780ab8b700433a95
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+AD: de39f4f03541a11be112a7
+CT: 0efe6e536bd68a04db4c3d6a2d09bb7de3bd8422ac918573e9e769e5fe8496e4630763085ea5fb939ec972a16b0b01f4e39623d35eb2c514b653a4a716a2837964eaf232d5bdffac9111c4fa0136226b396928bf3df92ab7f04638f3f3cf090c05b14b086cb2883ba64c7680d3ea3e1a020451d259bf8e
+TAG: d75d4338d0c73371bbc214d8f21d0a8ed40d3212ac4f91569f51b41cd2c5b9e1cfb67d4052a70a4d702538f58247be89d04038b27d7366fd5adb189764c1f54b6c2bcce81b0012d367a3efdd90ec9eb895432f1a95abc04669f93aad3283e4e56fffe95e0a8016514663d6e6f37df9c26c063bc7bcf23c2e9af26ad984c4769e994e6798dae965b0f288094ae179601d14a2b263db71993a0a6c81918aa38fd1302a82a7d830e1c36ddf40bea1817995c1520d493c874f54e7d441d288caed8434b6a790984ae81895c5088939f2428de79e3076abcc35d483f2601659e87e6d622d5e37104c9ced7012ec7122c849bfbf43354e7a559f01d526ef416748f366ae82c3c8b60f5364095e0382ae6c4e573b3fa119d49d2d7433
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (56 mod 64).
+# DIGEST: cf85268a8412f6a450d7c8d48a2e744b508b00017da678e76cac09902ca6b0ad
+KEY: 33c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95f
+NONCE: b09e4d00d6172e780ab8b700433a957a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+AD: 39f4f03541a11be112a729
+CT: d9832e63c2bc9936f33f10fbdb262711e715fb09ca209b46106c77e03b1bf7b062eebbb99185c684e9bfbceb083b5e459bceea895ce3fb7ec4eee3a5375c15066196b3cf24fc7b89a756184abb59ac80bc73116cd277e7ad4d9d02a9a9541cb4c71a644973b959b9405c9b109dc367c96ccf4c49a8cb942c
+TAG: 9945a3c66ab56d5ba42914d0da1221752f381bb8929cdcfcc5df9a025c888273762ab6aeddb17b7e359923b1a4146a45692749b6751ab0f91df4678ea172de23a1b62a40921854513099a362c94cfe3be87bac38711b30df6748a21def3bf65e654d545b49ae975625975b27e789580a01c73c67f97fbff56d81d21f5d46cf32010090e2faa957e739902149511dec88a65d4dfd7e997db77879c7a3e53e5fd93a914300477ac5381ec213c8050dbbcc85273db55a5f3590b435669d956c5c54cc3bb95cde05791f8986c79138ca73883a65f22f58a8f6fd99b7ac8b81e6d8a7ca8cad64534e1d2a85641b3ca1c5b55e3fe41335f49b05b0a7cff05d1e788d37686cc5cbf97001fc0b5e509e7d99306a8e81e38bd94f54e8
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (57 mod 64).
+# DIGEST: 0ecc677bf17604e63d1e4ac4a1d56702dfb16e205af1da5d105d553e87d14680
+KEY: c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb0
+NONCE: 9e4d00d6172e780ab8b700433a957a74
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+AD: f4f03541a11be112a72933
+CT: 90c83b333d6aa133026223c4966a43fb67f666db06d95f45cff479a626698bc2a73c64066e904ef04800aa8151adec851a51293b7bab1ce22d3e86cd3ba3924d8c0a1253f9714b7c1add9fba2be58b243e6f7ff4f0cf9ae6d4ccd2d4edbbc54d09abb8b9e3f0b269a2cf424a213f0dde799319e633b0fe1dc6
+TAG: c2bd8abd58134322fdc45b2bc3bb19b1a7d1e374fb50ec18bd8b0a005e4fcd8a8fb89471e00b1c7c7d579582ffcd151a412b64f7eed5e2cef7ea6ebd5a8326c0723978f81dacd50cf79e363d0716a08512c051706d20b76f7752d9595629dfb99d53b3eb7b3c590aa05d061e35156aa5fc6552ab7858d78b875a120e14e5eafc06d336c683a6874f1759f8adb2159ad91c8240206f0f5093eed17532568c5262d4228d3285e7ffa17d38de7f50ee25ef25485e9692888b80f5ea64976fab5829920e6c9436b1f95e78de7b181fbcb6bde0ba50c18339cb59f942caca5647d8e40c58c0c17d9f4876e275bdaafbd1c73298fa0f79512e896ddb86d7f8234e9612dc624919aaa744ac5a3caa67cb8b809303854cf369fec2
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (58 mod 64).
+# DIGEST: 75073f11e219dda101a54987959be5353c48af4af654fa6dd23e32639ca2ea1a
+KEY: b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e
+NONCE: 4d00d6172e780ab8b700433a957a741c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+AD: f03541a11be112a72933c7
+CT: 7c9990e7f62cf12afa4e5a4eb3cce88da630a30c3a86a53ed009545de30a08f277e2b8202e138ddd380bb343b606fe7f9d8f53e924c74a21826b1240a76b8ca99ca1a73c8fe87c469793bcc03e84cbf98154b85123332327e0e8218cea0b9fefa3b92835ab96a369b90c7383667f0ba5e62e275c5f4870bcf1ad
+TAG: 4b0023b660c25aee68d10550fb50140eb0c70dd881dfc8c9c99b7033eee7c72f6464368013845e2cd98fe6585ca56fcd8b09cce7ef29e88d97d719d5678189dcccf411a3a717b3985837f57641e74cda0bcc104f0058ff69c4b75a43a71e09e1ff6c9f26aaf940b34c7a4d29b645abeebe615e7b4c645b1622b866733f64cb2ceceb89183ea0bdb7b9fd13fc0fdc8c1379cbff97ea47828d265f73a140ffd454a68dbc03b0f43aa97bc3dbf326319004654d3f9085dacc461a45c0d334aa52eec9ede99435a8e4d6818c2c3ac263d6cd482f0b753ac2906827baa452360b120855f7f1ebdd35e30c104bcbf0dd76ea98584f15082b2418d18d9ea8fdd0cae0e6204a4421d3eaab6ed1eca6c49f411bd236b1fcb7629d
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (59 mod 64).
+# DIGEST: 7390da1949a9ec86934b6f6c7af07d60fc37be21edd0ba9d937e888402731c54
+KEY: 4ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d
+NONCE: 00d6172e780ab8b700433a957a741c9e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+AD: 3541a11be112a72933c7b5
+CT: da1b99574d59c3998b39dc057d093134c9bb4d0f9a38758e95273694e405b55d8047bf119dbf29c346ea5318a13c8eac769230c085cc2b67e57800279fd47aee9f2ba8e572bebb9f231e954430bfa53bd193ed74b4dc59d6c6e3687451c95d996c86283f10bccde027b90be52f6e2003c061446ad646ef6794073e
+TAG: c47a0239314493854571f92f50efbe318131d94c773d811848f642d29ee7ce1706c1ce3f55b7be4b57f4ef893fa9816b0cb3c1d74559f7f3d6119f7c7460eea64bdf660f13ca59723eca7401dc93c687172842b88e446b0aadecea68b924917d06e234098295b1345ae215c33474fbd1b010255fd233229998c21ec87024b1331288f6fc6ddbfc5cf0ef2587f216617d041df338e4ca14bd12c7e6c7d1625f46057755b2f9f18f5bf5cdba9eb0132f84b954fd6e0aa30d26c0a5937b2ffe982456326bd16c002ee0bdcf4a2a38000b1164b143b52fd69adc4855a7a5bad09a97fadc5b1d9b7bdbdb1d6cfc63ae44931019b61ed2573aa8912ebfc436e7e92a636d337bb0e2054ce2dbf30180ee7bac0bdc687e63cd
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (60 mod 64).
+# DIGEST: 174d05b7079b80d455325eda1a010ec9bfec7110a14120c6cfe365d270099069
+KEY: d4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00
+NONCE: d6172e780ab8b700433a957a741c9eb8
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+AD: 41a11be112a72933c7b54e
+CT: 003e3e54c1df8c46595d812418ee8157054b3191a3f73ec99a047f8c8d25499dcbd028b90caf67af13f72b1632a2e605047c784cfd47b533a947238bed948ab395f83dbc1e5e63e05d50f085aca5dc7ac958e0138e9dddb0883bf8214eb3c43474bc7476deec216841d5648e1db04a898d5dbcdf3d8a832063739aea
+TAG: df1cacab73190492bfb49c18745fb0ebb0e2826941621d2ad4a7556a677e71865a25556d15f6c243ad98d65d7d48bf0926e86417256f6eddaf648b23e0bc877b1f4a144f5cb8025d68831f6440b6524fa61d701337764e887fe08073a0bf0a0a279c50ec8f799bf9fc6e9709a376fb1b1d52a1fb60d50657e56cc283fd36c0b07e7612a025d5fb17d407a85b8b0b7f70dced03d39f0958d0364df204b92cfc5b04189a741395d9bc288cad4bf12b6d7c590200f295598209c133ed9cef848b0f716db41f29db4d5ca48cc2b0cf536d89f6a8201738497bb1f04dd9df01e9623d09ebcea9f1587c93c44c5d1bd99ac021fd98142d9f02f8b4e52470b23588e3229c0f769f43abef626bfc91f32894cb406882d055
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (61 mod 64).
+# DIGEST: 338800a96a5cf6db2ec5d06de2a53d0fb1b94918f1f8d5c0f222640d4c1bb96d
+KEY: fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6
+NONCE: 172e780ab8b700433a957a741c9eb80f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+AD: a11be112a72933c7b54ed4
+CT: 088728abe87e0abc8f5991ed5b43811f4134b159111b0fe9a173122864baf70c5a904e46404399ad705084830860d7e78bf85bb166576117af665dd709ed380aa5de72a9d5819177fff5ca3b536f40f6518a21ccc50dc1cdd1a3d4dc89128de2ec6a6c64cdb50df0e11b55769dbc1e3cc18c9e57c06f5ee705590654bd
+TAG: 092370b96f4351ecdf553259224c8b6e90e656c00886aee0bc6a8c2e54ead2e35b7c68cf9ec40e01a2fdbd796a1fd018c92b8872eb56b9a4ca371d72b56f3e57feb77187510200b154fedc6b139a36a49bb2060d1567c167935c31941dd80fbef0d296a8256f144ef3cab87983c9e4e2bbcd3fb339217021c93c6662feb87821efcddebe9e2a106c5b724bfdc9b00cfe533615b8c97bd90c7c825709ad1619dec1d4f914a1b4c7b2776d69e4d51b905806a6edb67d4b926ba299af119a520227f5c409bf247c35b4b2b8fbeb2a4ee2f2192455883db9bf2dce2bb62506a6eb1f00e6223502aa1af04eb6d1250e3aa9aa193e9468b96a5788f88ee2524b55064d94c7d5b9227c9d988e1b19474342932d3f8e4c
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (62 mod 64).
+# DIGEST: 6dc3a2d32318422ad20e9c7b09a9a73d8608a326eb14efd6eb52b87ffe4bad09
+KEY: d0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d617
+NONCE: 2e780ab8b700433a957a741c9eb80f2b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+AD: 1be112a72933c7b54ed4fa
+CT: 2e844cc46c1eb905c90fa857be56d4bf947ffe31238ecd92f62c3fdbb1df4c65b14acce9aedbcf6e0d6b0099023fb89084d0658af9d148c00798ba511cfe93ca2604109939a2ed5c8be6a6557f270c14ec9dcf1953014c5324bddbd19c5de88cdfd90c17b06161dc3faac0b551ea15fb1ef49b20d5ba92ff185e0f2a1342
+TAG: fdc906b90e526f25e414d44f8ef584c232bc97634e4b4af65ebf6ab6c3adcee9a7b6cc010e33f9181a83e6c8482e28b299f7495631df8068b454e952ea2467093ded7c93da6ea3a7faa91fb507789fccfcd8c0cbb115602c269e94900fe34daf36862b068376f1aa0d11a175ea2a47166891fc08d86d99b0cdc36134f2cb0c48a1dc5e7009348c9788ef122c92e82028de1e2ab27596cf9ce5bcc18115859084db6cd598341c60aa6189080e1d27014f442dc98d6ad3074bf357134209337eafd57c9e71b9fb505f7f442729f16cc2ebcadf3b1b521d22731a417c0ac06f7dcc3719ad8612ff1dfd9fdaea8b626b172be78a8fef4dd5e681282c108c925adafa5bb03b372b623d0e1aff82038cf70c72f481
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (63 mod 64).
+# DIGEST: e2c5b8d5e6f07c136223bdb8a1c0197cd99132dd8320a3f1dd1a393a90e575ad
+KEY: be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e
+NONCE: 780ab8b700433a957a741c9eb80f2b02
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+AD: e112a72933c7b54ed4fad0
+CT: c0d206171605ceaa8cf507e9c5b785162dc985f8e6d02c9b78d1ee7a50ffe0f2f9eaa80444445da0f42f08cfec019f2aec8b0dc7e9e49eb63180811b092cd737191d8a4b9b2a4f802f484f5b3e7144899b29878c9e7173f24b732eecdcb6bfc88b3a87cbda306c296176d18d794c1f1382c7df66b9c97666ebde165ed92869
+TAG: f33071d221e0e38375c6e17bfe1edfcc9628e765995441ec3f3535501ef80c66b03f7c9127e59464aae5a9c62a6cc80e5b9ba164ca644171e309aa408757e5a4ac5956ac9f47a9d2c1b01a5e4fba3870422803efb2ce809954f1dda2a64a5ed16b98bf911ed1a505d6c5837d16e79587219cf47211de415de99fcee110f11a3bac9b2a234cac4172afbc404ecdc471dd5a756ff8936fc481b0bdd876501dab51174710b920f75ae0d2ab1605b11cdac009aeb26fac1ec2ed4627f05e5f8507e38765cb9bc886bf15b37278ac25b9230838900e17e31ce1d4f15fe7767db19e6405f6cb85db43cbb6b764a9506eff8efb80a706cabcd4beb646aa7bd5f62e2edfd6191bab4ecc948527902307ccc4479b67
 TAG_LEN: 32
 NO_SEAL: 01

@@ -0,0 +1,43 @@
+# Test vectors from NIST: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
+
+KEY: 000000000000000000000000000000000000000000000000
+NONCE: 000000000000000000000000
+AD:
+TAG: cd33b28ac773f74ba00ed1f312572435
+IN:
+CT:
+
+KEY: 000000000000000000000000000000000000000000000000
+NONCE: 000000000000000000000000
+AD:
+TAG: 2ff58d80033927ab8ef4d4587514f0fb
+IN: 00000000000000000000000000000000
+CT: 98e7247c07f0fe411c267e4384b0f600
+
+KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c
+NONCE: cafebabefacedbaddecaf888
+AD:
+TAG: 9924a7c8587336bfb118024db8674a14
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+CT: 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256
+
+KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c
+NONCE: cafebabefacedbaddecaf888
+AD:  feedfacedeadbeeffeedfacedeadbeefabaddad2
+TAG: 2519498e80f1478f37ba55bd6d27618c
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+CT: 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710
+
+KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c
+NONCE: cafebabefacedbad
+AD:  feedfacedeadbeeffeedfacedeadbeefabaddad2
+TAG: 65dcc57fcf623a24094fcca40d3533f8
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+CT: 0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7
+
+KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c
+NONCE: 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+AD:  feedfacedeadbeeffeedfacedeadbeefabaddad2
+TAG: dcf566ff291c25bbb8568fc3d376a6d9
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+CT: d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b
@@ -42,14 +42,707 @@ TAG_LEN: 20
 NO_SEAL: 01
 FAILS: 01

-# Test with maximal padding.
-# DIGEST: c6105cc86e18eb8376c16ea37693db5c07b77137
-KEY: 8503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+# Test with maximal padding (0 mod 64).
+# DIGEST: ceb2d295bd0efd37c6c34dab1854c80e986174fc
+KEY: 37446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d4120
 NONCE: 
-IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c748
-AD: 1df3f4183aa23fd8d7efd8
-CT: c90e0c2567341ea7e9d968dbde46ecb46ad78dc8be7d47672068de66d6e7eae14b500b94927f24ff6a4f7b07
-TAG: ec90d128ef465f4a3645fd0b2601fbe2b0bceae2f890f0700c7a15c82fcbee6ab492908ba5f2df0f04dd0635c047cbe52069d85fcfabe53ceb43dc71c46e51c0e3a9ff435840d62bdcb93341a1624b69397fa1bbd9229814a2788b91a107534b41ed488f4ce95fd2ab46963e4f1a3096c74acc8466d034eeaa7c0f1fe46a4eee7abb740367266cd36fba96dc74e520f64b9605c067bef516f517f99ec73c1104b43bf3e94eadd7dd6b9b7db847d6ff4c03dc454d8edbf8f694f09754f249fd1dc0bb4b130b2e43ddc1d24a0cc14edc8e7328515cc8498ae89beec66127508676fb04db92055abf2be22e0c2a7a3d9664e17d919f655ffaaaa7246a0ea29f9c42f72b6edd0dfb4867802d6992ce25efd8fe0dd0cb
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba
+AD: 2fd6773e0d0c302a5f47e0
+CT: 000893d3434c5be7cbf9daffd81f03545f735cb70d1bd16eab26e07da7ee29b4c607d9a57077d74437e5b01a89c808c7ceca0d3838e5c6ee9947f1d4ee1d5e5e
+TAG: 6d8dc4edeeea81cb503d7389da209ae335876393fdab048965c7eb1a1403d05f8ef059788d08c2e906444388fd416a87bf8706f78d35797453b242618f4a99f47c3756116ec0318d96435032225ff82b902b9b6985189ca438e466154ded91676676c645926e2cf8a5d6f3bfafbb713d646cfd35b091f68e5ac2e7ec10badf1fd80767e6953abeecdc89beb2180dc92be21631164ef801147917e0c8d7841bdcdb52ea03344ab5f2bf3d5157794f5be79f51eb1efdacc0b77b27b72e2ce03d05473203522e3c2c196390d77dc28a35951f3aebd72ee58021d55e521dd029719a7660408ed0da5ab41830102bceb514b0b172d0ee10937111edba82b47e719c3beb3ce49a665accdc1c5bf028d465b5e1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (1 mod 64).
+# DIGEST: a07054c760cc66fc704edf950201005031f3faac
+KEY: 446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2f
+AD: d6773e0d0c302a5f47e037
+CT: a1e92776d0ffcfed03d1be956169f606733755d5a7011620c7ced6a825d8e59627e75692a41a1f2a86e62fc6052873b5458616414584e36bad698cf4c44909e0a2
+TAG: 6e0b32528feac2d7f69abb480efc7aae6cd1c5f8a654bcd10ec5be08b58f5a2198bddd83439d69ba9f55408cdf087e8a7f33fca6859638c5a4e8bc6961afee7534d8ffd95249d554b02e5beb81100be5e10abf679300f4ba514c03f4fbbba3cc62bd13dc8c8b9a726a9f217446c6e3b89cadb40488b177926c88c9d22a6c4ad9deca67f0d976fe62cd24c3cbb2e51dd16ee2e7bfe91d867b77c77a9a65c387e2682d946e617d0128034f5fe436eb7fa88aca82526d71dfefbdeeeb5a2c15d57fce0cf12e6ce0b101ef92d9ca540447e0bb65bc04b6a02e4e6d9378c6eebcd6d530c4ae14243beebb18403e8bcd434c2d88cc121e2df182edc3e1f52b060b1aecc48490c6cf3260299449945c803891
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (2 mod 64).
+# DIGEST: d059c266cf6233af730b7a229b19356a4c6fcf06
+KEY: 6f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6
+AD: 773e0d0c302a5f47e03744
+CT: f414f0321370af1490839677747893befa438051fef5f02fef488d7b84dc03140b3a5dc3a57041be4c8b688633110fc07251d877de0d6242928e4d937e3cc58ed611
+TAG: 4ee98ac6f10e179314a251a9db190037c47b9fdfc66321d83a995f6dccc5259801b18c3f466f7f4939b7d2d7196e0b161aaa013721e81bb9707b974b904f670e4aa495357b562a254908417b65fa69e86c42b3efdd423838575db08465a7f4889c85201629f6350c0865b5b0cfbac4f51ea1eacc8f9768014975d780438c3bd77f7f18612080abdeac9331e1a068c8f3a345d0026c5723bdbc48643c1a733a5b7ca9078424522db9491bc38d2644dab2d75499715707cd83ed655343ca73672d480f1420754fbbfeae0fba05be3b5235a5fa48bda9f39df0b298351d8f4da3fb8a2feab8b1aca9335eb31ab03f40ab19f668bb864c798ae08de37bf848fe2e898172d26fa23f383787d7199a6990
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (3 mod 64).
+# DIGEST: 8aac0687e33041fcc18da154b41f20a6af2bfb28
+KEY: 5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd677
+AD: 3e0d0c302a5f47e037446f
+CT: b51ab2f8c4ba3e8638d454ea72da5e3cb15336c347c442b8e1ade85c5cbd0dde790dc707d60d452d5b88d72e718f13cd0e0f4c9149b72e8d6be869d817a3232513c958
+TAG: dc8feba112517f6a820ca12de43c5d64c51cca713d3702a2b4a5cdbe86a90946a7369ec26ea8b5b35df329bfc6e29ef50c2774649134bd6e3f3fb38ef13d9c7fbe066e9cac4fb88dd0c02b677472ebbb2d0679dffedcaf13fccef6a25aed3a272ec01e7680becf80a624518e1333d28c97487b06e0581cc80c94989db4e93489f3dece9eab6dbbee73aeab572d1ee7705d18b899d9c62d7a370311e64131a801400b580d3c8f7af88be485b84fbdd89f7f7dacb29afeb56658f3d8e49f27adc542e412b0fd652b9f60575bf61622d7306c54bed50b43d89cdaecf1981ede09f9ea36fd174118ac178ade5f26ba04fcbd2eb035f030e2139506456ff8d342a4e59bd55dfafebda23a66cacfe6d1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (4 mod 64).
+# DIGEST: 53658226c112b86438dd27b58a71f9e36fc73c1e
+KEY: 91d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce99
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e
+AD: 0d0c302a5f47e037446f58
+CT: 87bf1af7e4987cdab35bfe32adc6b1be286751426cf926217f2c699bc095bde7b6ff3d6cc96b79328ab776547c2cb756d9de8c1245d21619a51dba8364ef6914590f15f8
+TAG: 55b9a1ee198080846389dd088016acab73622b1e2f902b0776846c74d99c27e67c7bbb55b2ac0efff91af0f6cb2ddcc0b5b8bab768048bb1662bb343d2f3a164bd4ca4850fbf8111b29e9be7bb836e2a8ac50ec2cb0b1c4529e50904007372284ec9187ea27d8faa03fc9535ba744155d06c06a0a97d96c03de71c13c95f185f426615f1368be346aa5ebf80049ac6771763235f2ee44dc910a01035c53caf8f9fa6f51fe3ad094513a8db177b6a66e24d21e1e40a23aa3629fffad45f84a58a29ef9237fac5eb6f5deb3825de6f399e46b2b2b91faf64ce45d164155e4dc757f6005c7c3e7fb3d8829623fd7c6ca48b923be90c38f5209c6d94696d2b2b7ebc5dfbf2cfa1a37e8ed038e830
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (5 mod 64).
+# DIGEST: 6b7d5268b0b5037afb5be5af6a0ceb34e7656ac4
+KEY: d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d
+AD: 0c302a5f47e037446f5891
+CT: 44237c388c3d017300db0fc9827f9b575e59bd971a0fd89cde4aeb1763912b49d50e92ba19d7594ef6da27320ac2bd1db3bcfe56b68a9ea8e2347d69890fa1fdc8bed782ad
+TAG: c1068d84aa962e7b89090993378806194ffbf677e7a66524d2ebfa7bdc52d76d09b914168eec4a5fde0953d4567affd3a4e0e48190e7a84471efe8ad1ce577c21df93b9d641c865d90ea1e6069bd703c4ee372379a4ec94f7e99867179561d41e9053977cc985b98f7a9fbc675d77052809b89b8f23f993e191ed1a07f97b89d05de948107f94245f216c413288eb4e40f3cee9c00c15926657d9ef9187ab405ee8000b4bd84d5771464401d59156a97eea7b23b4a6e9f1587cd3b75826a621b699515829dfc57740ad5719c43e88d835e13ebf703a0966779d31dc26866e0e9d27e3376137c92c97af49a876eed425d3980f1904f013143faeccb4fc920185ec2325361e5b318434487f9
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (6 mod 64).
+# DIGEST: 63efe7af502231420ed5aecce9a28446b257828d
+KEY: 7df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c
+AD: 302a5f47e037446f5891d7
+CT: 2f25b5a3b01af5411466c8aa5d8ece037434d5e12b62306f2732cb063d0dcdfc2725e67118a242a5576d470fcaf9be6d811bf2789cc66f5561d0542438b5432fe713187a879f
+TAG: d80e1f4edc2137f430d36a5ac93680c973fd7c64a03f7c2ce1b7e33085fe94da70ee26f47998947310508448cc70daa595687eaa540e48f048132de108a045da6d71170e39bb45160a344a2fdb5cb56ab020b9c0842ef2a1a5c83b4d63359fb8d71506d1e611fafa29e77d0669474d135e37bd8aefc3e17f024093186ff80fef73889e887b8d6672256dd592946ea84becc08c29445c8d978e896b1dad5e2608e347e54a97f3f757d7362f95f4cedebed07ab45b05713f7119c38d15a0f22d4259893f5e2401267543b3f78b52d54dd2d608173119e2dc7fe01f66589628e95fd7528958e993b21e4db664b8cba2f776d5cc305c42553da936d580c17d6f5090ff04e106c6488b5b18dd
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (7 mod 64).
+# DIGEST: 1a555c300a1d1bd5b03cdd6bf2a678621624eb05
+KEY: f660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c30
+AD: 2a5f47e037446f5891d77d
+CT: bbf934979c5d9da5c8b27d0341a164d640f12956a392303b0f1665935b5c39de458f53e0a6f824cc56081db1615fc67ffff0d300d1564666b81bb37da59e4da30de9d6a19df74e
+TAG: 9c18b0f9ee6a167a23566325eb330660997193385214abaf945dc18fb8252fbab8330b9809a6f1b300ae5a0c9d841fdd6f77e8d65f1cd0b221fb9b94b5e5d7215e6f501f490a7fa0a754efa7f2d9f5b927a5da2bea736e73af067e5d988901032d503ef3ab89894d03e48a096e7c31fe64bbc2c13f02d878590659ee7606d9212898d4d246e52b03c5646b1c3fbd43baaeda6548156987fc8f490f5763da18198bf0754d20f16dcf7df6bd35ca4bd95cd5c95a60427fc541aaf1f6923ff150de825cff9900ac9492350770bdd13fc4d0ac858ccdf36efbaeeb572aa45ca5470a04a7fa1ce5954d58771730b7202def47b303e560e81ebba2080d044a0851043c5af1a05c30a5a448eb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (8 mod 64).
+# DIGEST: de9156349b578f2f44945ec6a676a67a829daea1
+KEY: 60ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2ea
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a
+AD: 5f47e037446f5891d77df6
+CT: 9b9bb61ca4d5aab8d0342d2b174e8f39b8e21db0fb7146025fb298016df3bab4363bb47f5b1fa038587df98851d09d473a68c959ead8062c52b9d6de86bd6a0fc9a2daab4667c621
+TAG: 897472da6d837ec173c2ae738721306e8d3c9e5353b65d1ecb3be3d0039739de379c9b06f42af8e952aa9acb4780a6de888dc8c54fe9a2eec19ae4a864b3b9696d712153bb66c49825ec5c891e30915c4b7b66b190525195429426ad694467dab09e8c2f9f21ffae4d54b74c0c5ed9a05963651dfcb9560677693429c63f3024043385ab0a31066243d42b80d2aa9854005504d6c8b9b7f736a8731c5dea0f3fc9007aae0c6edcd0a91dd1bbc5750de12ee13d4a77379cd3b2c2bbac885fa17338011b7b81cec6711fd5d65178f20a06f5475e09c202deef57939161ca8ed3e4aa9b010277acddc4478d1afb64138b276e265182ef2dea321b4f136c5c439ef6d099621813209a43
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (9 mod 64).
+# DIGEST: 12812df3aa7f3bbc899f6f248f5590e02570c292
+KEY: ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f
+AD: 47e037446f5891d77df660
+CT: 33ac574b7962d03b7816c0199a7f661a485832b9023867a749fc4bfe8ff0485571744f801139afd8215863b23e2d68ee7a254c60d8029e0f1ee10a1b947a4984f37f98a6767f52661e
+TAG: 3ee493d8cc764880f4ae7fc3c189b95bfe11d89640e3c9ddb55b230ba0d142d53fe18be8b955cf0d0d237c3b295459fc4c723b27ba8a29ed8dd5c80fb9839e30bc92e6afbf28ef6f72d1c28e5452460f986444678e7ea982d8bae63b69788012bd43aa66e5a521840c79831ae74426fb16f0917c5d2747b9c31fe43ecee604f26afddb093a9f1f1205a4451d50080ed0a9208a88ed6dbde37a674932bca837c46dd8725982c2ef6ac54511151c4cd59e511ca3835ea9bdbbd2e0842dc9674a854b8d4b063d0685086cdf917a7b7983dcc28af2addf3bc302034e365da1a87334a68477aa34a3a878d926d4c17f50316749d917e172e47597d060403a0279ee68dcd864652f37c6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (10 mod 64).
+# DIGEST: f3c89f21c327fca4aa400fabea9e39780378e901
+KEY: 82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad40
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47
+AD: e037446f5891d77df660ed
+CT: 8517e13ca00214ebfc748efd3a233e8b64801dcce99f9fee3d271357220dff7b1678c1cd6392a6ade62146c0e783248918a7cb69dd26dea525bd9060f380dba75e502bdc19581ebc3295
+TAG: d1f1280699f5514e4a56b08a5c3146142ef8e44c18ccac74577ec0feffbc29884da82212cba95b31d8464954498340f35e9a3d84256e8628368edd166d4b429fcb76e0072d2f5276ed8dc7bd5f34e754f6577ba00ee7ad74e9c89c4f82af0a7716d6ac77c39643909dedcc9356ba42f07874031878229a076da9ac7b0e49b2d170239089ceaf84392e889e7bceb3e383d0f744e229c53e8654ef0099a11773885efc456883e4a973557852f70c0e35668f3f212260e131962087416e668c9f995f226152251f5873fb89047a9dfa65b9fd0116486092b1092c4ee33e7625772944c06a2969b162986cd46d2b4185af2658c25c69a7a599d17f37be0fe1c8250cd7df5e6cf304
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (11 mod 64).
+# DIGEST: e8e41988fad6c8b44c56544964cfe0a347b35b1e
+KEY: 933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409a
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e0
+AD: 37446f5891d77df660ed82
+CT: b1cf0005c93547664e09031d923c4ef9ad663a808189cd8aaa68fbada340d8bb13330499131ef3788cd91e9527702a2388802fdd2e91998a53ffbb466bb7e362d06677edd673cae71418a6
+TAG: 7cad97328236aee512598d1a4c7d51b2154218fddf0ef21724921c1afe61fed1b7a1d1b56b8099dafff77362c4154e4bd7089fb0908ab1de49244a053997a0d04229250e52bc1ecf4550da5753a35108b6752f907ddf7a77fefbdb5d7290b02ae231d019d04ad9a5295336639e7e6c81ea46863d2bc3c4fca7d0f3b05237306759b156ac1fd10b044730987d04a943f0f598704f2191f6c627299b92a2c01a4004111c21f650376c3f28fc9793eddaefd74a2bb3cc5dea73685c954c63b71f2924ebcf9853ff084117cc84a0785d96d8d55d02723a2082ecd8c4b49b8d4068071593aff50c2e08fe7c49f6de1d7586e299b42ec723063f2341fd9b3445cf40893cf8c2bfa5
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (12 mod 64).
+# DIGEST: d1c7b2c04dc25fe7b742a1d659aec20e1475ee4f
+KEY: 3f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037
+AD: 446f5891d77df660ed8293
+CT: 7195b9643e0f7a4293c865db36442d4fe2cf3ea2c648dc88cd5636fe5e6bcea3d1197966e800da8c78bcb8830f3fa97671aebce98549e62827adf612e70f946673b07e2f953c8fe5e0b97aa1
+TAG: 3a909a9fa57e720bea6251ebbc1a71bbae1fd894f6bbd16e11abe51bbd1293abc0ad4c152a08b4acfac7a65b723fc6bd6923db66bbf202e184e8dbba150e6021ad1310ab4752cd4ae874409688996fdf88636084db7762b9578bb0c98d77c5156a82a97a3f6989db2359d252ff7c6405bd4834708c88d4481b35eabe2f7069bf8bac374fa382f4225659b41dd2a8006c0ff8d7c77c8d157e0373f45fcc0abc804a9f8a6b816f2b729befd606dc61e7f763f18121f56255662e36d120b27adfc8e1b528bd8ced5386cdb62cc73e58cc7918d27253297e9cbb9c740c7765cb014cf7bf160cbf09e00d32d31d462f356791bcf1286bb9023254afa6c41fe3d165f1bf7e6c002ef64ecdf3b5e073fb569028032e6713
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (13 mod 64).
+# DIGEST: 116e20ff1e79e0af464d473b1e7c187f4dd66007
+KEY: 62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae021
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e03744
+AD: 6f5891d77df660ed82933f
+CT: 1d50f3eb1cd76d8e08a9f386db0cdc3eddfc694e8502ccae47ab431c2935fc461254b80386c87690b01c22f38ea9bd118d2e0ed316ac249437a3e9c30f6c1f767c150216ec90e6c8913ff3d469
+TAG: e44bfe162cbba654362d1c86088564b14120815f181932e9f111d6da5efb5f4caad61f1161d1d148cc429ad34fcad9128bab101c7cc004fb8f0b516216a809a6599b5144b4c5828cf159fcecac46a86ba0698a6e5267610bad10cd7ce9079b6c691c2ecd522dbe3563074f2ac85712e58cca41761aa94449199a8b440016e68eb8bc9db3ff2c2bd9c64d9d3c71566bfb5d234af1a144859431f16ce6d65b4cc604e9cbf4e5539c192f07a2981b55582376bedc07aa20f5a841c9f500915fef353c37446511da3affd743fc551d5c22454797b3eb957770f1ca16da138c71bf5c00ab7893ae83b3f499a2c42f55551a986555925337e0604227ebf1c65312f0b1a8cdf2d06b5daf3e5ea97ceeb2f33421d0b44b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (14 mod 64).
+# DIGEST: c081d0d09b2c9eb39a372ef4a7b0246a0956b0f9
+KEY: be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f
+AD: 5891d77df660ed82933f62
+CT: 4d754c684658bcc89208bcd75f24dc8e18b70a28b8a2201535e60ab755fb20e1ddfa98742d257eadd02d96c6a65f880d058312311efdf67f9a106beff9f5ace0ac6af586aefbb5e8b4850e584bb7
+TAG: a9bc9bdf2c16ace8cd471c2bcfbc2cf933fc1886faeec62d4809ed5cc4dd4fcb6ca6c42f31bab300264b278dc0b10fe8a54005b590160b410dcdfa3db413dd04a72c897b262ed0fe4ad6683fc5229010f1d2bc939e61a2c9e0480ef3e03e90f74a3edd8bb523271adc45d097b197ca9034bff48677efa763e1ae7528d3f775f827b9c56ba7f042d7f9413b4c5d01972e86976ab3a398afae27faf3cd19ef1b24b5342f9d067e7702bf1ae9679540a72f7a12cdbfbac234d596856b3bfdc2190dff0b50f45b4355cfa25ebf8d1d16528fe6c4baf9b0e5a50f95c4091704e939c8ffe69183c2695ecb1f12f24fdf288a8e8bdf3fe510bae70c46d0214303d5503d21366c4eec24cc2808542a203d81789efbb6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (15 mod 64).
+# DIGEST: 6f7bb1f9e2772eb909c315e653e4737cfed78a18
+KEY: 8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0211641
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f58
+AD: 91d77df660ed82933f62be
+CT: 25bc47e58e7d4f3a417c95768699c92240a2be0e86232a41fe02d64f66716023996772e1118be48e685042f989dcd9cdc574614c9c3989f1885b4b71dfd5b1c32c1321ca41ca1e6ff1828e677e30fe
+TAG: c96a78b9ca68054bc1ed2a150dff9f9585174f343d3df80350982002b4c95106b72813a90028f2855faef235909686607f39655ec48f4024e170c9f9574b0c81b63c8df7af6b4d0f0633853a09c334379952bbaead7415125f541a01e320c5f5d9806b71c3ba71890e3229e751f25ac82c245596b5fa688f1b13844d91169354bf0cc03cccf576c2216aeb9eeab33e2a9f8bad2145d36cf0e7585a02296a7a3b434f4efeeaa4d7ed65befda32b287d9d0946e25dbc0edc22de871184ae8c76777528b917585be784d5e0674b1e5693d0b8cbe8253f8db67c879e1d2b7ddd5df4777a15509f813eb4d0f5a935aa011daaf0cc1ba2ebba9a20a74847e9c53b648f6fce4c08b6e7babc1919e6de22210a6f05
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (16 mod 64).
+# DIGEST: 172f4992e692a88f49628e5d3937959be01aed2e
+KEY: c55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891
+AD: d77df660ed82933f62be8d
+CT: f1ab85a35a17541efb4f906e7fc85e64efec6ab40d59d3da920c4ec09797c3ad47820e9d934e51e3f4d097c4a555575939bfaeb8cfea062b64816a160d6e4d1ff02a5fded435ab9aa2daf22fa7d676fa
+TAG: 14684ce099f4f0e11e785320debb89c79c03e8bb8751860d3779b4b553f6dedabdb23119d2866ad63fc974a6c6442b734394cb6705309a4d3889e90c4a222bbd14624cd89a9c3f904367c418140375dd592107f839ca94d43d09495a8dc8273201bd8f5a447bdf57506421a975ff4db3aab7878ff18e5b73c8f072a8d092461257d0182710ee9df9f86ac5ad321eac7ee96dddb27ecf561db222ed1c7c183c2ecdf4c7f57cf295638de3c4176ea244100d51c006282e98af1a8fd540daf0ca6f2fc0b88c550b4ab638760d95f2f9d09612da198616cd13fbfa1ad12a3fd30ac9956491cb11539a1be43175fb1452393f13f8d03501c89cf5962730125a7e185dc089b41124fc1e7f69b1fad46bd661c1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (17 mod 64).
+# DIGEST: 00133da1f7c63fd5f0eec364e9a359be02c1d3da
+KEY: 5b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d7
+AD: 7df660ed82933f62be8dc5
+CT: 5d6bfe91cd2273a9b986397a38e81be5fbbcd0403ef51873c2c467a9fbadc7bf540e83c538a43dc0e0ab780a4c4b1f5b77ced74f65b61f8b8b58b26fa3e8cba568bb717dc7071bf82dd8c68b068e739706
+TAG: 2ab9e654859c35e065f763d949d43c65dc85dc5d918850809ad8efaed6569d4b3ad064bef3427ae4c3be571fb914cefe2362169bed5b4c0cb17d2106fd6993d20ab8a8b70edb5f5d59b3357c8499c36e2b0b67edf7f334ff02d599031f43252b8d30d39affbd2093a6687c771b672329e14901ad9128f063267d3ab332ea31a79d37cb24ad0fd2d07f23b13d4643d1d9c529e1dd0490c851b0009fc1192f2438a48aba5a39be2ee925b1a38647197ead5cdea3499daa5abf9f4503d3581115a6847363348d5e7933948dce867752cde69ecc401012674ad75e12245dee86d775989275a5fc635c66d42c01b7646e180d28798905a3beb210c049be35b522ad580e1ca29f81b9469448749fce961ba6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (18 mod 64).
+# DIGEST: 60a6821269be6c5b985576b245f106128eb0b325
+KEY: 436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0c
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77d
+AD: f660ed82933f62be8dc55b
+CT: 16e3c681ba1ece3bdbfb1da491f877e806ddac5f1ae96bc406bd195c9d48bcd4a9b700a8ced21d824bfb99eb057e401c3529818725b51e96c576e8009bfe4866e98f550a23ef4748ff761a4d1c44ccb5eba0
+TAG: a30286b3d06306818a268db0e5116abc2c7361c5a32d334d8ce5f4007aaeab750980018b435c79391151fdd33df2a97dc2cf62c4426ce45be43f7e4949be735bcd33f0e81cc6b5a3c2255fbac9ff5a8fd7e7b57554d7ef00640d92b605c9afb0c19dd5ca4c79c409d85c197e8f21d79e91df01a817bf68e8718bc771028c945471ae003c0a210c572b79d772560031b5d3e5495aa8d9bd6fa3f8ae9976ed7e7f8d7275030d2f12ed5ab05276ebebafcac7d0ca41f9d860583f800e4f1b9658b12fab31fd63f6a5e4b80463918f8295ae11d7b97f9b5f89b8166861aec8f1b1417163a6a8adce23ce66c9a4306acae7ca75435cbaece814d6010a3e335bd7db9783812052179d5337d1c353be6e0b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (19 mod 64).
+# DIGEST: e2593f3b6741a9ed9fa188fc06efd057556ee624
+KEY: 6965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df6
+AD: 60ed82933f62be8dc55b43
+CT: 9b51ba0eebf72bbcd7a1b8452a49f30bf2d96bf0cde4d9e5efe7f1903eb4e09f53aec649c5a8ad7e7fc6c28a0dcf4bd3556f4377bbf8b3f9c79dffa5978692559f732c109a7a02390746f5975d5a0aac4d04ce
+TAG: 636f7bcc9b0b5320643f4b6acbecd60a0a89d2511621ab47fa4c9af610fa1ff9c6cc5cb8fb64493d6a4dca0e94a90794f31698cb1c5bb5658e8b6a63a2cc9b2f1f297240d3d6c62087e32f5d5e9f9d608eccf4b41253933c7391983db1138012a5f5caa5abde25c8a16fc33cccb0604421d985f198c48552650f5dd299bf9163c136c042c9a35cdf7120a702bf460d739ab264fe1f58453ff4990f7315379ff074e01730e7cace8d45a5d0355c0acc409db8fbc759516ad56818b37700548aca769719937103787311b6dbc8488d9e68ee439cec3075bafb725f44734326df9b10d6a4f7133ba84489a9985febc96200276a1fb513f8a3c062466cbe63e7ad668cade7ea70c3b8cd040a6162be
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (20 mod 64).
+# DIGEST: 17450a437efe239e1858ac4062f34024305372be
+KEY: 65aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef45
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660
+AD: ed82933f62be8dc55b4369
+CT: 5e4df84379f9736d784d9166047003e3ce3375a8e7add80c8687e94f68595aaa52e3bd39a45a7f67d35b4df0c5d62abc81680ebea78d1ec02153833b4dc4bc51b4d1725f5a830a064e33cd5052e90735477c069d
+TAG: ddefe8bc965ff097f22b8978296cb5eac25732862def3ce5a7d2ee9f7b7d6a6cfe5778b9d6901e7540d8c62f3d97f68b43224e00f8536bd7df50f3ccd1e0917eeff5c32d196cc2b594d23347f4bc1db22ede4f2ffa7f0774c1a073b5e91fbec2b634d0d60458f215309be0c2d1b553f22a87cdd75cb64cfaaa0a15ce876bad26f48b2d6464488f97e35899c7aa80957491823239173843dd88a617839e5bbcf78d51dee3418defcea0a72e5ba7a1e8d652139955570510a9c8e6b6902a5c74133c641fe3950db1b7123406eb4cd86e17bf4efda4128e83172ae78e8c2b632c0cef066ef311f38fa1a210a7802a39b95cb699962daf41e5d436d474753997ac3c826ad39980aacc954adbb12c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (21 mod 64).
+# DIGEST: a35fc7d25f90dd9cbd35910d5532aca8aba88b29
+KEY: aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed
+AD: 82933f62be8dc55b436965
+CT: 1ddce9b3f674dfc1b94a6cb34418e6b75c93f14941a6dbe028ed59667404b93afead95ec50b9393a8e0e5f469fc1cbc5136f4dc54f3a005af6c88cf70ff39487cdc730dc131538279704a67492f5241faf00aa8c46
+TAG: d43074349115775a6db0a999c8b492d65bf1c10f046b7c7fa6335d54854a202748ed412c82088bac5d07db529fd2358c66e48a1a40083d9911834522091a61d25013bee70e3d9bed1c1a63ff50c2f0c1ec80bbba5bbb25fd8b2c787e9e6c90fe73a8e476743050c06c8f72344842507a75e6514fdb760f1c733242fd447a8c0658e3045324da0dd132841d0ca758429c6fc0355434a6ae86cc1c798cc9a558e767730437f66f08bc8fd0301d3447f5f5f5ae483ddbbf61f1c8de15bb2421f500ab10ed643d4bb54367946206d5d5cfa6a4a2bd16527a7cfc619d1d7df22fecabdb0541201825e2af362adb3033ccc4eac11db0b563d5bfd65ef1a95a28d5798a33230a78af0b38bed6d429
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (22 mod 64).
+# DIGEST: 73eff0f03358879f900b6ebd515f0f4e5a6929e4
+KEY: be477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82
+AD: 933f62be8dc55b436965aa
+CT: 6736ca287cf31ea3ec92c68697bfd1f88642e67d9dcab11c5dc8ecfc61611ecffc54a04119f53f9e5476196f220486ab53e2b21e1135bc6745731f0bd32eee9777a1b3d208c21d86048a4cc945389d60ec8954aaec13
+TAG: 53f11651de2a737a0117aef6790d2683681561ca2b26586c5564d5fe06565e17200115d2a473aab781b9f8d4002fb4060f1eb43e77e31f270c143ae08a1cb5a2887c2ba393e050473894f62c6a7ec438eaa575d631b0736c3fcce58b9e81c28701a6d4c1dfd19a5d2de366d7b1c2433997dc826b48222fccf919ae872e42332b74d24027dbdd487014adae3813d52bd20271ab8da425e641701f78312026f117423f90145181d9af2696cfa08059a2f3b1f7f63e48c7ca8f63396620b4046210cc431a1b1311834659338f957141da2cba2d499ce121223f45078668652c9b699209bd1a33832e8a53c7bcd5fad62acbedbcfc1cf839b6d1444a991c573e8c2ecafbe33a23701291a8cb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (23 mod 64).
+# DIGEST: dd6cea270655225cb4f4231f54c19eaaa146eac5
+KEY: 477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed8293
+AD: 3f62be8dc55b436965aabe
+CT: 95b9375058667abde693e7e3a598dd4c326ae4db29f54667c54453e6191c52f86d2fb4fe324e9a02b94f094f1dc272b1e6ad85529206a511468879d31ab9e74f7666691dcd7365ce52fd6df951c20e7a71ba740901f797
+TAG: 533eaf7ba2c963ee7357a118f8306660f786ef35206612b3bb8a87748c76c6bd67c15aca895927b6a92c1fda33dc4c330e8fca65d6b82343247d070a5bc0d0d632f7ec3060546cf2fa4f3bb7f144356bb2371cd19100e7d7066f2c304039836d62a647300bba5b7501241b8126a8f39bf8ac2946aee674d0a64644b8aa0e261f4049c9ab56b16e717d162d9a43936852047d4adeb17bda109d3aea0a46acb70e7fc9351978b4bfea20cfa0f437fe8c1308e45a390e40ca17739c4edc6a0bf6e0c14d84ea315e36ad0e80d22011b02675ae09e814c08ce607d4e3fe18a4bb9380966c174ca8a1c397966dccddbbaf85f47bbd97c5d99936c26917df99b6356de065ac0ddee7dfede113
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (24 mod 64).
+# DIGEST: 34dd9bf0ce19eff890ecad474388779f63b0af70
+KEY: 7e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f
+AD: 62be8dc55b436965aabe47
+CT: eded2db8c302b3b5b5b0c0d556f8d34408fdb2af75d38231049b5f91e02a4086e6ffcfabcba5e3ec68173dfde382a41523d3c8ea1f7944351baad1588516c548125b1005d3375b03a4ff4bb19937068e0efea0abbeac4f8f
+TAG: 379af744a549ee2fc70f6fd955d68da610b9e28178af1e7d6034c5e583f838a84882937060dee0838a6d0e008c51d312956cbc233af4e94ee992a3a9fc427f98283ffa000fe22e62e6181754cd434b066e685a514bc6ec82444c3d722fd37b305e1c514541208c4cc8298acfbc9f41762f50c87a9b95ca7a4d47ef412f0079cff9affdad66dec43d8fa706ef5bfa7deb9826c28ba66a7395e6491bd45ce3750864e3b0d466d236d1d5a5a6dfa8f531c2ae985515d367eca43505de759ad476ca08a6ad5265e8550a4d1fcdb0f8c3ef1a4567ae3262d5d5a78e7ef6c8097ca22815e35ac82ff78fb39b029edf5521311d0904b2e10822ffdf3f93118412181f8679363766430beedf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (25 mod 64).
+# DIGEST: 7db8cfbd3b29f96d752346eeda3c2bb0bd070099
+KEY: 0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dc
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62
+AD: be8dc55b436965aabe477e
+CT: a56c9d8579b78c9ef40c4a230e8bd42750510340fbd0cf55393bd13d93b105fd2cd1d701b6882bacc661e8da81b7c9eed6b5dd4da12353298150819c748f464f5c60b86f92a9e89e483055b8dd3f42605a3065f08189f74021
+TAG: 2704ec8335c00380797ebe4100b3ce3fceb38704eeb5db223e4256f4b2a5353ec0a89676e0542ccbcf3ccf131832f2d4af2fa86de6fb456ccc6add9e453c16e303755dc4e841344efb5251cd266a88f4f0efa3155db9bb475e9e97904a2efaabd8b2e836d54babc9fe4a5a0805d113ad28843994e83694fef3172ef45abfb037b3c78205fe9e6042fe4c2db156b78fcc52b0f43eb3b2ca0f40ddd0077be8880c29c9cf5d3a5b68eac071874a7c96fc531cac7c0245dfd87febabc641b081a7de6693cc85d7851238f239914d96e8281e6c44b1576d0e2a3ea02079762e05923cd53134db1524c28c02474bd539d0ffd8bea24cc743a35267ccfd405a834bbbeb3819a3060ae254
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (26 mod 64).
+# DIGEST: 4abaa8453e8cfdefd918571a961d8351754ad5b4
+KEY: dd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be
+AD: 8dc55b436965aabe477e0c
+CT: bf13550fa32201ffc699cbf22de17ca268652f8ba2693dde72b626d01855eea7c21f0afae3fa03dc757491e8efb9091a4c100f8dccfd15a9b4dd94e4fe1f5e90cec62768d0a91e132acb1fbec1052878706359cab3445d38b1a7
+TAG: 87370bba8adc7957b9f4b468f584e1483306cbfa87738a2a047d9e5b0af76efafe46dd1028aba3d3677967124f2adfa8d88922bbad39c82f9272e4734a12c9a82201024147b14c50f110371ca57d3cadba332d46efd5a936feea2f74609ee8b39e22d4e49f608229b9963417661e47610547970d017d1afba6c5d653eeb9d6b596ee2560f1879437c81dd7b7ff64737f68e295cb558c3833fb481b582817bad184290f7b731b611aa09c63272a14f4471ec654e460fe7e2061de628bca07cb52682d4d46a3e29abd90faa42e9cda1118c92ba698ea985bfa4dae1e5a5edc2eff590d609b37786d1d577b55b0cc671d237e338cf46269451be059e44a2e6b40664d060919e7bd
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (27 mod 64).
+# DIGEST: 0fb9d7ffcc7c9b84f34661d472ae2d4fa25d3d99
+KEY: 46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
+AD: c55b436965aabe477e0cdd
+CT: 9f9a3ab733e50c1584c4f0c2a2dc0ff71bb3a9b32dbe92da2fcff8fe46a4bf16d4f30ec8efb1319891b7d2586839fffe5012a6dc3d5f0ad21e1572a1ffb48fbb59ee4b8e0234e543786e775dd4c54cb1ed006b4e8f5195610e267f
+TAG: e3e1b44b7aa92166a01da7ba9c7dd6ed9245dfe296ee16fc20addd7a6c15462ca1c0bf1b90a136dba0749837bcf133377d6ff21fd3cb7c1f7fc50df8ada45e671e1bfdd4f711462c9655c8159f2dda37bcc96df425ef3fcba2056973d39378fd2189375bcb96ca84d023f45f880166ba262c3f089e58888b8a67ce85048c5628061e04a7f09d8a6eda422d424482dc4dd4d361fde54b3c659b273ee9a04faa389befbe2816e164d9bcd9fb6ec7aecf51e9288cbeca4d3e0dd776a3c122eb4524196dd7e4b8420a08a3276173c282dc1463ce6e6b17fb419c1bdb47882e6685c877119fb6348bd0f80b867d60fc8ffc4e89768eb33ada5f32a81eca38965b28bac74f5dcaa1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (28 mod 64).
+# DIGEST: c68fec315401703e49722fe4b39cf28b14e9f50c
+KEY: be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f2
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc5
+AD: 5b436965aabe477e0cdd46
+CT: b4d33c5131701c960eda4c50fc0a918acbe28cd47fbcaa328c6a9eb08e3c36b697928c6981992ab155c30984c6b8e9340cb00decef7086f589ed2d730cfafd5ccfb95373b8c55044fa1c95927d02278a48f986a6b8301426bbdd504e
+TAG: c327263a3dc33abbbb6985406703ecee6ddb0d9b236ff2366c65effb2c936e5961d99de3bab4eb9c5aba4f65a55bf768a369181b191545f4421be3bc5bd2155257374ba8ac8e70823421da77aa1e2001a4e2f4942a40dc586e1c9e3d0e8dba136bcd823eb644d8d152182fb0c88ba540ba3a71ff1b147e4e072298023ae0c8d37cff859108b02d586d5357076e6e649e2a8ad3d4a9de1ffdea88b4dacb2d2c7fe12c8739e0d50d91e3fb57d54e22e6c4ca3c8e47b2b9c7de9220a1588c631dd6ac85d04f58559b796b8adf5559365f8009181a75e1f7f1a3c1097d81065be9b30bdcd0c5572db64f633561e426f1a6023fd7b7e1c4f66919e9ee67c5ac4026cb11aac92e445d90ba020153333c8db152113c5cbe
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (29 mod 64).
+# DIGEST: 15e1aa5285beab679aaedbf51a86b4aebbe3d7df
+KEY: 99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f256
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b
+AD: 436965aabe477e0cdd46be
+CT: fe6540372ad1c40ec1dd644e935c480b9e34aed05a7f21e2e37dd46db52ebc5352cbc3be2aa289cc2e9712aa7d393f4454c9fa3a4acc30db41ada1257693d3469b0a1d5680dc8dbfea8cbb4768161f829a4f853c1c48d08825aa2b44f1
+TAG: 53f79cf7b8f4380a1d1f1def457d4ad78c5819e0654d4052186213880228c482e2a54bbffb71483d32a8eb97ea8e9057a99a52fc3381820bd5c8fa43b846257380c07075592d6a445075a0df4e48f20dac7e2df8967a1cda41bbd4b0411a54b3ab9e79354a59aef5291599176599db82c0f6ee8a05e012067e2961b147a7baa73a818c64b52dbefd767b285fad111972528e3865b78c3c8aed658b1e84ecfd6ba292bca83ef66968e1bbdc05f616ae79d1d7932a0e8d5fdd7f98159b199bf933ada7670bfd4992bc2ec95daac00f10b7cf2bb68755edeb646395efccbfe322c9f381d39ec36d92c914fabb74d4df8dd506d9a8e233c591a503e92943e9437b10268bc9fd1a512b31a3aa62034ebb2dfc2ee3ae
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (30 mod 64).
+# DIGEST: 8cc0b1164fc844e958e055b7ae43f2f95c29e8c3
+KEY: 371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b43
+AD: 6965aabe477e0cdd46be99
+CT: 22e6c691ae1ba796667ceeaba4dcf85582e398e529d938da63c8221a58c2fbe242f6da82eae8c896dd31b45b3e8b72ff3dd7906130954f7b68d4c8729d3ff66ffad72104047209a56f1d6cdd927b57e8f29108140f903d03da3f4d210219
+TAG: 6c22c87e07027df3721970ac8ebb881edad4c00566f7b53dff9189ba9844543d4c5894ff1579a353db455a1597370c9d8f2c16a191d6e0eacf6c0cb3bc30b979ba40244a12dcdbf806e609fee1cb9531813ab90854c5eef9527b0e546193df1d3b2e52c5c01cb67db0f4fae9e1557e89b130fde7ae3f7b493d1b0296ef965538ddb7519ec972ddd1926ca29e3a9ff5c9f55414f07a1c1785908975ed43b16bb7c96b2820fa3c317582dacaec45c71b3ed841a41358c87340f5fbac68dcd4590d9aa4cdae3374d7c332c6ace45644a8805ac792c4ae5bbd09ca06581fcb46e71381031d5ad54b117005c2924a538501c944c416e19480d48e792a741e863043be0cf0cc12c700c3238a77ca4dbd168da1618a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (31 mod 64).
+# DIGEST: b51001b6ff9d27bccf3103a4961280e0a1406257
+KEY: 1eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b4369
+AD: 65aabe477e0cdd46be9937
+CT: 4772e647d03817c0f9deb39ff4f4f27fb0fed33e0630eb453883c707336f0e74ef206e92e31fb2935a466105dbdfd42c180ef63cf5cdd3c281337895e399df6078c22762eba5d84b8845ea00bd88bf5e4f0da518cae42502e8531b14d979bd
+TAG: a6a89cb7f4f54501b3fc90129f28198a9c3ebebcd6fbf6513ae3b136ab79b5cdf4df4563910a498137864bf3a63b6dc731a29e2ce7768a8216ee39bb67f73b16f73fcf6bfb934ef67dbd964d016d876ed884e5c3357a5238dd7ad6f979e81952d9e2c2c6c5bbcb1ef860c67aa977b8b0e0288bb37c94b48ca7f8f5df733e1bc522c9b06292ae4340710d15079b8d4e9e7dc95b653844a7a5f795d71bd7611900698a21335e0736418cc31a6c29409f501e0d88be63b54d6ab8ab5c7f07f7375860f949168f9555ee49f7fcc41900bbe1b769a65ec344e172e0de68d74c94d261fd9785b6516ff425c6669adeb426c2deef874dd6b510791baa8778601c134dc5e05e0b414836303f21bcc7c300958a0200
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (32 mod 64).
+# DIGEST: aceed075f31ab159f6610f43ff0a6ed3a359bee1
+KEY: b8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965
+AD: aabe477e0cdd46be99371e
+CT: 6dadacb58a7b88e2daba277f66e5757042c142115871c9813d1a72a79e5a71366801a757a5f9982e99c355fe7d742fe3f047b711dbe340bf2ffd00cea6dc6ed7a4a416c17138404854ab8a5420960d60cd1b86424b2668740910a922865e4c13
+TAG: 98e4dbc80aff1a2c04156dec77deab9850b5b951f501d58f265f2c75344f7e6d0aba191b077877ed269e75ec40c84d8644070e68e18583be6e13788ff2c7f9a923f84eec8642ffb6eb40ca773a45c003df69c80de0ba199354f231f9091d1b4078ac218835e2df3e76e77d657099bef5a6a1367e6c39b23a0b7cd345bb8f5a97b9dc86300132e95853fc3635da842ed214fd00bac3b46f002f3c26cfd36c575a56af06e74032cec9451837db3542aa717aebf6e3ab3037dfab7cf0aa0177eba2dc3a56c3e3011d4c940b124b565c4450b08ce2f900d400e01a9b469d327cd9bda24af77f60e8ec6f5da196ad850c38d5cec0fba6bbab584c8b486bbac87a7f559be463e5929985ce710243260fb9258e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (33 mod 64).
+# DIGEST: 976ca4c9819e25a204a024d05fbe7420f717bc58
+KEY: da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d03
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aa
+AD: be477e0cdd46be99371eb8
+CT: 4307f039e09bbc51fa0477941e321dec14e5f562d3a5ba25d71c3c8afa23f44e1ca619d130890b7476e5227442c27995cd292ed9d0a649773b752b3bc7abf171244624bc55784adc9282f1776789fdbcca048313a1e6c8a23119db185ea4ec1925
+TAG: 87187cd5d301d869cd1b4bb721475f6dd5b64be330781e20a24c1784dcd74cbec221914ad4ae88d4c9a1a9eaae7b13052d2c6ded662507a07594feae4de66b72c7fc1143c4e7100293f842ac0022d8a916a687e436ab7bbb56b2a4fc18677a813b38ab1e1d48a474322d44f581a8d007ffc6f7f4a132212e7bef5d5c9b13889dd2009c6398fa2dba18eecfcc5f41c5ed56be7f451f9b7b7a908f0838d3d8e2696512c6ec159a6dd94a1628be9911a3d827105d8cee209b6ec4cee3a488ef5eae355826d9a474f55bc736605c6c24444330fe5eff18a735736b66ea5d0c5b3278e373b57d86dc7815603993814ecb0dbdbd330c69dc46d7e6fc8555a18cc0ba5b5da89e5075c7ad835fef0fa46ea426
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (34 mod 64).
+# DIGEST: ad8cfe7556704bb1974e94f70d8743d147c5c3b4
+KEY: 7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe
+AD: 477e0cdd46be99371eb8da
+CT: ee9fa11a7d6f965e7d65d8f48810754770b9d237ba0111978b97e24f223817d0c6ce4dbde85c4e0979bea607a36c66f908c25384184fc334d8d985b78c2e9872d82c4cb1aad49d7dc21d6484b80f9192bd724ca57cdced2fdf142283126721c1c2f2
+TAG: ba76fb9c71f51c92d4602572883846812cc94a83e86dd16136d65c3ab932f89b28ecf49ce22335f0c643e3d979401bad3ca97673f062cf69855b23b6a1b14927594d92f689b4204ddb32d95d577ef4379890d804ce26e0e4565dfce891c992a29b9b1fa57f633b0c231e4e9c4939679bd52205988cffc989e34ae744e49a7ada77c6fda5537c5b031208acca0628913fd8a2ecd9f2b5d50254da5f7f00189dfa6d553300d805807141ef0b75557a693f1f90698a8ac912931b7a1a3a889295046219394a0884f823d204d0a3bc4cd4e3fa6adbddab80d123368d2f29ce5e8a992ab9c1c5d2c8cbc99e99647410abb5c73d8e00a0482834f97a576e99311d747088e9e65b8546265f71a237c1f74b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (35 mod 64).
+# DIGEST: 1dfd9608adabb5a55e12949f1c4bfcd5a77cb703
+KEY: ac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb9
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
+AD: 7e0cdd46be99371eb8da7d
+CT: 1a95f47f7bdb2d91358f683b7bf803254d88b59e2d3c1d873a09794e1c18f1c924d480727599a1a6890bb664335e690e4e52c385b634bed45e08410448ffda3ea2593a02a11a03d994617b9f7ac85317bf09c41b08b416863cd90f0244d22c795a34b0
+TAG: 4537e27f1bd4b1b873ef4b3eb83cfc860c44921195a0250a96e553280b15e9ed379d4eac959a2809ce808e40dda881cf8a08cd50302f7dd5e67659613932ffdc086db4de634000cdda80fc576294c265f49a48c79ece6d42423a4f86c25c0a168d5eca502e87c419ec09134c27e4db1f2255de7e10f0102b44f30c67c8e07aa23aecd3f62ac8a24f9e8f82be61b539e288d22f8e05e914c191877c5ad1a546415df68427f97576adcb8d428ce7ce2c96acc98fe0d6dcb42049206ee1679f037955cbc12be9ae020774bea675b7c17d0033a60927f75e87d9c7ca263a5e0ed38450af657a81434afc9b4f4a14f02f82e33e17e7f61c276cc1e630dd773547b6cd78231de0895e447235cbac4b3a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (36 mod 64).
+# DIGEST: ad2b43eee27e6267d8c5c1c3d558a07dcd6b1f5f
+KEY: 997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e
+AD: 0cdd46be99371eb8da7dac
+CT: 67466a0bda0815f726cd09d159e06088b2530b73775a8c18eab2d09ed7bd12b743b0a10345cb3126dc14d8f5c503b65a45467ef9b56ec7c5b24e5548e734d3f0fc90fd9c8019fc782882ea6e72f4df5fc6e8105e79d12fc588c9137c758995666f480dcf
+TAG: 24b828c3e60182873556d7aa85480180d7cc42ba81732058a109b5ecf21f66f1ab580d18f70604ff31dab5a1bbee007d213d2fc7070e3377aed31399291cfad53a334bad7c1c61ddac5015d19cca020dec137fb76472b1a595e0fd5dbdd127b3267521aee32fd12c1f54493d23c27671750776f8937032b9164ed78bee6b8234972634fc7cb32cc0b7f6fdae850110d1979e380b4578b8747de6f3d89bb66d546949ac94e49b0a460c192f98373e2359fdea2cf2a6ad4d09199cc145fc537459d73f48d265a1cdd458f306e3596b2088f233630ee0a37a5c2c21a76bcd47871a7954cd9bf911ab942ff7221623cc7539344e23dba7b0aea370a7d2e2383a4ec9db06a8123016d73b4323d19a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (37 mod 64).
+# DIGEST: 3dcddb1e4f49633e7b7bd36f4056d16c53be7f5e
+KEY: 7deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0c
+AD: dd46be99371eb8da7dac99
+CT: 34f8a83c831f374e77c5601317b658e47091d811285791eac2fc59fb06658c115dc875c80b1089a62fc7d072534617dc81dc3adffbbba4b9db2e7272eb0b8aea73eb9de6480c43190e239fc300377f186e4659b1f239906614865f10444ee64ae77ccf8e3f
+TAG: 4c975e14b038359ddc06d23ea5a5119eeef3708347d7de47875cc88138b79d5c644507363c0a951623f3c26f8dffd51a2a282641d96ff107fc69684add9e93c56a7d29c8e097dbeac0a56d7afc522b7f5c921cff17c6ae4c7bd456bdbf95c052b18751e1c3ad9a26517c29071361aadf06740e43afb13762b4bc2a80aeb5e042259a36cf03a208b8f6162515fdd3623343b127655de069d5eb8c7b6c00fabec02186cd39bac62768303dbfed24cb20105c7d8b2a6b2c34d5f4472c6f372a841672c1f7b405d70d05c632f7a53997e3e4e0aedbb05813a8712dfcd3c8df4fcd83971cdb81538d2516a3a4a9372dbca6bdee43a2ed77309076fdb367fec85e5db2f01e59d3cc188b67f5edcf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (38 mod 64).
+# DIGEST: 25b982a242f669c013cab1c18da425330090e3cd
+KEY: eafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd
+AD: 46be99371eb8da7dac997d
+CT: 2ec0aab31fbb036bd2af5ce39025ee2d5591fd525a199f2233384f52a8746f4fb547843c92d1e4c9fa92bc268174d4a59134142f14e8e1e277f1f1844c64f76dcd20f3b73dfec8e9fc59a639616fe4075a4732dcd3e1de806086239d2e09deca0ffc081f2ef2
+TAG: 3049393a7f477630782378966f7ed4d33451da6b00ba751aee542cfe5aba67748a46953b578d0fad0e37b5627b4295a4f44b0c28d16e300888c0c8db965c14c23310279cdc9834d2ff9ec85932b7e341393fa3b6661bb8d3ab0cff6c6b646d927626b8710d3243ad7a971efbe3f6ede39d8b9f77585e4565a8b07917a712d85b846469807e94f3073097a69c30dfc5f92fd88cc36d3a5f670155aa98ebc80112db1fd1db0685261c1e7711d9c82a73dece8629a4025d7837852749fb8ee1489bacfb0bd8fada1389fc31ece84558d5732c9b559db32d8a498aafdc0aad020240e00f3fe22c2932924305fc1b3d648c53b9fcad835189b41a150ccf234988f26eda2655054c395924fe50
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (39 mod 64).
+# DIGEST: 9d7958e23777ff2472f5a24dea5fc19c151dd921
+KEY: fd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46
+AD: be99371eb8da7dac997dea
+CT: 90712d5e3edeed5000c62ce80212d41773a393792a3a8fc62a1cfbff38b3555aadd88f0e36f93c8a12897d7779972b3e42978cdf85da7a3ba2e4b261f0a0cf4e1edaf259849e87133a9c057e5d3e693a2a181eff1f5d6f84e0679c625ad9a0f72c47d607ffa453
+TAG: 90b31128a2f6673d25ec56c9431584416b2e8c62fdadf580db2d5dd2ef8fcff5da4edfc09685b16db527abf1258b82c13761e41e41646479c833c8606b438a53fbc3718bb5e2ab3d9e25ee8862ff2d088aa5b37877ce5bcedf184713b2d5acb8408bf2f50b3041a0e582230a1f4034b6eee294808ca78e605b0461c1fa383b8194a30b3e66ed58c1b30331a97b3b87e12d2239f8f34e632caee944450e99165b9a317029c9f658c7182cfaadbb6f52da0f8c4f3fd73959c58559404ff80ea3af53c4430ebf2e41197ddde0e3d380668b4e72f72022e3b1ead76284506cfb3a20b9bf6e8425eeb89fc5582f4f1c6736e1185452e87133cb1e8ec045d2e40315fcdceb02da252a5cbd3a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (40 mod 64).
+# DIGEST: 09e9eab51bcb9faaa3bc3e473ff66b06e39653fa
+KEY: 64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be
+AD: 99371eb8da7dac997deafd
+CT: ea1b542c224788ae66ded1b3ed9f9e35708252a1cd1d4725b0a187b669c51d282776471be5a07f256faa9ff16fa4248c629a4bcd31a9dfb7f260d9b1cb62dbae424624fd816bd81f781b93ca9dab437b5e0cb64a37874b0117cf7b96adba2cb7d75b834adf572d99
+TAG: 1e6a782f455ebe54ce2dbac88683437494c4433ddef95e45bae93bfbf4b1d5d0d2a459e9db88be408428c47c256f73d42778e42b936dad9ed773a02d0e7298c22b60280cf1b7191eb7c8fa307076f5129720bad5961206dea4ea1a05645827b30ff3bfb6066db13a2f9f1bde975c80ea902e9e51e64086ea4641150c531df51b328de057d850502fdbf50b4a1295d170c0dada86a0209d2026501f111247b75826953366ecfee0e4c3479040cf27370de1711a73d0ccde18e218b9f6f6aa20e0a8cb0fa4aa75ee585e96a0a0968423c86b35c899b5409e577e093c36d18149199b59caf99f19d1163c31a0d3da31b8c5cd372372e2bacdb2b03ed28605e346cf794872e096ae048b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (41 mod 64).
+# DIGEST: 7b17b7cb19107af8fc4671420e461060e2ef3e61
+KEY: b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99
+AD: 371eb8da7dac997deafd64
+CT: b1025c9eb02f72e5526ef641778aebe786c2f85961997f1eaa090a33caae3a9df34da7088352a2df7a61eaaa026dadbcd604f5baa3a0de4fcbb3812816408d61384984141d9c78f47e725e99cea9d52f73cdd5e2c3961b035589db1d2283476006a1e10a992d499762
+TAG: 3f441554acad8b8f9565a0a69a17d231684a6293aa032e140eb41ea302b45d0e2e36e62ca23e981f98721a97ec02ea946282e23fd4838dd07b9a8cfbc069d913226cf543235541dc1a8881394e9cc0999c63b543e5ab74c35436637578148ff48bca333734d768b15a6e9535a69705248f28961e50facf4e8bc0825b7d2152cb2b85ac2e767b6650376a677f4c7e76521c790d59d9588e54deb9cda034551544ba80cf9d11a9f589b7e8980e6ab95ab77848e2bba36ed85afd9774f32bc9ab9173db20fb97a53d23091add97f16d8ced6bac6399aa089718d8bcc94c13b6e0d08e805b7fa252e787958d4780d24d812e0ea0df1652c04ac325355be7b21aaa97c2749f274a31c6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (42 mod 64).
+# DIGEST: 48586ad2eac603c136911b28e2c69f101a8ef371
+KEY: fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d617
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be9937
+AD: 1eb8da7dac997deafd64b1
+CT: 10623f3b3c8888a31cbf51eae0989eb3caad5f5b786c13b41c04e0b6cb2641f850df4ebea610a4d521557c8f987ded40e9702503fc4ae62d1830a0f04d168888062f5b147e858a134a4022bf2790d81a89133aee08a34a704f152cc3cc763c21207d2231109e0b71a801
+TAG: dab4bcc473354bdea1e31b926a19fb97ce2c8b47e76082bcc93a1db2707b67e4f72b18cfb728232ca334bfe9a4a55c347777a25b1a13ada600adfdc4fd57275414b3bfdc9613f300b4b29fefa8820b5c8989bc79db1bcafb69b0d89f7624a510d3a1597f953564a29367aefdaf36d238b957460f50b71adb5f85e9275aa511b7118d2310f5e3cc2bf0c21b0be6e6adcbbb24064a760b74679de7fc146a00014f36d39f59df902925710de6397bf32f5d108902159755feea57fb58a7bcce680babfb90e05a8d15c1b42a3b7d779af99e3cab04eb59e5ef45128195ca17bdc25dcaefee874e919bc8edbc8e28e3997aa396768ccfcd25e59dfe27e46de35dd101c38f7e48bd8d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (43 mod 64).
+# DIGEST: c37456cfc543ba6e5848b9b8f4ac5a58a104b521
+KEY: 65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+AD: b8da7dac997deafd64b1fc
+CT: 60d4a0ba2caff08ac046349b511017a7c5f5537eff0bda94bf838d50c14d59426424e4a8f531103773aa0eb9d242a9e6f2ba5002ef04aef8144c8a88f05788fa5fa1ab1cb5cad84da0d31b280ff8a55c2e8f32f39549736bb055169ad5ae93c02561006a3f13e65094f7d4
+TAG: 140431d7b2bcf5139b7c9436fdfb3b44834ca810fb478eb0aaf7b0e2c68ce434f05c1f825b245d9fb4af48056925a50315b9f1b7d340e5f797dde4f460ad3c526853049976c0f680b691b28fb79d61cc9f7d8a4b28ddab1f610ac6cc44b91d64275ff1d26aa2b5ef314b1f280181cf72cd8b8fbc939a8751538d85f7fe03617a9cabd79dea5e64832d0b4aeb4893ac35c0d9f1475d928e3ed40292687926ccf5f9f76f78e00f217c013a12e38686423dcee930366e79950955c07399183d775c7030a50addaa42c7aabe5d8ebb95611f3c2f68be067e179e3de60d45b828d54bd6be07948508ff8a9b68abd944da07a484a8b9bfd4be1a22ff006e578b0c43c2bb1359d012
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (44 mod 64).
+# DIGEST: fc113d192686652653a15887974eb1f9b8e32248
+KEY: de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e78
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8
+AD: da7dac997deafd64b1fc65
+CT: e59fdb3d1413cd6a1098b5daf1662c698076996e2581e11a286e5acd6f29d41ff9d04da8308ce7f5defc52be0b4d1ee96d8e5f4eddbdd5fa9894e7d1b0a1bed483b7e7549e1c10cf5b8ebd1e7f1177972ff061cdecdad8d97bb0308b19bbc2c84d32a41f4c2b7e58721349e9
+TAG: 6cfe1e101e9b8fd2b209a30c0c1127e1bc8a51b8826c64258b573711f4af7c7e4ede036de4a94d70e17695481424907475180c7899a982d7eb94536a30a57be43d5c6b5e9c34972e61b9356a9338af6e8dbf27c920edc9bd02ed5535018d3b3e3df45664f4c0bc01f1876f36338e85b4a127181b42f7cdfa7a4da5a6c249f1bcee2959e25d0fe17717b0181c026ca814cf21d6af3b548435df052ffa0a0e8f74b8c3f7bb37a6b5bcd2b3f2c0e4b24daad586f7b59996072f82c123aa0ae66d3f6bd9980e8ea0312ab9fe0052e1fb3911e35d880f1df50612799033c384f4899f69714efe5df2727528f7b3af6d69e525a04375391643febed777fe3fa3807a73aae666c137dff28eb3b2ccc1d07bc665094d33c4
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (45 mod 64).
+# DIGEST: bb6e5b5be84ee383caac0378cb6f541726ecf61f
+KEY: 39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780a
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da
+AD: 7dac997deafd64b1fc65de
+CT: 9764272fe16e12bb42a8f2a6620e44d4f202c21d51692e2948e2f4e4a18acf58a12d399310f15e78bac1f5f2a48416e5f4262ab9a8480d9f1429e5e9d15d81df0719f8db8d7ac08da696048e8a048255071ba8926be1dfbbcf53e7430862f64c891edaf772a830fd525aa8796c
+TAG: 2cdb47ae25d087c752c007dc8b83cc050b53376aa92e9bc2c46d05ac7137dce0f70ac601b76fe40efd84be464015b5397031ec3e394f880713ad10727d270730e469ca30ea5897a84fd204bb14a920c4c1bba0d27fb154cd1f8277fa6aab1f4c743b52b51d09657b80398aac269f57196fdfb219d745f53a72ca08cfaebd736e7d016806d68e5deba428b484d958335bf03c0ab713b9a54b9a5bb4f3b82b76c45d04b5b6141aeb7271d0a71ebf90ba74b27dff1ece371f6353b8ce8615475a1b82c3276569b99de52b7ae5f27cb1cf9ceca291c1922382ad5260ebbb32cf995772eab6d6213d2e4c438909f691a81825c2adad290839c08566e5cfb3c13de4ebb016529de5549a9ac57d2e76086db82a3ad881
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (46 mod 64).
+# DIGEST: a27799fc2e00e7abec4c5939451a834c4606cf7a
+KEY: f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7d
+AD: ac997deafd64b1fc65de39
+CT: 9b6a8359acfc5d15067e2e6d812727d768f44b3edf4272f57fb54db41d95153fb03d7a7b3371e91c4be80326f4d70a8f2ac1e867ad3772901c513895e694214d6c0fa1f431aeb016ccc93faacb4950082f0cf00d3a5879c9a4f3fdb281e911b40d6d0a84b05f4ce32f85b1657d75
+TAG: a3c72b69369cbf0d435790c97438a38109f36b147943b0629b1c2e4926e831d27155f5617f1f884af2799774b69bf0e092d29158fa51495e132b206cf51156c2116b23848ea51d684808d5a291b68f57250626d2190a7c0779512bca6ed44e619d0f7f8bc28e1c9b729514e12e7cc08e8e8d72bd1ae30229e56fa7e3246dab29e75bfc866a2b83c48036ea0296dfad04357ed990aecf6b28a0a3fe7eaed48f5fa59202f109ad0cfe6aa5cbedfcd62eeeb15df7be0645e161ee6f7f9dd811c98158de6534739268757a1813e1aa6c331586867acc75ae410c371a81cab835fcd928519d9468ed61fb5d7c191807e613d40fe174c8b33a400baea2e96d9d7f1734dd11092481e71d0b0c0c86419d5c50cf6e18
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (47 mod 64).
+# DIGEST: f30eaff92a640a397f98e6803623e8d1f0c1fea6
+KEY: f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b7
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+AD: 997deafd64b1fc65de39f4
+CT: 5818d2a656fce95d7a24bcb216f4d6b91d45d58d6ca2df5c9d6412d917951a9f61ff07fcb6b078fad69862aace436194f86f309373452e813c461fdb36a95f575fdf0f784ffa0914f0c0ee0c57ed1e604ca7a7a4b3d20c272b3b7f2e65b18c1abdf8c88e1e7e7dbbe9569eddfb226a
+TAG: f6bfe8a461cc83a7bc7c5a39b6c521ed3e0ff050a6b01999b2710e0997e1a36a72c11363307aab1e4d921e9364ce826419d15b3a14e251e82bca615281c19bd243a294365492b11567341f13f14764e2b30ebc8ac4d313047694a884598daae76a45797f583a8279529e9352c8c13a06510ece3057c0936de84e6c292e3266424eb9aa4b7e5891fe7180f0a31580a700a4e24d7f1e53e1b69bf36a7c0db63473566920565cb9a22a47aad6afc8910a6b6019a67a092ae814c0260f2fada1a6dc44c5447217b6831457f66d7a2ecdc9187986edbdc1c68e573da33daee7fa2ef3adf4b6179b9a02d31c36e4505d5829ef30058ce5d09ae42fadfe4f66e894c36d7db467ec5ef508e26cf0724b261235579c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (48 mod 64).
+# DIGEST: 7227537c0113a9f46f7d332a0b37ee5303483d00
+KEY: 3541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+AD: 7deafd64b1fc65de39f4f0
+CT: ad0dff8adc54b5f02f428915bfa9f7277e4743e72e1789dcf552b91cda03bf52c757a9cca0655550c944fd264d287bc97d15dab3b986ed34637f45ffc1eb71b764cf5d5c1444033975829f1e59cb65ce40d787adc630e1f3155b2dc32733a75452efc755b6acd2160fddb9a26e0c4587
+TAG: bb5273d6920ea95b43efeffc99da0dd48a556e357726fe34dad94f0257276f3ac759c16d9b34dd86f09a37bf48227d67765efb83d001eb8dd87636ec32860226db118427a7c7367d53cf085ff86d05a8f35f893a044e99ae5ef14fe490eb03aaf0b97581184956211bd19ad09c9aa9a064e305abff0c654006b8db861c7956ad6cbf46aeac4e5f5d54539a9dede2ac61d8f133c1a9fd2b8e23ef5d2d3068b42baff87faccfd8499cafa30bce2f30e2c1fb203acf1378d0c776f9476ca83e4973ffdd66f2fa86105ed83701fdce6ad64a824d2317f51443c9dd3c520327c7f3bd99413d832bb1b6b70655d31c90b7bb23a1957a146f6e0dd1a272a04e833e0b1c84ba2b09b0c1963ac17350292646566f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (49 mod 64).
+# DIGEST: d76570385cb65d30c3d636ff25c5efeb8d1ea08e
+KEY: 41a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b70043
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+AD: eafd64b1fc65de39f4f035
+CT: 8a1448acbd769e42bfdf00ddd801153db3202daf5ba7997890f5f42a183d3a66faf66d899c7099fa99bbcf5b62b6adcb6ee87fafdd0275a8f625f3f959b0ea9acca88070aa9c61141787435cd60f63e262a80b6aaf931ba554ade7e0fb46b03a318347f1ca84e9fa1786d721b6c222b1b3
+TAG: 7bb49e9f481b45b543195956ddfe975cb63203f4b68b50a05c855d128d311c339676c1b6b38ae280d0731f613f9ae4cfd1945e302451f26eeb379a1b610773750e3e841d50e16da759a603897de6e84aa6733252cb0b6f6539e1a5258751ee7c0a45aa9296c32322d6a465a42e4017f44814fc58402cf561deaffa43d61396d53077cf089cfcd42b182694d286a97f99b65e5c43ecf69898c036381c6dd9657f2cc08144b28e9ad9a00ff10fb0ad3b26e92d8d65cd6879b11ae50f592407188e46a3342308ff9316c898b09648f71513e09367aa2ad5d93f87e4b2430ccc8fba9825c0407135fbf65a0db46d491059f71a989629dbfb1adb10e98d02935fa846628e8b0f8dd01991761945c5e84f9b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (50 mod 64).
+# DIGEST: 170369666d1f2337b29b5f14af68d47910388e7b
+KEY: a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+AD: fd64b1fc65de39f4f03541
+CT: 0fca069ff1b260179dd5ff1124e557e97a4cc41e069d124cded05275d37913efa220e1ed4768bd04d8e65797040856b686cfcd5b772278bcf5fa64cd8183ba8b7724359804d609b31fc31514a4ed43d84de929d99e63f12306bb497e8ee77648be578ee74f1cb2a09ab32b3ecb913c7b36ae
+TAG: 19b492f83b9458b356020d7c6343b6967f1ab0328801042379e7d8e98dc3f3cf646a96d7842c83bbd210dd8dbc38cfe5fda9d879285aeabe19dec677fcd389651cd284ac650287f13a461ec23f7dc1cb5511dc529e99a078c2c80ebaf0fdc6704bdc35a2c89c728a061095448e6dbee102f4793932a580a826382a244a9f11c665015675322d514be8b1453ed6be846613312a1bf9e4f2c126d2b15dd8e6ae759f5151528361d10d657543767b05e8c1b79df65aac381738e2f43f95cdc77383f22e36e3b26d0c65f695c75f7ab422864e63c230df313fd8e41b265b5a704b7e5f7c96306bffc1a95cd09584519e2726edf93a9d2871b9fddfd7983c81812653152c3775df228a542f06f359bf26
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (51 mod 64).
+# DIGEST: 7c52593d1d37b0dc380297231c6cb7b64e04c493
+KEY: 1be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a95
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+AD: 64b1fc65de39f4f03541a1
+CT: 8cacbae377d038fe27b37fdb253f3b136aa38660743dc6b4778ab16940a9710c8f08970164316e26c3b603140f2f43f62a88d021426b841baec29fb11a3d8735d0b8c14d133a825e1044be5523932ebd65b34433c083c2d77af313a240b1eeb52391728dcd04852fdcbf9b6f89502dddc317c4
+TAG: 85c893ad99aff613e6f95cf9c6e9045cc22fc8fe421716bb135269202ac57803e67682d09f88ae5970fb4f52e97a28efcdfe0a359df79a0576179a04830becb0551d93d862842c4b5f33c23fc0988f96d6deb37288f96507e432190853aca788d55114946833b6c7c7c10c34a5d5852d6fdb287b9dd97fa6b7991efef4ce66b0dd9f0ed6d112713c314aee9c172675d86c8f52097362f3ed4356ef4309da510a6708f32f24549dd80c9ef72018d7fd90134fa2d1ac1b9858ceb9b382b263cd3dbf697aa40f875eb502d4f128845bdaa9a8b4fd07a31b687bf4a1a1bb4843e205a9ab2b33a3ace650f96935b5f6de6d7577deb9ab68c4295cee108b2f4aed1f2d2fd167085d2173e2e854559222
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (52 mod 64).
+# DIGEST: 09a1659100052d13bebb4defd7f54f975a58ae2b
+KEY: e112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+AD: b1fc65de39f4f03541a11b
+CT: 06b44584c9ddd267bf03aa311730fd0c4d3461678d94b4a794eb3e90b9cf3113ecf0ce0da8789d59bec50a1fd1e08ceea4cf9e00b2e0423706c126af7a3031df6cd82a7bcef877b413662e731b5a74ebf68f781eeeb79cf760cebda2c5070dfb992007716993b0213e822829e23f448a7a5ed880
+TAG: fd65c8c7f6b7795ab5792332f6329c1d606b305f3de89d9e154ff7232947d8581b6666faa823b9ff8bbab2cea14c2526b0fceb5ebaabb79ab4cea0bce96e9d1a3f556d7d2d83b4ce2c1ebdaeceedac3fae6fb8f9869f7c136d47a1ac93c7b5b5ef01f8e56602d808a39b40f069403eab03498959b53b8ac0bfb72f0c5b5063c063183b43d60a616325439b0491e2f3be59f9948c939f533c3fc0923028babbaaee977cbb05fc44f8cf8ea37016141d464716a875ce4ad096e247ee9081a1ae3448183f5412d84a6223daf432dedd679bc3f167ca5dade21fb2cd9057189049e730df47b409a07a8b2c727e2ce04da8e3f02ebc6c2bd528b7726ab803c5fc5dd602496f78b28474ac87911bd4
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (53 mod 64).
+# DIGEST: 230c3353ccbd95e4f0acbbb0073053a0186f833d
+KEY: 12a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a74
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+AD: fc65de39f4f03541a11be1
+CT: 85da88e13f3ca14fc4440ffca7bc837818daf1dc52a4c505583edd070c7cbcdb4642d8ee1ca687037b08e1737a2f49039621823222f9f02deef2c340289af5184a86af8429747ef2f7d98d6aec2af060fc8e6895c2182bd1c479fc6a2e7ecc0390995bafad5b3356e2a795131b0aa7d4ded344e50b
+TAG: f1a1b3f3fcb4cb89587bea4284449bcdb16785c277835bff9083a65ae77ff7543492a1d2710a79b720060ee37954c9719f8dc0f6fb4a75a27bc2a761017ebdc0c81f9e8ea5809a816ee67e731871c476f1ccd6b690b054984a4e74c060fbcdf5dbae743ebe2f72fd865dc1eb96e4e62fca3561a245be1749ace472b312cb1b28a0b2c2d38d089eab44f51ceb88af097627638a3556005952e28212d5c9bbe85c86f89879e55358ed06f28402f40285b97a8046b5479202f28218c71f98a4020ca5d53e16e91ff8387b16cfe6bc4e81c96c44e7691c10ebb0d37686e608773cbda993b816ee3b15c4ccca2a22468b186f8d29d853b945bd27ca0fe3e9ec55bdb9bb4e5477e6f89914e3084c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (54 mod 64).
+# DIGEST: 701e141608e71005d32dd1e29cd068aea736c9dd
+KEY: a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+AD: 65de39f4f03541a11be112
+CT: 10ee64784345c076e3f9aaeacc87cd51d6ee0b0facc9f40b4e6a1b4bec669ac3c5252c948b0c0a4d8e798248e6b10ee247e51c81793c2be91aa8c9666e0d8774439ea159e4745014bdd2e9f379ba461a7e638cab9ba2aba1498397044edd3f271e2b4dbb5990c383167c9191ceeaa8239aa6391c4b27
+TAG: ac2d199535c4d2eba150702b88740058f1e834f89031c3851571dd9122291dc3e35b764eddc5856850c8c59b3caa211feb1ac256b749127bbf4ef56ffab65e3d9eaf438b778e5342a67ee4d876fd3e53aa29a532fab39d0c57e24593374e2adfb22cdf0def5d9cbc8701c9d6a2cf23d835cf75236069ab2874b7264e0e0ea9dd785b463ed8a6cc3cefc3a4c076e5f0d047c7d60be677b7716bd123bbf3daddc0cd5eed4d5c4f0f6d1c19c66e0b5bee5d58d295c2fbe6a164d464b173cda057094b983b2ff974783084a6cc4ebd9644f3b4426a3c157352b70ee37a2f1ddcb85936b0c38be4eadb33bb9cda7108c192597421bce5e36cc2bce7b65868f28adde738fd3bfbeb15608b4dca
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (55 mod 64).
+# DIGEST: 9aaf96b472ea76fd9ff4adf56dab5fe0400d18d6
+KEY: 2933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+AD: de39f4f03541a11be112a7
+CT: b90220b919dd02b216aa2eb7863372a645b09df88645dcaf138fb73d8896e39aac5a1c2f0535385e15cb850a6febd5d6ea9f3fb573944cdd5b30cb80aff6b73a173ffd7c85673248fab94e3b9544930cff59f52515dcc8ba39b6f51dfd0487bcc9d28773e91c718afe8399d652acb97552b1909335dad8
+TAG: 4db032df3ebf850528a308017477a21da23178403432b4714c1da01a253a635cd2caa77467597e9b8c589ef3e9c6f5b991329b97bcd1bf1332e03638fe1b157763bc41e4f6e78c05a5ec5f83306e3b5e8bd96c9a04aa83291ca90355a3b96a8688cb93ed9bba3b8688834538d1e8bb95a0cf431eb7b849d87199657a402a0e1e5ef79da8c1895cd454c440c57cd424977f6bf9e2fa133d916c8772e447e066ec2cbe3d0de2a7e19f06c74ad5794e5eaf9119fdb70665c07ab81e7d72371d23a4c96290d2da60bc7819af4d60ff4ba832daf3369c6198c45f0ca4c974dd9b4a81c0249706a25b23fcc0fa13271d0f00c6672a06898b2b833ba3b8cbd519e53939f0da6c09f288bff969
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (56 mod 64).
+# DIGEST: ac6871d354eac507556770d8b6bf10b5240273ed
+KEY: 33c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb8
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+AD: 39f4f03541a11be112a729
+CT: 9807d89925c67a45c8ba18cfdb817f5bbc21e58c10f7dc8c15b70acd97e8b97e0393d5948d51a65f6f092590b38c845164e6d2b49288bd0f73c4f4b551b362470638f51422dcfdaaff5e8aaf80ff715f3f597fb9385ca18355b8e98d1de17a303d019f7d4b9a3acd07d257c049fc16134c53e1350cfb8c28
+TAG: 7cd3491b8e157876b8091d2742f673196a25077410036ed62855b5440eabb10a01362a8e7c06658ab767be26c43a6eea3e354ec867de2b7b6ce96a4a951696051fe1a76a694d330eb56c1752bb2f866dbf6c1e85b3361316631c7a4a277023fe1d793ec4e4416c8db3b7e8a157e33438eba857e2b54db84e06006f83d93284714dc76cdf33da3d5adee64de2ee9feb689b9d64ecb857588c60c6e8b2eaa3999dd2f1cc2a6727cc5a50fc3902124055705eb726f0e57830732c85bd598519ace6cc86105cd36cdc7ad7f6868babe314b69d33021cf9931720aaf765d5f61e41155c7572ba298d52f3d61b28e3b5080c124821e1a97d1ec78eb5decd34a69d054fecb1209d86ee7779
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (57 mod 64).
+# DIGEST: 050258d6ad6bec54f8bc48c7ba2d669d6416c11e
+KEY: c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+AD: f4f03541a11be112a72933
+CT: 8d69a3691570f0d175aad5fb77a0e9abd3f882b10355a08f0160c113096acfecdbc4ac32f037d16c2c4dda4bd3325c8690bade6bf39b14435cc11ff575a3d7e9f7b09b5b40f9645d9a5dfb44f42304d82298cdd866e957d4ab64374ffb86879a9339ea892986ac706bd2310927aa2bf27dce3bd6012591cfce
+TAG: d754d4d2dcae21dc4a69c8e56ba3925f9f3ccc53278cc621a0ec4d4ea7b099a289eff5599f8bb1555aa9fddae50f04b5567ca7ae4498e1716f4243932934e2cec1434d4780184f0af1d0d194cf848671e5b0d6982a07b5679826f124c8f69f26cfa37a0105cdf15585697c75504bf8c9c04d583db189cf2dc2dd345aa926d440997a8d76f6ed12a19f2d95a2727fc4c0f8786ac3c50896a6cad6d948712e4d72a44cfb2fc9dc753dbed91f4fe412db6fa5e6b548eb1abed87e3b4e5d808ab4ce11f265efbd4af8e0516bc412fb9ecc3d69ee68bff6b12f3987a585670439ced09a038c526bf226299b0628f6db003a21eb5d943ef84e90f133dbb4c8468f555721c76da689e8d6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (58 mod 64).
+# DIGEST: 70060f86c76e53512933c09deb5872eb23efad67
+KEY: b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f2b
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+AD: f03541a11be112a72933c7
+CT: 26d675c591f287b26eb35f87231624e454c4aca1f25491b74a252e971c48ca523b353b4f6c0106c1b3b40182eddbaf7ba47263790c3b22d23b09458d48868bb18b2fb01bdfa965f7c1b211fe02f9b78959b71e872ee05ff3baf548a85797270fd43c9db1f9f97d3b60c62c06bccca0ece2b7249f3c0dc6b04aa7
+TAG: 864b50299da796a664edb8e1d0bd0120ad31405c47919c288884dfba933326b03eb399c634fa77d611e613e958369aa3d9a563f421cce3ea87d5bf2e179c20e5218378cca347fc18b87248a66810ea08806f571f1e86bfde99d089b06c3156cb6f2427503cf03e39bf3a60b1d9542a3789b657956ad925754ca4a369b05d269d481d4cacd35ede8684623ec9fde9ee860ab12975bb1386470e1221d2b2d1091c7a41754b8440740b4878fb19c65ffeb2a120d84661179e07672953243a09085f0d21265a5476c8574bc49e30ba364fd9d7f2035ba1222ef9c6bab7d1e68211c1a9425a13473f692b700c242fb56fe77fded75312bfdbb7fd44a88ab37d85d640e883ed1936ef
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (59 mod 64).
+# DIGEST: 58286fe273bf572a76a2725933dd969777c303c1
+KEY: 4ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f2b02
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+AD: 3541a11be112a72933c7b5
+CT: 9c61bfbbd3e8395be166b30a56b3e192748ba3bbbdc334dc3720206ac10c90dd777aa4957695bddaea0b7e554951c94f2f74a2bb7547ac20a7e357fe249614204401144fef61394c140553d5566c18ded15e0fa50fd5836cb725d277fa46210eb588a96d7baec9e2c947fee1b85cbe6556cf23655132ea72dfe4a2
+TAG: e66769c0cd9a2448afe99faea0b64137f4a902158d6b11a58f4bff98df8545e0ea23a7f7127b6dd76e3a3ed43490b44bbcd6a7321e5edb819e6b2e163318ead19f5a306c7b0b137f3b9aca44c4ea070ffa5712102b3f1dcec5c660b494e8f3d809b3722fee1e7dd29cf771613b68e45733a9e66ebda992930d32829d31e61f2217e41620ea4e621840f0fa7f7b8762e0ca509f0eeeded7fd55727462b045e4adff507f3dc4389d9397f0429bd17c2408ed60e0d94efad4936fb55c359052a6a88c056e7ec1e4085f4a48b125bf9340e57be98b5cfddc3f9d07cd036b0b78aa205fdbdc8e9c511ce32b6e4c9dcfe5722fa13f9d8b59821c61ca6f8ef75eb367f4a37453642c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (60 mod 64).
+# DIGEST: ae701e5c8672dfaf728bf0f43f5e5247ea9ac13a
+KEY: d4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f2b021b
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+AD: 41a11be112a72933c7b54e
+CT: 174bb28ef8ee033bf0f39cf6a5d3c2157ec773078860232827fdb1c875e9622e198a00a50fcc03b2cbf1e4a747efcdecda8b612ec3ebac650a7401b4b204185e4b42306d544e3f6512b87bf36b5f55ec0bb4da01c36aad92a16865cb852e1a5d1a86d3d57e6336d4376e8988f00162de8b238cfe36916d5545fa9460
+TAG: 726c9d0511e81f69edf9bbd0397f4c3c49365418afadcca36de0aef99afbacad6dcf042fa62d405c9672e5409a7d28baefb467b7c153a3ed97bfd2b8be9b96e42b33703951bcbf04dec12d9bee63f5f30d2e57ecdcb3818479a163bd2a1caff3a327a911bcbb50bf213b77cdff340c858472223a71d4f15e029fbb800b81ff375d84d4c30ceda7a2c42267e1cf43dfd565c8a4a842556d577633857204af99ca35ca3c28bb02a7dd9ab224ae58938461af1e2bf64492fa2a18b4224ac3ef671c7abd9b6e266a0469cf3b0283b3ad6934240994f1b2d43b35d77e0055e0377c43922527d93426be34191dfd4b0a4296a078d128ea416be209b15c557f5da675c705ef8d1a30ebe78535434d2ff8bd29346abb9bfa
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (61 mod 64).
+# DIGEST: 4f498d0aa9205160827626ef80c163275eca1f78
+KEY: fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f2b021b14
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+AD: a11be112a72933c7b54ed4
+CT: 9b01cfa97c72b5ae8befd0d357283a52f6b8c5d9292d28f61373334280f815d6b69f878936738cebaf6fc84d20baf51868eb4d2ae08d64e724beea1887a76316acc955a00b5d1230fb120bf7d51f74fdc5f332521c59406bbd3161987c6ec49ad946a6a51755796de19830631daf69c78a847d2e515d409a7b77ffe75e
+TAG: e785184106419b8c7f38061f49cfe3a265e9d4557b9b2d91ecb8f21ef3f52e387643b8ac35aae45594e70e4ad4457b852834718a1456136c5690aa164a152b0cacf020e33bfb33e2f1b79dd23d2fba5adcf22d4288308bc1d055be378eb77b67dad654658906aa3cebca8eadce6127ffe972803bed110a5e301bca0f2c06dfcb7af44275628831bff33807048996115d496f4f13b479f4fc1e8f2ff0991ad73293e789cd909fc0471a484ca11be8383fbb4d9590570c275354cc89a872306f4d285561dbc068c98d2989dc4453b97cea004a73fe238924c321d3a77063c1f20890324ae59860bdd3f7a70a7c21f1c51a790f37305719527a20b879e56b65d38799b899cd9fdd7edafbf456618452eb4fa37cfb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (62 mod 64).
+# DIGEST: 8c043825b2a3764e8a0cc35a011696fb3ed03c2b
+KEY: d0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f2b021b1444
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+AD: 1be112a72933c7b54ed4fa
+CT: 0b0133ac614de667eafb516e1fb33b016a8b49e558f335eed239d50ddd13a4152f1570269615a243502fe1c6db0667a2de7975120ef65186f5af83821598ff45494e943acae24a6095ad46a498971f7b185d7784d451b1260ea478c03babf0e582a8a777cec20905821267eb85aec1a20c0e3b94d78d425a12f2efc4d60c
+TAG: 1d832d65c91d458bf343260419ad0ab95c1ffc09b137d1ad1805cdd648c8ecdaeeaa0ea27075d4e6753538d831577642c92317aeb5525724023beb923c2626bd9536757ab73d1739ed0a850afbaa5914fe94ed606e245274d4d3071201a3d73ea1fbbfb4032e8404c12dd02e0b6cdc38324f4684049e2707f249c9dce0e6df9386b787154ecc3974d041cd6bc5e6d031851247703347bf8324f077ce63ce0393fcbafb4396bbfc9260628f4f82244b77b8ea0ff14e26c2058e0d8b662fcb9d9ef747cacc42ece4777114cd2062e20b8c6d198fd5628b198511274f54964c40f1052d41f68b5d90256e894da5e5ff3dee493f5eb2a7d2a9a88e32b774afe2e0e643d606185c34796b40716a46fb8ba911552a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (63 mod 64).
+# DIGEST: f3a432271c9be858725fd024071c4f479ca9a971
+KEY: be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f2b021b144476
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+AD: e112a72933c7b54ed4fad0
+CT: 8d5b92c78a48ca6049da6a036735ca23b99f9c3cfb97122312e5bf0279d094cfca0b976e24f6b65d81f85eff669da35486809cbfdfd1fd615a5347947156148e6b71a11f7bec611e7c29e19f6f62f94bd7f8b89e54b6945dcc1a7e380e51456a31f1d511bb92443deab5987c3bba266329b3f27e24d155ce685f67c34dd18f
+TAG: 295c8072940df20a1ce3a27f32622fd6cdec5f5aaebee91e6654ce96f013cefc348f1425a6fbd6f42cb4e1e866c0fa602afdb503eda59801d8a791fa7de63d22c080369c6a3389034ff92ffd347ebfccb0dc9cc972f6654eb102f5b12baf864b3514f22d55f28df8d51955a1d338b4e5ee9145a4a85ec87655ce41255a6e91435a1d9e4af613d35bc6b4554c2594baca964d2a58c75deccd36d3efb50986f844ca6cf79dae24edbe75ca6008457ec23e69db9e19c6c039feceda6e1672bdcccf0a8c864e957b7efb1b468b4976a97600e3d03ba9341876e6439117d2ec364d479e0743ea9ddfce7effc0a64b73fa55fb1f57c18ea97dbd03b6391963734dfc459d4efe2e0f609bd51ee0a09faa81065ec8
 TAG_LEN: 20
 NO_SEAL: 01

@@ -42,14 +42,707 @@ TAG_LEN: 20
 NO_SEAL: 01
 FAILS: 01

-# Test with maximal padding.
-# DIGEST: c6105cc86e18eb8376c16ea37693db5c07b77137
-KEY: 8503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
-NONCE: b8da7dac997deafd64b1fc65de39f4f0
-IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c748
-AD: 1df3f4183aa23fd8d7efd8
-CT: c90e0c2567341ea7e9d968dbde46ecb46ad78dc8be7d47672068de66d6e7eae14b500b94927f24ff6a4f7b07
-TAG: ec90d128ef465f4a3645fd0b2601fbe2b0bceae2f890f0700c7a15c82fcbee6ab492908ba5f2df0f04dd0635c047cbe52069d85fcfabe53ceb43dc71c46e51c0e3a9ff435840d62bdcb93341a1624b69397fa1bbd9229814a2788b91a107534b41ed488f4ce95fd2ab46963e4f1a3096c74acc8466d034eeaa7c0f1fe46a4eee7abb740367266cd36fba96dc74e520f64b9605c067bef516f517f99ec73c1104b43bf3e94eadd7dd6b9b7db847d6ff4c03dc454d8edbf8f694f09754f249fd1dc0bb4b130b2e43ddc1d24a0cc14edc8e7328515cc8498ae89beec66127508676fb04db92055abf2be22e0c2a7a3d9664e17d919f655ffaaaa7246a0ea29f9c42f72b6edd0dfb4867802d6992ce25efd8fe0dd0cb
+# Test with maximal padding (0 mod 64).
+# DIGEST: ceb2d295bd0efd37c6c34dab1854c80e986174fc
+KEY: 37446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+NONCE: e112a72933c7b54ed4fad0be905d4120
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba
+AD: 2fd6773e0d0c302a5f47e0
+CT: 000893d3434c5be7cbf9daffd81f03545f735cb70d1bd16eab26e07da7ee29b4c607d9a57077d74437e5b01a89c808c7ceca0d3838e5c6ee9947f1d4ee1d5e5e
+TAG: 6d8dc4edeeea81cb503d7389da209ae335876393fdab048965c7eb1a1403d05f8ef059788d08c2e906444388fd416a87bf8706f78d35797453b242618f4a99f47c3756116ec0318d96435032225ff82b902b9b6985189ca438e466154ded91676676c645926e2cf8a5d6f3bfafbb713d646cfd35b091f68e5ac2e7ec10badf1fd80767e6953abeecdc89beb2180dc92be21631164ef801147917e0c8d7841bdcdb52ea03344ab5f2bf3d5157794f5be79f51eb1efdacc0b77b27b72e2ce03d05473203522e3c2c196390d77dc28a35951f3aebd72ee58021d55e521dd029719a7660408ed0da5ab41830102bceb514b0b172d0ee10937111edba82b47e719c3beb3ce49a665accdc1c5bf028d465b5e1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (1 mod 64).
+# DIGEST: a07054c760cc66fc704edf950201005031f3faac
+KEY: 446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be1
+NONCE: 12a72933c7b54ed4fad0be905d41203f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2f
+AD: d6773e0d0c302a5f47e037
+CT: a1e92776d0ffcfed03d1be956169f606733755d5a7011620c7ced6a825d8e59627e75692a41a1f2a86e62fc6052873b5458616414584e36bad698cf4c44909e0a2
+TAG: 6e0b32528feac2d7f69abb480efc7aae6cd1c5f8a654bcd10ec5be08b58f5a2198bddd83439d69ba9f55408cdf087e8a7f33fca6859638c5a4e8bc6961afee7534d8ffd95249d554b02e5beb81100be5e10abf679300f4ba514c03f4fbbba3cc62bd13dc8c8b9a726a9f217446c6e3b89cadb40488b177926c88c9d22a6c4ad9deca67f0d976fe62cd24c3cbb2e51dd16ee2e7bfe91d867b77c77a9a65c387e2682d946e617d0128034f5fe436eb7fa88aca82526d71dfefbdeeeb5a2c15d57fce0cf12e6ce0b101ef92d9ca540447e0bb65bc04b6a02e4e6d9378c6eebcd6d530c4ae14243beebb18403e8bcd434c2d88cc121e2df182edc3e1f52b060b1aecc48490c6cf3260299449945c803891
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (2 mod 64).
+# DIGEST: d059c266cf6233af730b7a229b19356a4c6fcf06
+KEY: 6f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112
+NONCE: a72933c7b54ed4fad0be905d41203f5d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6
+AD: 773e0d0c302a5f47e03744
+CT: f414f0321370af1490839677747893befa438051fef5f02fef488d7b84dc03140b3a5dc3a57041be4c8b688633110fc07251d877de0d6242928e4d937e3cc58ed611
+TAG: 4ee98ac6f10e179314a251a9db190037c47b9fdfc66321d83a995f6dccc5259801b18c3f466f7f4939b7d2d7196e0b161aaa013721e81bb9707b974b904f670e4aa495357b562a254908417b65fa69e86c42b3efdd423838575db08465a7f4889c85201629f6350c0865b5b0cfbac4f51ea1eacc8f9768014975d780438c3bd77f7f18612080abdeac9331e1a068c8f3a345d0026c5723bdbc48643c1a733a5b7ca9078424522db9491bc38d2644dab2d75499715707cd83ed655343ca73672d480f1420754fbbfeae0fba05be3b5235a5fa48bda9f39df0b298351d8f4da3fb8a2feab8b1aca9335eb31ab03f40ab19f668bb864c798ae08de37bf848fe2e898172d26fa23f383787d7199a6990
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (3 mod 64).
+# DIGEST: 8aac0687e33041fcc18da154b41f20a6af2bfb28
+KEY: 5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a7
+NONCE: 2933c7b54ed4fad0be905d41203f5dce
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd677
+AD: 3e0d0c302a5f47e037446f
+CT: b51ab2f8c4ba3e8638d454ea72da5e3cb15336c347c442b8e1ade85c5cbd0dde790dc707d60d452d5b88d72e718f13cd0e0f4c9149b72e8d6be869d817a3232513c958
+TAG: dc8feba112517f6a820ca12de43c5d64c51cca713d3702a2b4a5cdbe86a90946a7369ec26ea8b5b35df329bfc6e29ef50c2774649134bd6e3f3fb38ef13d9c7fbe066e9cac4fb88dd0c02b677472ebbb2d0679dffedcaf13fccef6a25aed3a272ec01e7680becf80a624518e1333d28c97487b06e0581cc80c94989db4e93489f3dece9eab6dbbee73aeab572d1ee7705d18b899d9c62d7a370311e64131a801400b580d3c8f7af88be485b84fbdd89f7f7dacb29afeb56658f3d8e49f27adc542e412b0fd652b9f60575bf61622d7306c54bed50b43d89cdaecf1981ede09f9ea36fd174118ac178ade5f26ba04fcbd2eb035f030e2139506456ff8d342a4e59bd55dfafebda23a66cacfe6d1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (4 mod 64).
+# DIGEST: 53658226c112b86438dd27b58a71f9e36fc73c1e
+KEY: 91d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a729
+NONCE: 33c7b54ed4fad0be905d41203f5dce99
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e
+AD: 0d0c302a5f47e037446f58
+CT: 87bf1af7e4987cdab35bfe32adc6b1be286751426cf926217f2c699bc095bde7b6ff3d6cc96b79328ab776547c2cb756d9de8c1245d21619a51dba8364ef6914590f15f8
+TAG: 55b9a1ee198080846389dd088016acab73622b1e2f902b0776846c74d99c27e67c7bbb55b2ac0efff91af0f6cb2ddcc0b5b8bab768048bb1662bb343d2f3a164bd4ca4850fbf8111b29e9be7bb836e2a8ac50ec2cb0b1c4529e50904007372284ec9187ea27d8faa03fc9535ba744155d06c06a0a97d96c03de71c13c95f185f426615f1368be346aa5ebf80049ac6771763235f2ee44dc910a01035c53caf8f9fa6f51fe3ad094513a8db177b6a66e24d21e1e40a23aa3629fffad45f84a58a29ef9237fac5eb6f5deb3825de6f399e46b2b2b91faf64ce45d164155e4dc757f6005c7c3e7fb3d8829623fd7c6ca48b923be90c38f5209c6d94696d2b2b7ebc5dfbf2cfa1a37e8ed038e830
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (5 mod 64).
+# DIGEST: 6b7d5268b0b5037afb5be5af6a0ceb34e7656ac4
+KEY: d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933
+NONCE: c7b54ed4fad0be905d41203f5dce998f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d
+AD: 0c302a5f47e037446f5891
+CT: 44237c388c3d017300db0fc9827f9b575e59bd971a0fd89cde4aeb1763912b49d50e92ba19d7594ef6da27320ac2bd1db3bcfe56b68a9ea8e2347d69890fa1fdc8bed782ad
+TAG: c1068d84aa962e7b89090993378806194ffbf677e7a66524d2ebfa7bdc52d76d09b914168eec4a5fde0953d4567affd3a4e0e48190e7a84471efe8ad1ce577c21df93b9d641c865d90ea1e6069bd703c4ee372379a4ec94f7e99867179561d41e9053977cc985b98f7a9fbc675d77052809b89b8f23f993e191ed1a07f97b89d05de948107f94245f216c413288eb4e40f3cee9c00c15926657d9ef9187ab405ee8000b4bd84d5771464401d59156a97eea7b23b4a6e9f1587cd3b75826a621b699515829dfc57740ad5719c43e88d835e13ebf703a0966779d31dc26866e0e9d27e3376137c92c97af49a876eed425d3980f1904f013143faeccb4fc920185ec2325361e5b318434487f9
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (6 mod 64).
+# DIGEST: 63efe7af502231420ed5aecce9a28446b257828d
+KEY: 7df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7
+NONCE: b54ed4fad0be905d41203f5dce998f8f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c
+AD: 302a5f47e037446f5891d7
+CT: 2f25b5a3b01af5411466c8aa5d8ece037434d5e12b62306f2732cb063d0dcdfc2725e67118a242a5576d470fcaf9be6d811bf2789cc66f5561d0542438b5432fe713187a879f
+TAG: d80e1f4edc2137f430d36a5ac93680c973fd7c64a03f7c2ce1b7e33085fe94da70ee26f47998947310508448cc70daa595687eaa540e48f048132de108a045da6d71170e39bb45160a344a2fdb5cb56ab020b9c0842ef2a1a5c83b4d63359fb8d71506d1e611fafa29e77d0669474d135e37bd8aefc3e17f024093186ff80fef73889e887b8d6672256dd592946ea84becc08c29445c8d978e896b1dad5e2608e347e54a97f3f757d7362f95f4cedebed07ab45b05713f7119c38d15a0f22d4259893f5e2401267543b3f78b52d54dd2d608173119e2dc7fe01f66589628e95fd7528958e993b21e4db664b8cba2f776d5cc305c42553da936d580c17d6f5090ff04e106c6488b5b18dd
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (7 mod 64).
+# DIGEST: 1a555c300a1d1bd5b03cdd6bf2a678621624eb05
+KEY: f660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b5
+NONCE: 4ed4fad0be905d41203f5dce998f8fb2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c30
+AD: 2a5f47e037446f5891d77d
+CT: bbf934979c5d9da5c8b27d0341a164d640f12956a392303b0f1665935b5c39de458f53e0a6f824cc56081db1615fc67ffff0d300d1564666b81bb37da59e4da30de9d6a19df74e
+TAG: 9c18b0f9ee6a167a23566325eb330660997193385214abaf945dc18fb8252fbab8330b9809a6f1b300ae5a0c9d841fdd6f77e8d65f1cd0b221fb9b94b5e5d7215e6f501f490a7fa0a754efa7f2d9f5b927a5da2bea736e73af067e5d988901032d503ef3ab89894d03e48a096e7c31fe64bbc2c13f02d878590659ee7606d9212898d4d246e52b03c5646b1c3fbd43baaeda6548156987fc8f490f5763da18198bf0754d20f16dcf7df6bd35ca4bd95cd5c95a60427fc541aaf1f6923ff150de825cff9900ac9492350770bdd13fc4d0ac858ccdf36efbaeeb572aa45ca5470a04a7fa1ce5954d58771730b7202def47b303e560e81ebba2080d044a0851043c5af1a05c30a5a448eb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (8 mod 64).
+# DIGEST: de9156349b578f2f44945ec6a676a67a829daea1
+KEY: 60ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54e
+NONCE: d4fad0be905d41203f5dce998f8fb2ea
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a
+AD: 5f47e037446f5891d77df6
+CT: 9b9bb61ca4d5aab8d0342d2b174e8f39b8e21db0fb7146025fb298016df3bab4363bb47f5b1fa038587df98851d09d473a68c959ead8062c52b9d6de86bd6a0fc9a2daab4667c621
+TAG: 897472da6d837ec173c2ae738721306e8d3c9e5353b65d1ecb3be3d0039739de379c9b06f42af8e952aa9acb4780a6de888dc8c54fe9a2eec19ae4a864b3b9696d712153bb66c49825ec5c891e30915c4b7b66b190525195429426ad694467dab09e8c2f9f21ffae4d54b74c0c5ed9a05963651dfcb9560677693429c63f3024043385ab0a31066243d42b80d2aa9854005504d6c8b9b7f736a8731c5dea0f3fc9007aae0c6edcd0a91dd1bbc5750de12ee13d4a77379cd3b2c2bbac885fa17338011b7b81cec6711fd5d65178f20a06f5475e09c202deef57939161ca8ed3e4aa9b010277acddc4478d1afb64138b276e265182ef2dea321b4f136c5c439ef6d099621813209a43
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (9 mod 64).
+# DIGEST: 12812df3aa7f3bbc899f6f248f5590e02570c292
+KEY: ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4
+NONCE: fad0be905d41203f5dce998f8fb2eaad
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f
+AD: 47e037446f5891d77df660
+CT: 33ac574b7962d03b7816c0199a7f661a485832b9023867a749fc4bfe8ff0485571744f801139afd8215863b23e2d68ee7a254c60d8029e0f1ee10a1b947a4984f37f98a6767f52661e
+TAG: 3ee493d8cc764880f4ae7fc3c189b95bfe11d89640e3c9ddb55b230ba0d142d53fe18be8b955cf0d0d237c3b295459fc4c723b27ba8a29ed8dd5c80fb9839e30bc92e6afbf28ef6f72d1c28e5452460f986444678e7ea982d8bae63b69788012bd43aa66e5a521840c79831ae74426fb16f0917c5d2747b9c31fe43ecee604f26afddb093a9f1f1205a4451d50080ed0a9208a88ed6dbde37a674932bca837c46dd8725982c2ef6ac54511151c4cd59e511ca3835ea9bdbbd2e0842dc9674a854b8d4b063d0685086cdf917a7b7983dcc28af2addf3bc302034e365da1a87334a68477aa34a3a878d926d4c17f50316749d917e172e47597d060403a0279ee68dcd864652f37c6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (10 mod 64).
+# DIGEST: f3c89f21c327fca4aa400fabea9e39780378e901
+KEY: 82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fa
+NONCE: d0be905d41203f5dce998f8fb2eaad40
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47
+AD: e037446f5891d77df660ed
+CT: 8517e13ca00214ebfc748efd3a233e8b64801dcce99f9fee3d271357220dff7b1678c1cd6392a6ade62146c0e783248918a7cb69dd26dea525bd9060f380dba75e502bdc19581ebc3295
+TAG: d1f1280699f5514e4a56b08a5c3146142ef8e44c18ccac74577ec0feffbc29884da82212cba95b31d8464954498340f35e9a3d84256e8628368edd166d4b429fcb76e0072d2f5276ed8dc7bd5f34e754f6577ba00ee7ad74e9c89c4f82af0a7716d6ac77c39643909dedcc9356ba42f07874031878229a076da9ac7b0e49b2d170239089ceaf84392e889e7bceb3e383d0f744e229c53e8654ef0099a11773885efc456883e4a973557852f70c0e35668f3f212260e131962087416e668c9f995f226152251f5873fb89047a9dfa65b9fd0116486092b1092c4ee33e7625772944c06a2969b162986cd46d2b4185af2658c25c69a7a599d17f37be0fe1c8250cd7df5e6cf304
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (11 mod 64).
+# DIGEST: e8e41988fad6c8b44c56544964cfe0a347b35b1e
+KEY: 933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0
+NONCE: be905d41203f5dce998f8fb2eaad409a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e0
+AD: 37446f5891d77df660ed82
+CT: b1cf0005c93547664e09031d923c4ef9ad663a808189cd8aaa68fbada340d8bb13330499131ef3788cd91e9527702a2388802fdd2e91998a53ffbb466bb7e362d06677edd673cae71418a6
+TAG: 7cad97328236aee512598d1a4c7d51b2154218fddf0ef21724921c1afe61fed1b7a1d1b56b8099dafff77362c4154e4bd7089fb0908ab1de49244a053997a0d04229250e52bc1ecf4550da5753a35108b6752f907ddf7a77fefbdb5d7290b02ae231d019d04ad9a5295336639e7e6c81ea46863d2bc3c4fca7d0f3b05237306759b156ac1fd10b044730987d04a943f0f598704f2191f6c627299b92a2c01a4004111c21f650376c3f28fc9793eddaefd74a2bb3cc5dea73685c954c63b71f2924ebcf9853ff084117cc84a0785d96d8d55d02723a2082ecd8c4b49b8d4068071593aff50c2e08fe7c49f6de1d7586e299b42ec723063f2341fd9b3445cf40893cf8c2bfa5
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (12 mod 64).
+# DIGEST: d1c7b2c04dc25fe7b742a1d659aec20e1475ee4f
+KEY: 3f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be
+NONCE: 905d41203f5dce998f8fb2eaad409ae0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037
+AD: 446f5891d77df660ed8293
+CT: 7195b9643e0f7a4293c865db36442d4fe2cf3ea2c648dc88cd5636fe5e6bcea3d1197966e800da8c78bcb8830f3fa97671aebce98549e62827adf612e70f946673b07e2f953c8fe5e0b97aa1
+TAG: 3a909a9fa57e720bea6251ebbc1a71bbae1fd894f6bbd16e11abe51bbd1293abc0ad4c152a08b4acfac7a65b723fc6bd6923db66bbf202e184e8dbba150e6021ad1310ab4752cd4ae874409688996fdf88636084db7762b9578bb0c98d77c5156a82a97a3f6989db2359d252ff7c6405bd4834708c88d4481b35eabe2f7069bf8bac374fa382f4225659b41dd2a8006c0ff8d7c77c8d157e0373f45fcc0abc804a9f8a6b816f2b729befd606dc61e7f763f18121f56255662e36d120b27adfc8e1b528bd8ced5386cdb62cc73e58cc7918d27253297e9cbb9c740c7765cb014cf7bf160cbf09e00d32d31d462f356791bcf1286bb9023254afa6c41fe3d165f1bf7e6c002ef64ecdf3b5e073fb569028032e6713
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (13 mod 64).
+# DIGEST: 116e20ff1e79e0af464d473b1e7c187f4dd66007
+KEY: 62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be90
+NONCE: 5d41203f5dce998f8fb2eaad409ae021
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e03744
+AD: 6f5891d77df660ed82933f
+CT: 1d50f3eb1cd76d8e08a9f386db0cdc3eddfc694e8502ccae47ab431c2935fc461254b80386c87690b01c22f38ea9bd118d2e0ed316ac249437a3e9c30f6c1f767c150216ec90e6c8913ff3d469
+TAG: e44bfe162cbba654362d1c86088564b14120815f181932e9f111d6da5efb5f4caad61f1161d1d148cc429ad34fcad9128bab101c7cc004fb8f0b516216a809a6599b5144b4c5828cf159fcecac46a86ba0698a6e5267610bad10cd7ce9079b6c691c2ecd522dbe3563074f2ac85712e58cca41761aa94449199a8b440016e68eb8bc9db3ff2c2bd9c64d9d3c71566bfb5d234af1a144859431f16ce6d65b4cc604e9cbf4e5539c192f07a2981b55582376bedc07aa20f5a841c9f500915fef353c37446511da3affd743fc551d5c22454797b3eb957770f1ca16da138c71bf5c00ab7893ae83b3f499a2c42f55551a986555925337e0604227ebf1c65312f0b1a8cdf2d06b5daf3e5ea97ceeb2f33421d0b44b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (14 mod 64).
+# DIGEST: c081d0d09b2c9eb39a372ef4a7b0246a0956b0f9
+KEY: be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d
+NONCE: 41203f5dce998f8fb2eaad409ae02116
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f
+AD: 5891d77df660ed82933f62
+CT: 4d754c684658bcc89208bcd75f24dc8e18b70a28b8a2201535e60ab755fb20e1ddfa98742d257eadd02d96c6a65f880d058312311efdf67f9a106beff9f5ace0ac6af586aefbb5e8b4850e584bb7
+TAG: a9bc9bdf2c16ace8cd471c2bcfbc2cf933fc1886faeec62d4809ed5cc4dd4fcb6ca6c42f31bab300264b278dc0b10fe8a54005b590160b410dcdfa3db413dd04a72c897b262ed0fe4ad6683fc5229010f1d2bc939e61a2c9e0480ef3e03e90f74a3edd8bb523271adc45d097b197ca9034bff48677efa763e1ae7528d3f775f827b9c56ba7f042d7f9413b4c5d01972e86976ab3a398afae27faf3cd19ef1b24b5342f9d067e7702bf1ae9679540a72f7a12cdbfbac234d596856b3bfdc2190dff0b50f45b4355cfa25ebf8d1d16528fe6c4baf9b0e5a50f95c4091704e939c8ffe69183c2695ecb1f12f24fdf288a8e8bdf3fe510bae70c46d0214303d5503d21366c4eec24cc2808542a203d81789efbb6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (15 mod 64).
+# DIGEST: 6f7bb1f9e2772eb909c315e653e4737cfed78a18
+KEY: 8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41
+NONCE: 203f5dce998f8fb2eaad409ae0211641
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f58
+AD: 91d77df660ed82933f62be
+CT: 25bc47e58e7d4f3a417c95768699c92240a2be0e86232a41fe02d64f66716023996772e1118be48e685042f989dcd9cdc574614c9c3989f1885b4b71dfd5b1c32c1321ca41ca1e6ff1828e677e30fe
+TAG: c96a78b9ca68054bc1ed2a150dff9f9585174f343d3df80350982002b4c95106b72813a90028f2855faef235909686607f39655ec48f4024e170c9f9574b0c81b63c8df7af6b4d0f0633853a09c334379952bbaead7415125f541a01e320c5f5d9806b71c3ba71890e3229e751f25ac82c245596b5fa688f1b13844d91169354bf0cc03cccf576c2216aeb9eeab33e2a9f8bad2145d36cf0e7585a02296a7a3b434f4efeeaa4d7ed65befda32b287d9d0946e25dbc0edc22de871184ae8c76777528b917585be784d5e0674b1e5693d0b8cbe8253f8db67c879e1d2b7ddd5df4777a15509f813eb4d0f5a935aa011daaf0cc1ba2ebba9a20a74847e9c53b648f6fce4c08b6e7babc1919e6de22210a6f05
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (16 mod 64).
+# DIGEST: 172f4992e692a88f49628e5d3937959be01aed2e
+KEY: c55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d4120
+NONCE: 3f5dce998f8fb2eaad409ae02116417d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891
+AD: d77df660ed82933f62be8d
+CT: f1ab85a35a17541efb4f906e7fc85e64efec6ab40d59d3da920c4ec09797c3ad47820e9d934e51e3f4d097c4a555575939bfaeb8cfea062b64816a160d6e4d1ff02a5fded435ab9aa2daf22fa7d676fa
+TAG: 14684ce099f4f0e11e785320debb89c79c03e8bb8751860d3779b4b553f6dedabdb23119d2866ad63fc974a6c6442b734394cb6705309a4d3889e90c4a222bbd14624cd89a9c3f904367c418140375dd592107f839ca94d43d09495a8dc8273201bd8f5a447bdf57506421a975ff4db3aab7878ff18e5b73c8f072a8d092461257d0182710ee9df9f86ac5ad321eac7ee96dddb27ecf561db222ed1c7c183c2ecdf4c7f57cf295638de3c4176ea244100d51c006282e98af1a8fd540daf0ca6f2fc0b88c550b4ab638760d95f2f9d09612da198616cd13fbfa1ad12a3fd30ac9956491cb11539a1be43175fb1452393f13f8d03501c89cf5962730125a7e185dc089b41124fc1e7f69b1fad46bd661c1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (17 mod 64).
+# DIGEST: 00133da1f7c63fd5f0eec364e9a359be02c1d3da
+KEY: 5b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f
+NONCE: 5dce998f8fb2eaad409ae02116417dae
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d7
+AD: 7df660ed82933f62be8dc5
+CT: 5d6bfe91cd2273a9b986397a38e81be5fbbcd0403ef51873c2c467a9fbadc7bf540e83c538a43dc0e0ab780a4c4b1f5b77ced74f65b61f8b8b58b26fa3e8cba568bb717dc7071bf82dd8c68b068e739706
+TAG: 2ab9e654859c35e065f763d949d43c65dc85dc5d918850809ad8efaed6569d4b3ad064bef3427ae4c3be571fb914cefe2362169bed5b4c0cb17d2106fd6993d20ab8a8b70edb5f5d59b3357c8499c36e2b0b67edf7f334ff02d599031f43252b8d30d39affbd2093a6687c771b672329e14901ad9128f063267d3ab332ea31a79d37cb24ad0fd2d07f23b13d4643d1d9c529e1dd0490c851b0009fc1192f2438a48aba5a39be2ee925b1a38647197ead5cdea3499daa5abf9f4503d3581115a6847363348d5e7933948dce867752cde69ecc401012674ad75e12245dee86d775989275a5fc635c66d42c01b7646e180d28798905a3beb210c049be35b522ad580e1ca29f81b9469448749fce961ba6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (18 mod 64).
+# DIGEST: 60a6821269be6c5b985576b245f106128eb0b325
+KEY: 436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5d
+NONCE: ce998f8fb2eaad409ae02116417dae0c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77d
+AD: f660ed82933f62be8dc55b
+CT: 16e3c681ba1ece3bdbfb1da491f877e806ddac5f1ae96bc406bd195c9d48bcd4a9b700a8ced21d824bfb99eb057e401c3529818725b51e96c576e8009bfe4866e98f550a23ef4748ff761a4d1c44ccb5eba0
+TAG: a30286b3d06306818a268db0e5116abc2c7361c5a32d334d8ce5f4007aaeab750980018b435c79391151fdd33df2a97dc2cf62c4426ce45be43f7e4949be735bcd33f0e81cc6b5a3c2255fbac9ff5a8fd7e7b57554d7ef00640d92b605c9afb0c19dd5ca4c79c409d85c197e8f21d79e91df01a817bf68e8718bc771028c945471ae003c0a210c572b79d772560031b5d3e5495aa8d9bd6fa3f8ae9976ed7e7f8d7275030d2f12ed5ab05276ebebafcac7d0ca41f9d860583f800e4f1b9658b12fab31fd63f6a5e4b80463918f8295ae11d7b97f9b5f89b8166861aec8f1b1417163a6a8adce23ce66c9a4306acae7ca75435cbaece814d6010a3e335bd7db9783812052179d5337d1c353be6e0b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (19 mod 64).
+# DIGEST: e2593f3b6741a9ed9fa188fc06efd057556ee624
+KEY: 6965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce
+NONCE: 998f8fb2eaad409ae02116417dae0cef
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df6
+AD: 60ed82933f62be8dc55b43
+CT: 9b51ba0eebf72bbcd7a1b8452a49f30bf2d96bf0cde4d9e5efe7f1903eb4e09f53aec649c5a8ad7e7fc6c28a0dcf4bd3556f4377bbf8b3f9c79dffa5978692559f732c109a7a02390746f5975d5a0aac4d04ce
+TAG: 636f7bcc9b0b5320643f4b6acbecd60a0a89d2511621ab47fa4c9af610fa1ff9c6cc5cb8fb64493d6a4dca0e94a90794f31698cb1c5bb5658e8b6a63a2cc9b2f1f297240d3d6c62087e32f5d5e9f9d608eccf4b41253933c7391983db1138012a5f5caa5abde25c8a16fc33cccb0604421d985f198c48552650f5dd299bf9163c136c042c9a35cdf7120a702bf460d739ab264fe1f58453ff4990f7315379ff074e01730e7cace8d45a5d0355c0acc409db8fbc759516ad56818b37700548aca769719937103787311b6dbc8488d9e68ee439cec3075bafb725f44734326df9b10d6a4f7133ba84489a9985febc96200276a1fb513f8a3c062466cbe63e7ad668cade7ea70c3b8cd040a6162be
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (20 mod 64).
+# DIGEST: 17450a437efe239e1858ac4062f34024305372be
+KEY: 65aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce99
+NONCE: 8f8fb2eaad409ae02116417dae0cef45
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660
+AD: ed82933f62be8dc55b4369
+CT: 5e4df84379f9736d784d9166047003e3ce3375a8e7add80c8687e94f68595aaa52e3bd39a45a7f67d35b4df0c5d62abc81680ebea78d1ec02153833b4dc4bc51b4d1725f5a830a064e33cd5052e90735477c069d
+TAG: ddefe8bc965ff097f22b8978296cb5eac25732862def3ce5a7d2ee9f7b7d6a6cfe5778b9d6901e7540d8c62f3d97f68b43224e00f8536bd7df50f3ccd1e0917eeff5c32d196cc2b594d23347f4bc1db22ede4f2ffa7f0774c1a073b5e91fbec2b634d0d60458f215309be0c2d1b553f22a87cdd75cb64cfaaa0a15ce876bad26f48b2d6464488f97e35899c7aa80957491823239173843dd88a617839e5bbcf78d51dee3418defcea0a72e5ba7a1e8d652139955570510a9c8e6b6902a5c74133c641fe3950db1b7123406eb4cd86e17bf4efda4128e83172ae78e8c2b632c0cef066ef311f38fa1a210a7802a39b95cb699962daf41e5d436d474753997ac3c826ad39980aacc954adbb12c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (21 mod 64).
+# DIGEST: a35fc7d25f90dd9cbd35910d5532aca8aba88b29
+KEY: aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f
+NONCE: 8fb2eaad409ae02116417dae0cef457b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed
+AD: 82933f62be8dc55b436965
+CT: 1ddce9b3f674dfc1b94a6cb34418e6b75c93f14941a6dbe028ed59667404b93afead95ec50b9393a8e0e5f469fc1cbc5136f4dc54f3a005af6c88cf70ff39487cdc730dc131538279704a67492f5241faf00aa8c46
+TAG: d43074349115775a6db0a999c8b492d65bf1c10f046b7c7fa6335d54854a202748ed412c82088bac5d07db529fd2358c66e48a1a40083d9911834522091a61d25013bee70e3d9bed1c1a63ff50c2f0c1ec80bbba5bbb25fd8b2c787e9e6c90fe73a8e476743050c06c8f72344842507a75e6514fdb760f1c733242fd447a8c0658e3045324da0dd132841d0ca758429c6fc0355434a6ae86cc1c798cc9a558e767730437f66f08bc8fd0301d3447f5f5f5ae483ddbbf61f1c8de15bb2421f500ab10ed643d4bb54367946206d5d5cfa6a4a2bd16527a7cfc619d1d7df22fecabdb0541201825e2af362adb3033ccc4eac11db0b563d5bfd65ef1a95a28d5798a33230a78af0b38bed6d429
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (22 mod 64).
+# DIGEST: 73eff0f03358879f900b6ebd515f0f4e5a6929e4
+KEY: be477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8f
+NONCE: b2eaad409ae02116417dae0cef457b9e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82
+AD: 933f62be8dc55b436965aa
+CT: 6736ca287cf31ea3ec92c68697bfd1f88642e67d9dcab11c5dc8ecfc61611ecffc54a04119f53f9e5476196f220486ab53e2b21e1135bc6745731f0bd32eee9777a1b3d208c21d86048a4cc945389d60ec8954aaec13
+TAG: 53f11651de2a737a0117aef6790d2683681561ca2b26586c5564d5fe06565e17200115d2a473aab781b9f8d4002fb4060f1eb43e77e31f270c143ae08a1cb5a2887c2ba393e050473894f62c6a7ec438eaa575d631b0736c3fcce58b9e81c28701a6d4c1dfd19a5d2de366d7b1c2433997dc826b48222fccf919ae872e42332b74d24027dbdd487014adae3813d52bd20271ab8da425e641701f78312026f117423f90145181d9af2696cfa08059a2f3b1f7f63e48c7ca8f63396620b4046210cc431a1b1311834659338f957141da2cba2d499ce121223f45078668652c9b699209bd1a33832e8a53c7bcd5fad62acbedbcfc1cf839b6d1444a991c573e8c2ecafbe33a23701291a8cb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (23 mod 64).
+# DIGEST: dd6cea270655225cb4f4231f54c19eaaa146eac5
+KEY: 477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2
+NONCE: eaad409ae02116417dae0cef457b9e5e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed8293
+AD: 3f62be8dc55b436965aabe
+CT: 95b9375058667abde693e7e3a598dd4c326ae4db29f54667c54453e6191c52f86d2fb4fe324e9a02b94f094f1dc272b1e6ad85529206a511468879d31ab9e74f7666691dcd7365ce52fd6df951c20e7a71ba740901f797
+TAG: 533eaf7ba2c963ee7357a118f8306660f786ef35206612b3bb8a87748c76c6bd67c15aca895927b6a92c1fda33dc4c330e8fca65d6b82343247d070a5bc0d0d632f7ec3060546cf2fa4f3bb7f144356bb2371cd19100e7d7066f2c304039836d62a647300bba5b7501241b8126a8f39bf8ac2946aee674d0a64644b8aa0e261f4049c9ab56b16e717d162d9a43936852047d4adeb17bda109d3aea0a46acb70e7fc9351978b4bfea20cfa0f437fe8c1308e45a390e40ca17739c4edc6a0bf6e0c14d84ea315e36ad0e80d22011b02675ae09e814c08ce607d4e3fe18a4bb9380966c174ca8a1c397966dccddbbaf85f47bbd97c5d99936c26917df99b6356de065ac0ddee7dfede113
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (24 mod 64).
+# DIGEST: 34dd9bf0ce19eff890ecad474388779f63b0af70
+KEY: 7e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2ea
+NONCE: ad409ae02116417dae0cef457b9e5e16
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f
+AD: 62be8dc55b436965aabe47
+CT: eded2db8c302b3b5b5b0c0d556f8d34408fdb2af75d38231049b5f91e02a4086e6ffcfabcba5e3ec68173dfde382a41523d3c8ea1f7944351baad1588516c548125b1005d3375b03a4ff4bb19937068e0efea0abbeac4f8f
+TAG: 379af744a549ee2fc70f6fd955d68da610b9e28178af1e7d6034c5e583f838a84882937060dee0838a6d0e008c51d312956cbc233af4e94ee992a3a9fc427f98283ffa000fe22e62e6181754cd434b066e685a514bc6ec82444c3d722fd37b305e1c514541208c4cc8298acfbc9f41762f50c87a9b95ca7a4d47ef412f0079cff9affdad66dec43d8fa706ef5bfa7deb9826c28ba66a7395e6491bd45ce3750864e3b0d466d236d1d5a5a6dfa8f531c2ae985515d367eca43505de759ad476ca08a6ad5265e8550a4d1fcdb0f8c3ef1a4567ae3262d5d5a78e7ef6c8097ca22815e35ac82ff78fb39b029edf5521311d0904b2e10822ffdf3f93118412181f8679363766430beedf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (25 mod 64).
+# DIGEST: 7db8cfbd3b29f96d752346eeda3c2bb0bd070099
+KEY: 0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad
+NONCE: 409ae02116417dae0cef457b9e5e16dc
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62
+AD: be8dc55b436965aabe477e
+CT: a56c9d8579b78c9ef40c4a230e8bd42750510340fbd0cf55393bd13d93b105fd2cd1d701b6882bacc661e8da81b7c9eed6b5dd4da12353298150819c748f464f5c60b86f92a9e89e483055b8dd3f42605a3065f08189f74021
+TAG: 2704ec8335c00380797ebe4100b3ce3fceb38704eeb5db223e4256f4b2a5353ec0a89676e0542ccbcf3ccf131832f2d4af2fa86de6fb456ccc6add9e453c16e303755dc4e841344efb5251cd266a88f4f0efa3155db9bb475e9e97904a2efaabd8b2e836d54babc9fe4a5a0805d113ad28843994e83694fef3172ef45abfb037b3c78205fe9e6042fe4c2db156b78fcc52b0f43eb3b2ca0f40ddd0077be8880c29c9cf5d3a5b68eac071874a7c96fc531cac7c0245dfd87febabc641b081a7de6693cc85d7851238f239914d96e8281e6c44b1576d0e2a3ea02079762e05923cd53134db1524c28c02474bd539d0ffd8bea24cc743a35267ccfd405a834bbbeb3819a3060ae254
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (26 mod 64).
+# DIGEST: 4abaa8453e8cfdefd918571a961d8351754ad5b4
+KEY: dd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad40
+NONCE: 9ae02116417dae0cef457b9e5e16dcc5
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be
+AD: 8dc55b436965aabe477e0c
+CT: bf13550fa32201ffc699cbf22de17ca268652f8ba2693dde72b626d01855eea7c21f0afae3fa03dc757491e8efb9091a4c100f8dccfd15a9b4dd94e4fe1f5e90cec62768d0a91e132acb1fbec1052878706359cab3445d38b1a7
+TAG: 87370bba8adc7957b9f4b468f584e1483306cbfa87738a2a047d9e5b0af76efafe46dd1028aba3d3677967124f2adfa8d88922bbad39c82f9272e4734a12c9a82201024147b14c50f110371ca57d3cadba332d46efd5a936feea2f74609ee8b39e22d4e49f608229b9963417661e47610547970d017d1afba6c5d653eeb9d6b596ee2560f1879437c81dd7b7ff64737f68e295cb558c3833fb481b582817bad184290f7b731b611aa09c63272a14f4471ec654e460fe7e2061de628bca07cb52682d4d46a3e29abd90faa42e9cda1118c92ba698ea985bfa4dae1e5a5edc2eff590d609b37786d1d577b55b0cc671d237e338cf46269451be059e44a2e6b40664d060919e7bd
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (27 mod 64).
+# DIGEST: 0fb9d7ffcc7c9b84f34661d472ae2d4fa25d3d99
+KEY: 46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409a
+NONCE: e02116417dae0cef457b9e5e16dcc5b6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
+AD: c55b436965aabe477e0cdd
+CT: 9f9a3ab733e50c1584c4f0c2a2dc0ff71bb3a9b32dbe92da2fcff8fe46a4bf16d4f30ec8efb1319891b7d2586839fffe5012a6dc3d5f0ad21e1572a1ffb48fbb59ee4b8e0234e543786e775dd4c54cb1ed006b4e8f5195610e267f
+TAG: e3e1b44b7aa92166a01da7ba9c7dd6ed9245dfe296ee16fc20addd7a6c15462ca1c0bf1b90a136dba0749837bcf133377d6ff21fd3cb7c1f7fc50df8ada45e671e1bfdd4f711462c9655c8159f2dda37bcc96df425ef3fcba2056973d39378fd2189375bcb96ca84d023f45f880166ba262c3f089e58888b8a67ce85048c5628061e04a7f09d8a6eda422d424482dc4dd4d361fde54b3c659b273ee9a04faa389befbe2816e164d9bcd9fb6ec7aecf51e9288cbeca4d3e0dd776a3c122eb4524196dd7e4b8420a08a3276173c282dc1463ce6e6b17fb419c1bdb47882e6685c877119fb6348bd0f80b867d60fc8ffc4e89768eb33ada5f32a81eca38965b28bac74f5dcaa1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (28 mod 64).
+# DIGEST: c68fec315401703e49722fe4b39cf28b14e9f50c
+KEY: be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0
+NONCE: 2116417dae0cef457b9e5e16dcc5b6f2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc5
+AD: 5b436965aabe477e0cdd46
+CT: b4d33c5131701c960eda4c50fc0a918acbe28cd47fbcaa328c6a9eb08e3c36b697928c6981992ab155c30984c6b8e9340cb00decef7086f589ed2d730cfafd5ccfb95373b8c55044fa1c95927d02278a48f986a6b8301426bbdd504e
+TAG: c327263a3dc33abbbb6985406703ecee6ddb0d9b236ff2366c65effb2c936e5961d99de3bab4eb9c5aba4f65a55bf768a369181b191545f4421be3bc5bd2155257374ba8ac8e70823421da77aa1e2001a4e2f4942a40dc586e1c9e3d0e8dba136bcd823eb644d8d152182fb0c88ba540ba3a71ff1b147e4e072298023ae0c8d37cff859108b02d586d5357076e6e649e2a8ad3d4a9de1ffdea88b4dacb2d2c7fe12c8739e0d50d91e3fb57d54e22e6c4ca3c8e47b2b9c7de9220a1588c631dd6ac85d04f58559b796b8adf5559365f8009181a75e1f7f1a3c1097d81065be9b30bdcd0c5572db64f633561e426f1a6023fd7b7e1c4f66919e9ee67c5ac4026cb11aac92e445d90ba020153333c8db152113c5cbe
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (29 mod 64).
+# DIGEST: 15e1aa5285beab679aaedbf51a86b4aebbe3d7df
+KEY: 99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae021
+NONCE: 16417dae0cef457b9e5e16dcc5b6f256
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b
+AD: 436965aabe477e0cdd46be
+CT: fe6540372ad1c40ec1dd644e935c480b9e34aed05a7f21e2e37dd46db52ebc5352cbc3be2aa289cc2e9712aa7d393f4454c9fa3a4acc30db41ada1257693d3469b0a1d5680dc8dbfea8cbb4768161f829a4f853c1c48d08825aa2b44f1
+TAG: 53f79cf7b8f4380a1d1f1def457d4ad78c5819e0654d4052186213880228c482e2a54bbffb71483d32a8eb97ea8e9057a99a52fc3381820bd5c8fa43b846257380c07075592d6a445075a0df4e48f20dac7e2df8967a1cda41bbd4b0411a54b3ab9e79354a59aef5291599176599db82c0f6ee8a05e012067e2961b147a7baa73a818c64b52dbefd767b285fad111972528e3865b78c3c8aed658b1e84ecfd6ba292bca83ef66968e1bbdc05f616ae79d1d7932a0e8d5fdd7f98159b199bf933ada7670bfd4992bc2ec95daac00f10b7cf2bb68755edeb646395efccbfe322c9f381d39ec36d92c914fabb74d4df8dd506d9a8e233c591a503e92943e9437b10268bc9fd1a512b31a3aa62034ebb2dfc2ee3ae
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (30 mod 64).
+# DIGEST: 8cc0b1164fc844e958e055b7ae43f2f95c29e8c3
+KEY: 371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116
+NONCE: 417dae0cef457b9e5e16dcc5b6f25607
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b43
+AD: 6965aabe477e0cdd46be99
+CT: 22e6c691ae1ba796667ceeaba4dcf85582e398e529d938da63c8221a58c2fbe242f6da82eae8c896dd31b45b3e8b72ff3dd7906130954f7b68d4c8729d3ff66ffad72104047209a56f1d6cdd927b57e8f29108140f903d03da3f4d210219
+TAG: 6c22c87e07027df3721970ac8ebb881edad4c00566f7b53dff9189ba9844543d4c5894ff1579a353db455a1597370c9d8f2c16a191d6e0eacf6c0cb3bc30b979ba40244a12dcdbf806e609fee1cb9531813ab90854c5eef9527b0e546193df1d3b2e52c5c01cb67db0f4fae9e1557e89b130fde7ae3f7b493d1b0296ef965538ddb7519ec972ddd1926ca29e3a9ff5c9f55414f07a1c1785908975ed43b16bb7c96b2820fa3c317582dacaec45c71b3ed841a41358c87340f5fbac68dcd4590d9aa4cdae3374d7c332c6ace45644a8805ac792c4ae5bbd09ca06581fcb46e71381031d5ad54b117005c2924a538501c944c416e19480d48e792a741e863043be0cf0cc12c700c3238a77ca4dbd168da1618a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (31 mod 64).
+# DIGEST: b51001b6ff9d27bccf3103a4961280e0a1406257
+KEY: 1eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0211641
+NONCE: 7dae0cef457b9e5e16dcc5b6f25607f0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b4369
+AD: 65aabe477e0cdd46be9937
+CT: 4772e647d03817c0f9deb39ff4f4f27fb0fed33e0630eb453883c707336f0e74ef206e92e31fb2935a466105dbdfd42c180ef63cf5cdd3c281337895e399df6078c22762eba5d84b8845ea00bd88bf5e4f0da518cae42502e8531b14d979bd
+TAG: a6a89cb7f4f54501b3fc90129f28198a9c3ebebcd6fbf6513ae3b136ab79b5cdf4df4563910a498137864bf3a63b6dc731a29e2ce7768a8216ee39bb67f73b16f73fcf6bfb934ef67dbd964d016d876ed884e5c3357a5238dd7ad6f979e81952d9e2c2c6c5bbcb1ef860c67aa977b8b0e0288bb37c94b48ca7f8f5df733e1bc522c9b06292ae4340710d15079b8d4e9e7dc95b653844a7a5f795d71bd7611900698a21335e0736418cc31a6c29409f501e0d88be63b54d6ab8ab5c7f07f7375860f949168f9555ee49f7fcc41900bbe1b769a65ec344e172e0de68d74c94d261fd9785b6516ff425c6669adeb426c2deef874dd6b510791baa8778601c134dc5e05e0b414836303f21bcc7c300958a0200
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (32 mod 64).
+# DIGEST: aceed075f31ab159f6610f43ff0a6ed3a359bee1
+KEY: b8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417d
+NONCE: ae0cef457b9e5e16dcc5b6f25607f00d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965
+AD: aabe477e0cdd46be99371e
+CT: 6dadacb58a7b88e2daba277f66e5757042c142115871c9813d1a72a79e5a71366801a757a5f9982e99c355fe7d742fe3f047b711dbe340bf2ffd00cea6dc6ed7a4a416c17138404854ab8a5420960d60cd1b86424b2668740910a922865e4c13
+TAG: 98e4dbc80aff1a2c04156dec77deab9850b5b951f501d58f265f2c75344f7e6d0aba191b077877ed269e75ec40c84d8644070e68e18583be6e13788ff2c7f9a923f84eec8642ffb6eb40ca773a45c003df69c80de0ba199354f231f9091d1b4078ac218835e2df3e76e77d657099bef5a6a1367e6c39b23a0b7cd345bb8f5a97b9dc86300132e95853fc3635da842ed214fd00bac3b46f002f3c26cfd36c575a56af06e74032cec9451837db3542aa717aebf6e3ab3037dfab7cf0aa0177eba2dc3a56c3e3011d4c940b124b565c4450b08ce2f900d400e01a9b469d327cd9bda24af77f60e8ec6f5da196ad850c38d5cec0fba6bbab584c8b486bbac87a7f559be463e5929985ce710243260fb9258e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (33 mod 64).
+# DIGEST: 976ca4c9819e25a204a024d05fbe7420f717bc58
+KEY: da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae
+NONCE: 0cef457b9e5e16dcc5b6f25607f00d03
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aa
+AD: be477e0cdd46be99371eb8
+CT: 4307f039e09bbc51fa0477941e321dec14e5f562d3a5ba25d71c3c8afa23f44e1ca619d130890b7476e5227442c27995cd292ed9d0a649773b752b3bc7abf171244624bc55784adc9282f1776789fdbcca048313a1e6c8a23119db185ea4ec1925
+TAG: 87187cd5d301d869cd1b4bb721475f6dd5b64be330781e20a24c1784dcd74cbec221914ad4ae88d4c9a1a9eaae7b13052d2c6ded662507a07594feae4de66b72c7fc1143c4e7100293f842ac0022d8a916a687e436ab7bbb56b2a4fc18677a813b38ab1e1d48a474322d44f581a8d007ffc6f7f4a132212e7bef5d5c9b13889dd2009c6398fa2dba18eecfcc5f41c5ed56be7f451f9b7b7a908f0838d3d8e2696512c6ec159a6dd94a1628be9911a3d827105d8cee209b6ec4cee3a488ef5eae355826d9a474f55bc736605c6c24444330fe5eff18a735736b66ea5d0c5b3278e373b57d86dc7815603993814ecb0dbdbd330c69dc46d7e6fc8555a18cc0ba5b5da89e5075c7ad835fef0fa46ea426
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (34 mod 64).
+# DIGEST: ad8cfe7556704bb1974e94f70d8743d147c5c3b4
+KEY: 7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0c
+NONCE: ef457b9e5e16dcc5b6f25607f00d033f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe
+AD: 477e0cdd46be99371eb8da
+CT: ee9fa11a7d6f965e7d65d8f48810754770b9d237ba0111978b97e24f223817d0c6ce4dbde85c4e0979bea607a36c66f908c25384184fc334d8d985b78c2e9872d82c4cb1aad49d7dc21d6484b80f9192bd724ca57cdced2fdf142283126721c1c2f2
+TAG: ba76fb9c71f51c92d4602572883846812cc94a83e86dd16136d65c3ab932f89b28ecf49ce22335f0c643e3d979401bad3ca97673f062cf69855b23b6a1b14927594d92f689b4204ddb32d95d577ef4379890d804ce26e0e4565dfce891c992a29b9b1fa57f633b0c231e4e9c4939679bd52205988cffc989e34ae744e49a7ada77c6fda5537c5b031208acca0628913fd8a2ecd9f2b5d50254da5f7f00189dfa6d553300d805807141ef0b75557a693f1f90698a8ac912931b7a1a3a889295046219394a0884f823d204d0a3bc4cd4e3fa6adbddab80d123368d2f29ce5e8a992ab9c1c5d2c8cbc99e99647410abb5c73d8e00a0482834f97a576e99311d747088e9e65b8546265f71a237c1f74b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (35 mod 64).
+# DIGEST: 1dfd9608adabb5a55e12949f1c4bfcd5a77cb703
+KEY: ac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef
+NONCE: 457b9e5e16dcc5b6f25607f00d033fb9
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
+AD: 7e0cdd46be99371eb8da7d
+CT: 1a95f47f7bdb2d91358f683b7bf803254d88b59e2d3c1d873a09794e1c18f1c924d480727599a1a6890bb664335e690e4e52c385b634bed45e08410448ffda3ea2593a02a11a03d994617b9f7ac85317bf09c41b08b416863cd90f0244d22c795a34b0
+TAG: 4537e27f1bd4b1b873ef4b3eb83cfc860c44921195a0250a96e553280b15e9ed379d4eac959a2809ce808e40dda881cf8a08cd50302f7dd5e67659613932ffdc086db4de634000cdda80fc576294c265f49a48c79ece6d42423a4f86c25c0a168d5eca502e87c419ec09134c27e4db1f2255de7e10f0102b44f30c67c8e07aa23aecd3f62ac8a24f9e8f82be61b539e288d22f8e05e914c191877c5ad1a546415df68427f97576adcb8d428ce7ce2c96acc98fe0d6dcb42049206ee1679f037955cbc12be9ae020774bea675b7c17d0033a60927f75e87d9c7ca263a5e0ed38450af657a81434afc9b4f4a14f02f82e33e17e7f61c276cc1e630dd773547b6cd78231de0895e447235cbac4b3a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (36 mod 64).
+# DIGEST: ad2b43eee27e6267d8c5c1c3d558a07dcd6b1f5f
+KEY: 997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef45
+NONCE: 7b9e5e16dcc5b6f25607f00d033fb95f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e
+AD: 0cdd46be99371eb8da7dac
+CT: 67466a0bda0815f726cd09d159e06088b2530b73775a8c18eab2d09ed7bd12b743b0a10345cb3126dc14d8f5c503b65a45467ef9b56ec7c5b24e5548e734d3f0fc90fd9c8019fc782882ea6e72f4df5fc6e8105e79d12fc588c9137c758995666f480dcf
+TAG: 24b828c3e60182873556d7aa85480180d7cc42ba81732058a109b5ecf21f66f1ab580d18f70604ff31dab5a1bbee007d213d2fc7070e3377aed31399291cfad53a334bad7c1c61ddac5015d19cca020dec137fb76472b1a595e0fd5dbdd127b3267521aee32fd12c1f54493d23c27671750776f8937032b9164ed78bee6b8234972634fc7cb32cc0b7f6fdae850110d1979e380b4578b8747de6f3d89bb66d546949ac94e49b0a460c192f98373e2359fdea2cf2a6ad4d09199cc145fc537459d73f48d265a1cdd458f306e3596b2088f233630ee0a37a5c2c21a76bcd47871a7954cd9bf911ab942ff7221623cc7539344e23dba7b0aea370a7d2e2383a4ec9db06a8123016d73b4323d19a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (37 mod 64).
+# DIGEST: 3dcddb1e4f49633e7b7bd36f4056d16c53be7f5e
+KEY: 7deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b
+NONCE: 9e5e16dcc5b6f25607f00d033fb95fb0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0c
+AD: dd46be99371eb8da7dac99
+CT: 34f8a83c831f374e77c5601317b658e47091d811285791eac2fc59fb06658c115dc875c80b1089a62fc7d072534617dc81dc3adffbbba4b9db2e7272eb0b8aea73eb9de6480c43190e239fc300377f186e4659b1f239906614865f10444ee64ae77ccf8e3f
+TAG: 4c975e14b038359ddc06d23ea5a5119eeef3708347d7de47875cc88138b79d5c644507363c0a951623f3c26f8dffd51a2a282641d96ff107fc69684add9e93c56a7d29c8e097dbeac0a56d7afc522b7f5c921cff17c6ae4c7bd456bdbf95c052b18751e1c3ad9a26517c29071361aadf06740e43afb13762b4bc2a80aeb5e042259a36cf03a208b8f6162515fdd3623343b127655de069d5eb8c7b6c00fabec02186cd39bac62768303dbfed24cb20105c7d8b2a6b2c34d5f4472c6f372a841672c1f7b405d70d05c632f7a53997e3e4e0aedbb05813a8712dfcd3c8df4fcd83971cdb81538d2516a3a4a9372dbca6bdee43a2ed77309076fdb367fec85e5db2f01e59d3cc188b67f5edcf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (38 mod 64).
+# DIGEST: 25b982a242f669c013cab1c18da425330090e3cd
+KEY: eafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e
+NONCE: 5e16dcc5b6f25607f00d033fb95fb09e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd
+AD: 46be99371eb8da7dac997d
+CT: 2ec0aab31fbb036bd2af5ce39025ee2d5591fd525a199f2233384f52a8746f4fb547843c92d1e4c9fa92bc268174d4a59134142f14e8e1e277f1f1844c64f76dcd20f3b73dfec8e9fc59a639616fe4075a4732dcd3e1de806086239d2e09deca0ffc081f2ef2
+TAG: 3049393a7f477630782378966f7ed4d33451da6b00ba751aee542cfe5aba67748a46953b578d0fad0e37b5627b4295a4f44b0c28d16e300888c0c8db965c14c23310279cdc9834d2ff9ec85932b7e341393fa3b6661bb8d3ab0cff6c6b646d927626b8710d3243ad7a971efbe3f6ede39d8b9f77585e4565a8b07917a712d85b846469807e94f3073097a69c30dfc5f92fd88cc36d3a5f670155aa98ebc80112db1fd1db0685261c1e7711d9c82a73dece8629a4025d7837852749fb8ee1489bacfb0bd8fada1389fc31ece84558d5732c9b559db32d8a498aafdc0aad020240e00f3fe22c2932924305fc1b3d648c53b9fcad835189b41a150ccf234988f26eda2655054c395924fe50
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (39 mod 64).
+# DIGEST: 9d7958e23777ff2472f5a24dea5fc19c151dd921
+KEY: fd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e
+NONCE: 16dcc5b6f25607f00d033fb95fb09e4d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46
+AD: be99371eb8da7dac997dea
+CT: 90712d5e3edeed5000c62ce80212d41773a393792a3a8fc62a1cfbff38b3555aadd88f0e36f93c8a12897d7779972b3e42978cdf85da7a3ba2e4b261f0a0cf4e1edaf259849e87133a9c057e5d3e693a2a181eff1f5d6f84e0679c625ad9a0f72c47d607ffa453
+TAG: 90b31128a2f6673d25ec56c9431584416b2e8c62fdadf580db2d5dd2ef8fcff5da4edfc09685b16db527abf1258b82c13761e41e41646479c833c8606b438a53fbc3718bb5e2ab3d9e25ee8862ff2d088aa5b37877ce5bcedf184713b2d5acb8408bf2f50b3041a0e582230a1f4034b6eee294808ca78e605b0461c1fa383b8194a30b3e66ed58c1b30331a97b3b87e12d2239f8f34e632caee944450e99165b9a317029c9f658c7182cfaadbb6f52da0f8c4f3fd73959c58559404ff80ea3af53c4430ebf2e41197ddde0e3d380668b4e72f72022e3b1ead76284506cfb3a20b9bf6e8425eeb89fc5582f4f1c6736e1185452e87133cb1e8ec045d2e40315fcdceb02da252a5cbd3a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (40 mod 64).
+# DIGEST: 09e9eab51bcb9faaa3bc3e473ff66b06e39653fa
+KEY: 64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16
+NONCE: dcc5b6f25607f00d033fb95fb09e4d00
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be
+AD: 99371eb8da7dac997deafd
+CT: ea1b542c224788ae66ded1b3ed9f9e35708252a1cd1d4725b0a187b669c51d282776471be5a07f256faa9ff16fa4248c629a4bcd31a9dfb7f260d9b1cb62dbae424624fd816bd81f781b93ca9dab437b5e0cb64a37874b0117cf7b96adba2cb7d75b834adf572d99
+TAG: 1e6a782f455ebe54ce2dbac88683437494c4433ddef95e45bae93bfbf4b1d5d0d2a459e9db88be408428c47c256f73d42778e42b936dad9ed773a02d0e7298c22b60280cf1b7191eb7c8fa307076f5129720bad5961206dea4ea1a05645827b30ff3bfb6066db13a2f9f1bde975c80ea902e9e51e64086ea4641150c531df51b328de057d850502fdbf50b4a1295d170c0dada86a0209d2026501f111247b75826953366ecfee0e4c3479040cf27370de1711a73d0ccde18e218b9f6f6aa20e0a8cb0fa4aa75ee585e96a0a0968423c86b35c899b5409e577e093c36d18149199b59caf99f19d1163c31a0d3da31b8c5cd372372e2bacdb2b03ed28605e346cf794872e096ae048b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (41 mod 64).
+# DIGEST: 7b17b7cb19107af8fc4671420e461060e2ef3e61
+KEY: b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dc
+NONCE: c5b6f25607f00d033fb95fb09e4d00d6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99
+AD: 371eb8da7dac997deafd64
+CT: b1025c9eb02f72e5526ef641778aebe786c2f85961997f1eaa090a33caae3a9df34da7088352a2df7a61eaaa026dadbcd604f5baa3a0de4fcbb3812816408d61384984141d9c78f47e725e99cea9d52f73cdd5e2c3961b035589db1d2283476006a1e10a992d499762
+TAG: 3f441554acad8b8f9565a0a69a17d231684a6293aa032e140eb41ea302b45d0e2e36e62ca23e981f98721a97ec02ea946282e23fd4838dd07b9a8cfbc069d913226cf543235541dc1a8881394e9cc0999c63b543e5ab74c35436637578148ff48bca333734d768b15a6e9535a69705248f28961e50facf4e8bc0825b7d2152cb2b85ac2e767b6650376a677f4c7e76521c790d59d9588e54deb9cda034551544ba80cf9d11a9f589b7e8980e6ab95ab77848e2bba36ed85afd9774f32bc9ab9173db20fb97a53d23091add97f16d8ced6bac6399aa089718d8bcc94c13b6e0d08e805b7fa252e787958d4780d24d812e0ea0df1652c04ac325355be7b21aaa97c2749f274a31c6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (42 mod 64).
+# DIGEST: 48586ad2eac603c136911b28e2c69f101a8ef371
+KEY: fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5
+NONCE: b6f25607f00d033fb95fb09e4d00d617
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be9937
+AD: 1eb8da7dac997deafd64b1
+CT: 10623f3b3c8888a31cbf51eae0989eb3caad5f5b786c13b41c04e0b6cb2641f850df4ebea610a4d521557c8f987ded40e9702503fc4ae62d1830a0f04d168888062f5b147e858a134a4022bf2790d81a89133aee08a34a704f152cc3cc763c21207d2231109e0b71a801
+TAG: dab4bcc473354bdea1e31b926a19fb97ce2c8b47e76082bcc93a1db2707b67e4f72b18cfb728232ca334bfe9a4a55c347777a25b1a13ada600adfdc4fd57275414b3bfdc9613f300b4b29fefa8820b5c8989bc79db1bcafb69b0d89f7624a510d3a1597f953564a29367aefdaf36d238b957460f50b71adb5f85e9275aa511b7118d2310f5e3cc2bf0c21b0be6e6adcbbb24064a760b74679de7fc146a00014f36d39f59df902925710de6397bf32f5d108902159755feea57fb58a7bcce680babfb90e05a8d15c1b42a3b7d779af99e3cab04eb59e5ef45128195ca17bdc25dcaefee874e919bc8edbc8e28e3997aa396768ccfcd25e59dfe27e46de35dd101c38f7e48bd8d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (43 mod 64).
+# DIGEST: c37456cfc543ba6e5848b9b8f4ac5a58a104b521
+KEY: 65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6
+NONCE: f25607f00d033fb95fb09e4d00d6172e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+AD: b8da7dac997deafd64b1fc
+CT: 60d4a0ba2caff08ac046349b511017a7c5f5537eff0bda94bf838d50c14d59426424e4a8f531103773aa0eb9d242a9e6f2ba5002ef04aef8144c8a88f05788fa5fa1ab1cb5cad84da0d31b280ff8a55c2e8f32f39549736bb055169ad5ae93c02561006a3f13e65094f7d4
+TAG: 140431d7b2bcf5139b7c9436fdfb3b44834ca810fb478eb0aaf7b0e2c68ce434f05c1f825b245d9fb4af48056925a50315b9f1b7d340e5f797dde4f460ad3c526853049976c0f680b691b28fb79d61cc9f7d8a4b28ddab1f610ac6cc44b91d64275ff1d26aa2b5ef314b1f280181cf72cd8b8fbc939a8751538d85f7fe03617a9cabd79dea5e64832d0b4aeb4893ac35c0d9f1475d928e3ed40292687926ccf5f9f76f78e00f217c013a12e38686423dcee930366e79950955c07399183d775c7030a50addaa42c7aabe5d8ebb95611f3c2f68be067e179e3de60d45b828d54bd6be07948508ff8a9b68abd944da07a484a8b9bfd4be1a22ff006e578b0c43c2bb1359d012
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (44 mod 64).
+# DIGEST: fc113d192686652653a15887974eb1f9b8e32248
+KEY: de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f2
+NONCE: 5607f00d033fb95fb09e4d00d6172e78
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8
+AD: da7dac997deafd64b1fc65
+CT: e59fdb3d1413cd6a1098b5daf1662c698076996e2581e11a286e5acd6f29d41ff9d04da8308ce7f5defc52be0b4d1ee96d8e5f4eddbdd5fa9894e7d1b0a1bed483b7e7549e1c10cf5b8ebd1e7f1177972ff061cdecdad8d97bb0308b19bbc2c84d32a41f4c2b7e58721349e9
+TAG: 6cfe1e101e9b8fd2b209a30c0c1127e1bc8a51b8826c64258b573711f4af7c7e4ede036de4a94d70e17695481424907475180c7899a982d7eb94536a30a57be43d5c6b5e9c34972e61b9356a9338af6e8dbf27c920edc9bd02ed5535018d3b3e3df45664f4c0bc01f1876f36338e85b4a127181b42f7cdfa7a4da5a6c249f1bcee2959e25d0fe17717b0181c026ca814cf21d6af3b548435df052ffa0a0e8f74b8c3f7bb37a6b5bcd2b3f2c0e4b24daad586f7b59996072f82c123aa0ae66d3f6bd9980e8ea0312ab9fe0052e1fb3911e35d880f1df50612799033c384f4899f69714efe5df2727528f7b3af6d69e525a04375391643febed777fe3fa3807a73aae666c137dff28eb3b2ccc1d07bc665094d33c4
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (45 mod 64).
+# DIGEST: bb6e5b5be84ee383caac0378cb6f541726ecf61f
+KEY: 39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f256
+NONCE: 07f00d033fb95fb09e4d00d6172e780a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da
+AD: 7dac997deafd64b1fc65de
+CT: 9764272fe16e12bb42a8f2a6620e44d4f202c21d51692e2948e2f4e4a18acf58a12d399310f15e78bac1f5f2a48416e5f4262ab9a8480d9f1429e5e9d15d81df0719f8db8d7ac08da696048e8a048255071ba8926be1dfbbcf53e7430862f64c891edaf772a830fd525aa8796c
+TAG: 2cdb47ae25d087c752c007dc8b83cc050b53376aa92e9bc2c46d05ac7137dce0f70ac601b76fe40efd84be464015b5397031ec3e394f880713ad10727d270730e469ca30ea5897a84fd204bb14a920c4c1bba0d27fb154cd1f8277fa6aab1f4c743b52b51d09657b80398aac269f57196fdfb219d745f53a72ca08cfaebd736e7d016806d68e5deba428b484d958335bf03c0ab713b9a54b9a5bb4f3b82b76c45d04b5b6141aeb7271d0a71ebf90ba74b27dff1ece371f6353b8ce8615475a1b82c3276569b99de52b7ae5f27cb1cf9ceca291c1922382ad5260ebbb32cf995772eab6d6213d2e4c438909f691a81825c2adad290839c08566e5cfb3c13de4ebb016529de5549a9ac57d2e76086db82a3ad881
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (46 mod 64).
+# DIGEST: a27799fc2e00e7abec4c5939451a834c4606cf7a
+KEY: f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607
+NONCE: f00d033fb95fb09e4d00d6172e780ab8
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7d
+AD: ac997deafd64b1fc65de39
+CT: 9b6a8359acfc5d15067e2e6d812727d768f44b3edf4272f57fb54db41d95153fb03d7a7b3371e91c4be80326f4d70a8f2ac1e867ad3772901c513895e694214d6c0fa1f431aeb016ccc93faacb4950082f0cf00d3a5879c9a4f3fdb281e911b40d6d0a84b05f4ce32f85b1657d75
+TAG: a3c72b69369cbf0d435790c97438a38109f36b147943b0629b1c2e4926e831d27155f5617f1f884af2799774b69bf0e092d29158fa51495e132b206cf51156c2116b23848ea51d684808d5a291b68f57250626d2190a7c0779512bca6ed44e619d0f7f8bc28e1c9b729514e12e7cc08e8e8d72bd1ae30229e56fa7e3246dab29e75bfc866a2b83c48036ea0296dfad04357ed990aecf6b28a0a3fe7eaed48f5fa59202f109ad0cfe6aa5cbedfcd62eeeb15df7be0645e161ee6f7f9dd811c98158de6534739268757a1813e1aa6c331586867acc75ae410c371a81cab835fcd928519d9468ed61fb5d7c191807e613d40fe174c8b33a400baea2e96d9d7f1734dd11092481e71d0b0c0c86419d5c50cf6e18
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (47 mod 64).
+# DIGEST: f30eaff92a640a397f98e6803623e8d1f0c1fea6
+KEY: f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f0
+NONCE: 0d033fb95fb09e4d00d6172e780ab8b7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+AD: 997deafd64b1fc65de39f4
+CT: 5818d2a656fce95d7a24bcb216f4d6b91d45d58d6ca2df5c9d6412d917951a9f61ff07fcb6b078fad69862aace436194f86f309373452e813c461fdb36a95f575fdf0f784ffa0914f0c0ee0c57ed1e604ca7a7a4b3d20c272b3b7f2e65b18c1abdf8c88e1e7e7dbbe9569eddfb226a
+TAG: f6bfe8a461cc83a7bc7c5a39b6c521ed3e0ff050a6b01999b2710e0997e1a36a72c11363307aab1e4d921e9364ce826419d15b3a14e251e82bca615281c19bd243a294365492b11567341f13f14764e2b30ebc8ac4d313047694a884598daae76a45797f583a8279529e9352c8c13a06510ece3057c0936de84e6c292e3266424eb9aa4b7e5891fe7180f0a31580a700a4e24d7f1e53e1b69bf36a7c0db63473566920565cb9a22a47aad6afc8910a6b6019a67a092ae814c0260f2fada1a6dc44c5447217b6831457f66d7a2ecdc9187986edbdc1c68e573da33daee7fa2ef3adf4b6179b9a02d31c36e4505d5829ef30058ce5d09ae42fadfe4f66e894c36d7db467ec5ef508e26cf0724b261235579c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (48 mod 64).
+# DIGEST: 7227537c0113a9f46f7d332a0b37ee5303483d00
+KEY: 3541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d
+NONCE: 033fb95fb09e4d00d6172e780ab8b700
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+AD: 7deafd64b1fc65de39f4f0
+CT: ad0dff8adc54b5f02f428915bfa9f7277e4743e72e1789dcf552b91cda03bf52c757a9cca0655550c944fd264d287bc97d15dab3b986ed34637f45ffc1eb71b764cf5d5c1444033975829f1e59cb65ce40d787adc630e1f3155b2dc32733a75452efc755b6acd2160fddb9a26e0c4587
+TAG: bb5273d6920ea95b43efeffc99da0dd48a556e357726fe34dad94f0257276f3ac759c16d9b34dd86f09a37bf48227d67765efb83d001eb8dd87636ec32860226db118427a7c7367d53cf085ff86d05a8f35f893a044e99ae5ef14fe490eb03aaf0b97581184956211bd19ad09c9aa9a064e305abff0c654006b8db861c7956ad6cbf46aeac4e5f5d54539a9dede2ac61d8f133c1a9fd2b8e23ef5d2d3068b42baff87faccfd8499cafa30bce2f30e2c1fb203acf1378d0c776f9476ca83e4973ffdd66f2fa86105ed83701fdce6ad64a824d2317f51443c9dd3c520327c7f3bd99413d832bb1b6b70655d31c90b7bb23a1957a146f6e0dd1a272a04e833e0b1c84ba2b09b0c1963ac17350292646566f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (49 mod 64).
+# DIGEST: d76570385cb65d30c3d636ff25c5efeb8d1ea08e
+KEY: 41a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d03
+NONCE: 3fb95fb09e4d00d6172e780ab8b70043
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+AD: eafd64b1fc65de39f4f035
+CT: 8a1448acbd769e42bfdf00ddd801153db3202daf5ba7997890f5f42a183d3a66faf66d899c7099fa99bbcf5b62b6adcb6ee87fafdd0275a8f625f3f959b0ea9acca88070aa9c61141787435cd60f63e262a80b6aaf931ba554ade7e0fb46b03a318347f1ca84e9fa1786d721b6c222b1b3
+TAG: 7bb49e9f481b45b543195956ddfe975cb63203f4b68b50a05c855d128d311c339676c1b6b38ae280d0731f613f9ae4cfd1945e302451f26eeb379a1b610773750e3e841d50e16da759a603897de6e84aa6733252cb0b6f6539e1a5258751ee7c0a45aa9296c32322d6a465a42e4017f44814fc58402cf561deaffa43d61396d53077cf089cfcd42b182694d286a97f99b65e5c43ecf69898c036381c6dd9657f2cc08144b28e9ad9a00ff10fb0ad3b26e92d8d65cd6879b11ae50f592407188e46a3342308ff9316c898b09648f71513e09367aa2ad5d93f87e4b2430ccc8fba9825c0407135fbf65a0db46d491059f71a989629dbfb1adb10e98d02935fa846628e8b0f8dd01991761945c5e84f9b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (50 mod 64).
+# DIGEST: 170369666d1f2337b29b5f14af68d47910388e7b
+KEY: a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033f
+NONCE: b95fb09e4d00d6172e780ab8b700433a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+AD: fd64b1fc65de39f4f03541
+CT: 0fca069ff1b260179dd5ff1124e557e97a4cc41e069d124cded05275d37913efa220e1ed4768bd04d8e65797040856b686cfcd5b772278bcf5fa64cd8183ba8b7724359804d609b31fc31514a4ed43d84de929d99e63f12306bb497e8ee77648be578ee74f1cb2a09ab32b3ecb913c7b36ae
+TAG: 19b492f83b9458b356020d7c6343b6967f1ab0328801042379e7d8e98dc3f3cf646a96d7842c83bbd210dd8dbc38cfe5fda9d879285aeabe19dec677fcd389651cd284ac650287f13a461ec23f7dc1cb5511dc529e99a078c2c80ebaf0fdc6704bdc35a2c89c728a061095448e6dbee102f4793932a580a826382a244a9f11c665015675322d514be8b1453ed6be846613312a1bf9e4f2c126d2b15dd8e6ae759f5151528361d10d657543767b05e8c1b79df65aac381738e2f43f95cdc77383f22e36e3b26d0c65f695c75f7ab422864e63c230df313fd8e41b265b5a704b7e5f7c96306bffc1a95cd09584519e2726edf93a9d2871b9fddfd7983c81812653152c3775df228a542f06f359bf26
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (51 mod 64).
+# DIGEST: 7c52593d1d37b0dc380297231c6cb7b64e04c493
+KEY: 1be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb9
+NONCE: 5fb09e4d00d6172e780ab8b700433a95
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+AD: 64b1fc65de39f4f03541a1
+CT: 8cacbae377d038fe27b37fdb253f3b136aa38660743dc6b4778ab16940a9710c8f08970164316e26c3b603140f2f43f62a88d021426b841baec29fb11a3d8735d0b8c14d133a825e1044be5523932ebd65b34433c083c2d77af313a240b1eeb52391728dcd04852fdcbf9b6f89502dddc317c4
+TAG: 85c893ad99aff613e6f95cf9c6e9045cc22fc8fe421716bb135269202ac57803e67682d09f88ae5970fb4f52e97a28efcdfe0a359df79a0576179a04830becb0551d93d862842c4b5f33c23fc0988f96d6deb37288f96507e432190853aca788d55114946833b6c7c7c10c34a5d5852d6fdb287b9dd97fa6b7991efef4ce66b0dd9f0ed6d112713c314aee9c172675d86c8f52097362f3ed4356ef4309da510a6708f32f24549dd80c9ef72018d7fd90134fa2d1ac1b9858ceb9b382b263cd3dbf697aa40f875eb502d4f128845bdaa9a8b4fd07a31b687bf4a1a1bb4843e205a9ab2b33a3ace650f96935b5f6de6d7577deb9ab68c4295cee108b2f4aed1f2d2fd167085d2173e2e854559222
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (52 mod 64).
+# DIGEST: 09a1659100052d13bebb4defd7f54f975a58ae2b
+KEY: e112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95f
+NONCE: b09e4d00d6172e780ab8b700433a957a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+AD: b1fc65de39f4f03541a11b
+CT: 06b44584c9ddd267bf03aa311730fd0c4d3461678d94b4a794eb3e90b9cf3113ecf0ce0da8789d59bec50a1fd1e08ceea4cf9e00b2e0423706c126af7a3031df6cd82a7bcef877b413662e731b5a74ebf68f781eeeb79cf760cebda2c5070dfb992007716993b0213e822829e23f448a7a5ed880
+TAG: fd65c8c7f6b7795ab5792332f6329c1d606b305f3de89d9e154ff7232947d8581b6666faa823b9ff8bbab2cea14c2526b0fceb5ebaabb79ab4cea0bce96e9d1a3f556d7d2d83b4ce2c1ebdaeceedac3fae6fb8f9869f7c136d47a1ac93c7b5b5ef01f8e56602d808a39b40f069403eab03498959b53b8ac0bfb72f0c5b5063c063183b43d60a616325439b0491e2f3be59f9948c939f533c3fc0923028babbaaee977cbb05fc44f8cf8ea37016141d464716a875ce4ad096e247ee9081a1ae3448183f5412d84a6223daf432dedd679bc3f167ca5dade21fb2cd9057189049e730df47b409a07a8b2c727e2ce04da8e3f02ebc6c2bd528b7726ab803c5fc5dd602496f78b28474ac87911bd4
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (53 mod 64).
+# DIGEST: 230c3353ccbd95e4f0acbbb0073053a0186f833d
+KEY: 12a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb0
+NONCE: 9e4d00d6172e780ab8b700433a957a74
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+AD: fc65de39f4f03541a11be1
+CT: 85da88e13f3ca14fc4440ffca7bc837818daf1dc52a4c505583edd070c7cbcdb4642d8ee1ca687037b08e1737a2f49039621823222f9f02deef2c340289af5184a86af8429747ef2f7d98d6aec2af060fc8e6895c2182bd1c479fc6a2e7ecc0390995bafad5b3356e2a795131b0aa7d4ded344e50b
+TAG: f1a1b3f3fcb4cb89587bea4284449bcdb16785c277835bff9083a65ae77ff7543492a1d2710a79b720060ee37954c9719f8dc0f6fb4a75a27bc2a761017ebdc0c81f9e8ea5809a816ee67e731871c476f1ccd6b690b054984a4e74c060fbcdf5dbae743ebe2f72fd865dc1eb96e4e62fca3561a245be1749ace472b312cb1b28a0b2c2d38d089eab44f51ceb88af097627638a3556005952e28212d5c9bbe85c86f89879e55358ed06f28402f40285b97a8046b5479202f28218c71f98a4020ca5d53e16e91ff8387b16cfe6bc4e81c96c44e7691c10ebb0d37686e608773cbda993b816ee3b15c4ccca2a22468b186f8d29d853b945bd27ca0fe3e9ec55bdb9bb4e5477e6f89914e3084c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (54 mod 64).
+# DIGEST: 701e141608e71005d32dd1e29cd068aea736c9dd
+KEY: a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e
+NONCE: 4d00d6172e780ab8b700433a957a741c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+AD: 65de39f4f03541a11be112
+CT: 10ee64784345c076e3f9aaeacc87cd51d6ee0b0facc9f40b4e6a1b4bec669ac3c5252c948b0c0a4d8e798248e6b10ee247e51c81793c2be91aa8c9666e0d8774439ea159e4745014bdd2e9f379ba461a7e638cab9ba2aba1498397044edd3f271e2b4dbb5990c383167c9191ceeaa8239aa6391c4b27
+TAG: ac2d199535c4d2eba150702b88740058f1e834f89031c3851571dd9122291dc3e35b764eddc5856850c8c59b3caa211feb1ac256b749127bbf4ef56ffab65e3d9eaf438b778e5342a67ee4d876fd3e53aa29a532fab39d0c57e24593374e2adfb22cdf0def5d9cbc8701c9d6a2cf23d835cf75236069ab2874b7264e0e0ea9dd785b463ed8a6cc3cefc3a4c076e5f0d047c7d60be677b7716bd123bbf3daddc0cd5eed4d5c4f0f6d1c19c66e0b5bee5d58d295c2fbe6a164d464b173cda057094b983b2ff974783084a6cc4ebd9644f3b4426a3c157352b70ee37a2f1ddcb85936b0c38be4eadb33bb9cda7108c192597421bce5e36cc2bce7b65868f28adde738fd3bfbeb15608b4dca
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (55 mod 64).
+# DIGEST: 9aaf96b472ea76fd9ff4adf56dab5fe0400d18d6
+KEY: 2933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d
+NONCE: 00d6172e780ab8b700433a957a741c9e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+AD: de39f4f03541a11be112a7
+CT: b90220b919dd02b216aa2eb7863372a645b09df88645dcaf138fb73d8896e39aac5a1c2f0535385e15cb850a6febd5d6ea9f3fb573944cdd5b30cb80aff6b73a173ffd7c85673248fab94e3b9544930cff59f52515dcc8ba39b6f51dfd0487bcc9d28773e91c718afe8399d652acb97552b1909335dad8
+TAG: 4db032df3ebf850528a308017477a21da23178403432b4714c1da01a253a635cd2caa77467597e9b8c589ef3e9c6f5b991329b97bcd1bf1332e03638fe1b157763bc41e4f6e78c05a5ec5f83306e3b5e8bd96c9a04aa83291ca90355a3b96a8688cb93ed9bba3b8688834538d1e8bb95a0cf431eb7b849d87199657a402a0e1e5ef79da8c1895cd454c440c57cd424977f6bf9e2fa133d916c8772e447e066ec2cbe3d0de2a7e19f06c74ad5794e5eaf9119fdb70665c07ab81e7d72371d23a4c96290d2da60bc7819af4d60ff4ba832daf3369c6198c45f0ca4c974dd9b4a81c0249706a25b23fcc0fa13271d0f00c6672a06898b2b833ba3b8cbd519e53939f0da6c09f288bff969
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (56 mod 64).
+# DIGEST: ac6871d354eac507556770d8b6bf10b5240273ed
+KEY: 33c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00
+NONCE: d6172e780ab8b700433a957a741c9eb8
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+AD: 39f4f03541a11be112a729
+CT: 9807d89925c67a45c8ba18cfdb817f5bbc21e58c10f7dc8c15b70acd97e8b97e0393d5948d51a65f6f092590b38c845164e6d2b49288bd0f73c4f4b551b362470638f51422dcfdaaff5e8aaf80ff715f3f597fb9385ca18355b8e98d1de17a303d019f7d4b9a3acd07d257c049fc16134c53e1350cfb8c28
+TAG: 7cd3491b8e157876b8091d2742f673196a25077410036ed62855b5440eabb10a01362a8e7c06658ab767be26c43a6eea3e354ec867de2b7b6ce96a4a951696051fe1a76a694d330eb56c1752bb2f866dbf6c1e85b3361316631c7a4a277023fe1d793ec4e4416c8db3b7e8a157e33438eba857e2b54db84e06006f83d93284714dc76cdf33da3d5adee64de2ee9feb689b9d64ecb857588c60c6e8b2eaa3999dd2f1cc2a6727cc5a50fc3902124055705eb726f0e57830732c85bd598519ace6cc86105cd36cdc7ad7f6868babe314b69d33021cf9931720aaf765d5f61e41155c7572ba298d52f3d61b28e3b5080c124821e1a97d1ec78eb5decd34a69d054fecb1209d86ee7779
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (57 mod 64).
+# DIGEST: 050258d6ad6bec54f8bc48c7ba2d669d6416c11e
+KEY: c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6
+NONCE: 172e780ab8b700433a957a741c9eb80f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+AD: f4f03541a11be112a72933
+CT: 8d69a3691570f0d175aad5fb77a0e9abd3f882b10355a08f0160c113096acfecdbc4ac32f037d16c2c4dda4bd3325c8690bade6bf39b14435cc11ff575a3d7e9f7b09b5b40f9645d9a5dfb44f42304d82298cdd866e957d4ab64374ffb86879a9339ea892986ac706bd2310927aa2bf27dce3bd6012591cfce
+TAG: d754d4d2dcae21dc4a69c8e56ba3925f9f3ccc53278cc621a0ec4d4ea7b099a289eff5599f8bb1555aa9fddae50f04b5567ca7ae4498e1716f4243932934e2cec1434d4780184f0af1d0d194cf848671e5b0d6982a07b5679826f124c8f69f26cfa37a0105cdf15585697c75504bf8c9c04d583db189cf2dc2dd345aa926d440997a8d76f6ed12a19f2d95a2727fc4c0f8786ac3c50896a6cad6d948712e4d72a44cfb2fc9dc753dbed91f4fe412db6fa5e6b548eb1abed87e3b4e5d808ab4ce11f265efbd4af8e0516bc412fb9ecc3d69ee68bff6b12f3987a585670439ced09a038c526bf226299b0628f6db003a21eb5d943ef84e90f133dbb4c8468f555721c76da689e8d6
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (58 mod 64).
+# DIGEST: 70060f86c76e53512933c09deb5872eb23efad67
+KEY: b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d617
+NONCE: 2e780ab8b700433a957a741c9eb80f2b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+AD: f03541a11be112a72933c7
+CT: 26d675c591f287b26eb35f87231624e454c4aca1f25491b74a252e971c48ca523b353b4f6c0106c1b3b40182eddbaf7ba47263790c3b22d23b09458d48868bb18b2fb01bdfa965f7c1b211fe02f9b78959b71e872ee05ff3baf548a85797270fd43c9db1f9f97d3b60c62c06bccca0ece2b7249f3c0dc6b04aa7
+TAG: 864b50299da796a664edb8e1d0bd0120ad31405c47919c288884dfba933326b03eb399c634fa77d611e613e958369aa3d9a563f421cce3ea87d5bf2e179c20e5218378cca347fc18b87248a66810ea08806f571f1e86bfde99d089b06c3156cb6f2427503cf03e39bf3a60b1d9542a3789b657956ad925754ca4a369b05d269d481d4cacd35ede8684623ec9fde9ee860ab12975bb1386470e1221d2b2d1091c7a41754b8440740b4878fb19c65ffeb2a120d84661179e07672953243a09085f0d21265a5476c8574bc49e30ba364fd9d7f2035ba1222ef9c6bab7d1e68211c1a9425a13473f692b700c242fb56fe77fded75312bfdbb7fd44a88ab37d85d640e883ed1936ef
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (59 mod 64).
+# DIGEST: 58286fe273bf572a76a2725933dd969777c303c1
+KEY: 4ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e
+NONCE: 780ab8b700433a957a741c9eb80f2b02
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+AD: 3541a11be112a72933c7b5
+CT: 9c61bfbbd3e8395be166b30a56b3e192748ba3bbbdc334dc3720206ac10c90dd777aa4957695bddaea0b7e554951c94f2f74a2bb7547ac20a7e357fe249614204401144fef61394c140553d5566c18ded15e0fa50fd5836cb725d277fa46210eb588a96d7baec9e2c947fee1b85cbe6556cf23655132ea72dfe4a2
+TAG: e66769c0cd9a2448afe99faea0b64137f4a902158d6b11a58f4bff98df8545e0ea23a7f7127b6dd76e3a3ed43490b44bbcd6a7321e5edb819e6b2e163318ead19f5a306c7b0b137f3b9aca44c4ea070ffa5712102b3f1dcec5c660b494e8f3d809b3722fee1e7dd29cf771613b68e45733a9e66ebda992930d32829d31e61f2217e41620ea4e621840f0fa7f7b8762e0ca509f0eeeded7fd55727462b045e4adff507f3dc4389d9397f0429bd17c2408ed60e0d94efad4936fb55c359052a6a88c056e7ec1e4085f4a48b125bf9340e57be98b5cfddc3f9d07cd036b0b78aa205fdbdc8e9c511ce32b6e4c9dcfe5722fa13f9d8b59821c61ca6f8ef75eb367f4a37453642c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (60 mod 64).
+# DIGEST: ae701e5c8672dfaf728bf0f43f5e5247ea9ac13a
+KEY: d4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e78
+NONCE: 0ab8b700433a957a741c9eb80f2b021b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+AD: 41a11be112a72933c7b54e
+CT: 174bb28ef8ee033bf0f39cf6a5d3c2157ec773078860232827fdb1c875e9622e198a00a50fcc03b2cbf1e4a747efcdecda8b612ec3ebac650a7401b4b204185e4b42306d544e3f6512b87bf36b5f55ec0bb4da01c36aad92a16865cb852e1a5d1a86d3d57e6336d4376e8988f00162de8b238cfe36916d5545fa9460
+TAG: 726c9d0511e81f69edf9bbd0397f4c3c49365418afadcca36de0aef99afbacad6dcf042fa62d405c9672e5409a7d28baefb467b7c153a3ed97bfd2b8be9b96e42b33703951bcbf04dec12d9bee63f5f30d2e57ecdcb3818479a163bd2a1caff3a327a911bcbb50bf213b77cdff340c858472223a71d4f15e029fbb800b81ff375d84d4c30ceda7a2c42267e1cf43dfd565c8a4a842556d577633857204af99ca35ca3c28bb02a7dd9ab224ae58938461af1e2bf64492fa2a18b4224ac3ef671c7abd9b6e266a0469cf3b0283b3ad6934240994f1b2d43b35d77e0055e0377c43922527d93426be34191dfd4b0a4296a078d128ea416be209b15c557f5da675c705ef8d1a30ebe78535434d2ff8bd29346abb9bfa
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (61 mod 64).
+# DIGEST: 4f498d0aa9205160827626ef80c163275eca1f78
+KEY: fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780a
+NONCE: b8b700433a957a741c9eb80f2b021b14
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+AD: a11be112a72933c7b54ed4
+CT: 9b01cfa97c72b5ae8befd0d357283a52f6b8c5d9292d28f61373334280f815d6b69f878936738cebaf6fc84d20baf51868eb4d2ae08d64e724beea1887a76316acc955a00b5d1230fb120bf7d51f74fdc5f332521c59406bbd3161987c6ec49ad946a6a51755796de19830631daf69c78a847d2e515d409a7b77ffe75e
+TAG: e785184106419b8c7f38061f49cfe3a265e9d4557b9b2d91ecb8f21ef3f52e387643b8ac35aae45594e70e4ad4457b852834718a1456136c5690aa164a152b0cacf020e33bfb33e2f1b79dd23d2fba5adcf22d4288308bc1d055be378eb77b67dad654658906aa3cebca8eadce6127ffe972803bed110a5e301bca0f2c06dfcb7af44275628831bff33807048996115d496f4f13b479f4fc1e8f2ff0991ad73293e789cd909fc0471a484ca11be8383fbb4d9590570c275354cc89a872306f4d285561dbc068c98d2989dc4453b97cea004a73fe238924c321d3a77063c1f20890324ae59860bdd3f7a70a7c21f1c51a790f37305719527a20b879e56b65d38799b899cd9fdd7edafbf456618452eb4fa37cfb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (62 mod 64).
+# DIGEST: 8c043825b2a3764e8a0cc35a011696fb3ed03c2b
+KEY: d0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8
+NONCE: b700433a957a741c9eb80f2b021b1444
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+AD: 1be112a72933c7b54ed4fa
+CT: 0b0133ac614de667eafb516e1fb33b016a8b49e558f335eed239d50ddd13a4152f1570269615a243502fe1c6db0667a2de7975120ef65186f5af83821598ff45494e943acae24a6095ad46a498971f7b185d7784d451b1260ea478c03babf0e582a8a777cec20905821267eb85aec1a20c0e3b94d78d425a12f2efc4d60c
+TAG: 1d832d65c91d458bf343260419ad0ab95c1ffc09b137d1ad1805cdd648c8ecdaeeaa0ea27075d4e6753538d831577642c92317aeb5525724023beb923c2626bd9536757ab73d1739ed0a850afbaa5914fe94ed606e245274d4d3071201a3d73ea1fbbfb4032e8404c12dd02e0b6cdc38324f4684049e2707f249c9dce0e6df9386b787154ecc3974d041cd6bc5e6d031851247703347bf8324f077ce63ce0393fcbafb4396bbfc9260628f4f82244b77b8ea0ff14e26c2058e0d8b662fcb9d9ef747cacc42ece4777114cd2062e20b8c6d198fd5628b198511274f54964c40f1052d41f68b5d90256e894da5e5ff3dee493f5eb2a7d2a9a88e32b774afe2e0e643d606185c34796b40716a46fb8ba911552a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (63 mod 64).
+# DIGEST: f3a432271c9be858725fd024071c4f479ca9a971
+KEY: be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b7
+NONCE: 00433a957a741c9eb80f2b021b144476
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+AD: e112a72933c7b54ed4fad0
+CT: 8d5b92c78a48ca6049da6a036735ca23b99f9c3cfb97122312e5bf0279d094cfca0b976e24f6b65d81f85eff669da35486809cbfdfd1fd615a5347947156148e6b71a11f7bec611e7c29e19f6f62f94bd7f8b89e54b6945dcc1a7e380e51456a31f1d511bb92443deab5987c3bba266329b3f27e24d155ce685f67c34dd18f
+TAG: 295c8072940df20a1ce3a27f32622fd6cdec5f5aaebee91e6654ce96f013cefc348f1425a6fbd6f42cb4e1e866c0fa602afdb503eda59801d8a791fa7de63d22c080369c6a3389034ff92ffd347ebfccb0dc9cc972f6654eb102f5b12baf864b3514f22d55f28df8d51955a1d338b4e5ee9145a4a85ec87655ce41255a6e91435a1d9e4af613d35bc6b4554c2594baca964d2a58c75deccd36d3efb50986f844ca6cf79dae24edbe75ca6008457ec23e69db9e19c6c039feceda6e1672bdcccf0a8c864e957b7efb1b468b4976a97600e3d03ba9341876e6439117d2ec364d479e0743ea9ddfce7effc0a64b73fa55fb1f57c18ea97dbd03b6391963734dfc459d4efe2e0f609bd51ee0a09faa81065ec8
 TAG_LEN: 20
 NO_SEAL: 01

@@ -42,14 +42,707 @@ TAG_LEN: 32
 NO_SEAL: 01
 FAILS: 01

-# Test with maximal padding.
-# DIGEST: 3519ab2b2943d2a50996628f6c26bea29f84c95af4c128cc3af012bb358ee9f7
-KEY: 481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
-NONCE: b8da7dac997deafd64b1fc65de39f4f0
-IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8
-AD: afa22993a340b9b3c589c7
-CT: c90e0c2567341ea7e9d968dbde46ecb46ad78dc8be7d47672068de66d6e7eae1
-TAG: bc33ca235ae35aad13e540cc9f0714dab00678652cc476d57c543967c39dddc9eb9045fddd9fab64fd564959daf731fd95181a79f4e1d5e98ad446d8a625b68a1185d14f4d17a90a23e9f63e3470c37a367efe6765da9174fcdef198cc90d4acfe1ea34b2a38776fba7dfaca92b99ec5be216e7c196f1a615c787f8a11dac7259b3b6982d1415fe53c5e37c428099f6aef8a13b20d77e482c0900528b10b0a008e5ecd673762de36b1ad38fc33fc5ec70cfb963c62a8f3d8e471e2cc863fc65ce54dccdd3d95fa449378784f4e39a24c3cdfbe74fd352b74fccfde6dc777fafd3dca970e63f5b07e8c53d7ea0f77c26f80c9a62b7d1ab8a5f2b6707ea4efbefd2bd04e535587a7e13ae0005e1e3401935f424c2eb7e27e4137135997e26957d6
+# Test with maximal padding (0 mod 64).
+# DIGEST: 6d9cc64eaa0b3c7482d8431bff6d24c9bec634ef6459d873af4ff97756c9fe46
+KEY: 37446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be
+NONCE: 905d41203f5dce998f8fb2eaad409ae0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba
+AD: 2fd6773e0d0c302a5f47e0
+CT: 7195b9643e0f7a4293c865db36442d4fe2cf3ea2c648dc88cd5636fe5e6bcea3d1197966e800da8c78bcb8830f3fa97671aebce98549e62827adf612e70f9466
+TAG: aecfefa9e983ae857f033408f04a2f4dc9069ce275e00f9c35649716c3c65e9bebbcbf75ea3445ffde4dea79bf5c3d1dc4cd15a351972492445d1fdca03f7834b18e556e7e37e1ee1fe9a3c9d99010fee3a7506677e3ac5cbd5448549ee3a5e7bdd5a7b584767e76f1964a864ad2dad467e35702a5771d960b47f0cc4654a09a5cb4b7336fd43cd4fe5290b15ff50ca286f654b215c3bdbf3b918ae042fc17626ebdae135302ab9553416224cfee1203f804d99804d9653ec2a99a7fbf5d2a54bccbac2ef38e6d58b22ed53804cd5851e07f7cefc52df184a3c9acce574ec14c99a3abfda4f21ad119dec4a7743b384490136e77b1216d0df8b58607cc1cb4dcdbf25682dcdee237b773fe9714d24f2b3531037614585df4f56c855fda9949cd
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (1 mod 64).
+# DIGEST: bb57bd76fe5f29b96ee3f2d62d8f3c4d1c8c986c0991382834046dc907fe1ea7
+KEY: 446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be90
+NONCE: 5d41203f5dce998f8fb2eaad409ae021
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2f
+AD: d6773e0d0c302a5f47e037
+CT: 1d50f3eb1cd76d8e08a9f386db0cdc3eddfc694e8502ccae47ab431c2935fc461254b80386c87690b01c22f38ea9bd118d2e0ed316ac249437a3e9c30f6c1f7636
+TAG: 4b376f558ddf76137f0690dd8eb88720c506760c182e4cbb2fddb2f64e269bbf9e4bd20d1f2e1b8203f10df5a92a5950a7394525c2c36006716d741e686473de9895bbbf47849ad3a340dd262c095263be3d7678734ca7edeebd4eee8d3375c8f552436e3a90c7305aa0bafed0bd42f8f651a38666e28455e335ed58d86ed265da1e9cb77c780d4be9a5674e3bf7b624ec862aa9f5201793cc1cfbad7d0f700ce44d3894ed8e19884277bb1e58fe2ff4d4439163c6642f11f13be03c62d5a13182edc3e62bb72cdd7d0e157fb20fe4815a6803425781c1701d0601153811ef79ecf6ed3852eb87f886abee0e4ff13622b32dd040691810a80f3e21cb1d24fd2dd2b74cdeca38c49a7a1d68d72aad5484c6907a4e6440743a56cb8b6394d2a9
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (2 mod 64).
+# DIGEST: b09802c727f0f85cb590791372c52bfdc2e69de36b9695daaf7a93d2fcf56fda
+KEY: 6f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d
+NONCE: 41203f5dce998f8fb2eaad409ae02116
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6
+AD: 773e0d0c302a5f47e03744
+CT: 4d754c684658bcc89208bcd75f24dc8e18b70a28b8a2201535e60ab755fb20e1ddfa98742d257eadd02d96c6a65f880d058312311efdf67f9a106beff9f5ace06577
+TAG: 261eb376dbb9e82baf29687e823a93bd63961414b1bc396d5fd21e70afa47aafee1103248a9be160a0cc35a7cf05e6a07984ccfc354d37903f9a199698485d5e136648b1fe6adee40b0dfb589979df3b158fd8b3d35c8ab4c387f61782242e23e5698e5f7ebb4e733a63f3282ecd0c565f9c9535df36f6156aabd988e06e754fb3082afa90800af3e564a8d275d9afe184a72d538bd26ca1b4b8c12dc0ed449e643c1a1aeb8b943bd74abda7dc19b2e303a778d348fbbfe221df38d538c921030ce6485ea2bf899284e5bc8329432b16e4562d1609af0fdc616d3bd91688c2655dc0d5b436c0db8e0b434d897687e91a60f749a7e5a6e88e43a16b5f7a4c68d5c8325c260915139d901988ab924f7e9b72bb16020f0cc0c6b3f97ce4380f
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (3 mod 64).
+# DIGEST: 13588ebf114df38b7b59f890dffab8b1a4c85f090c3f4a0e508603ecd34f78f4
+KEY: 5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41
+NONCE: 203f5dce998f8fb2eaad409ae0211641
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd677
+AD: 3e0d0c302a5f47e037446f
+CT: 25bc47e58e7d4f3a417c95768699c92240a2be0e86232a41fe02d64f66716023996772e1118be48e685042f989dcd9cdc574614c9c3989f1885b4b71dfd5b1c323db52
+TAG: 9e72a44693493371870022657655991223f9a9570caa8d43b20b7e567cacc129dcbf03e2a7583b5b494bd6c52cc66ff1d1b3ecb7c39e26efb5fe025ea5bbef7dc579c58c9cc8f272d36b3b596910477d4af7e7105055f7769ee01dbdfc684956d44d583748085de4d2d4f5a9aea177e1f59f4b851c2794e1ee26ef2462b77f1ffb6d41fa793cac4aaac3aa88bcafc60066cbfba2af3a006bf929621350aa66aeffcd8fd7928e50df5dd27ca0831119107aeb0a2e7af5531da7b4033a049180a477ba24b8bd8042c4d30385ca098f9a8f16be6c286811bc036b827576da12beabf69c481a2633f6bcc7cc9255d5c2ffbaf5fc5813c6350f45b8cc664ad18304cf895907ac6c1c1fa5f9485f8d87e0a61f702334db886fa0aedc353fe50f
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (4 mod 64).
+# DIGEST: 25c98c13e308408c882677b48f3a49a53b500146eadf5bbc0f5a240ab6ccbfb8
+KEY: 91d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d4120
+NONCE: 3f5dce998f8fb2eaad409ae02116417d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e
+AD: 0d0c302a5f47e037446f58
+CT: f1ab85a35a17541efb4f906e7fc85e64efec6ab40d59d3da920c4ec09797c3ad47820e9d934e51e3f4d097c4a555575939bfaeb8cfea062b64816a160d6e4d1f282dbe90
+TAG: 2e3eea7d54f2a95572c0dc382ef826f9fa138637df323adf2f64e42a4be6d493ee3d087704d9a1ddadfa34b0cc2c35f4d7802a87fe3e14be035b269c8135e822771faf57a21ee9f892f26e2231a0e4e03b32f2a809d560ce72c7e910ba4c1b524b171bd50a7a150ed327e791e2f76551d4eaac1e53091f5d701caa50edb892c6e1e2c2f8ac0413b864847fc10875d6f702c03fe366ee4971ee4602d078ce648f54b8e71bcd383bc4c3a14342ebfae042fa52f59bc5ad73a51cd1c561ae615fbfe24eda7301794349431ae59fa6a791dbd0691a83dfe1f8cb0fbe9e385708a9dc9449186cd6026f962552903753372934e220c7d5eadc2ea75356a73cd086f850f40a9b83f1e9331009d23785bb5468feee97f6e9e21d2a17a9eb2b5d
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (5 mod 64).
+# DIGEST: 3fb8ba4df90f52332bc7a20df805fe903351279e0424c232365cfc4e62982296
+KEY: d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f
+NONCE: 5dce998f8fb2eaad409ae02116417dae
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d
+AD: 0c302a5f47e037446f5891
+CT: 5d6bfe91cd2273a9b986397a38e81be5fbbcd0403ef51873c2c467a9fbadc7bf540e83c538a43dc0e0ab780a4c4b1f5b77ced74f65b61f8b8b58b26fa3e8cba574bb9527e4
+TAG: 8f360ea3d348aa4a950019f720333de020f23bb86eb11ab2bad10665f2294b914eace65dd890642fe33979f0ab04de5fd00b98757e734cc1becc43830eaabd48d415ca58dedad92d4c71f0b7744b74326b9d1dcc7b9afa134c097fd563bb001d8e91dd71a41d5f906080097d811355c268581ddc1c7698d9a65179526eb8c96bfc03aca614f84aa2c871958e71fcef12efe601309efdd7084c7c02aec5a6649dd7fde231de46b4b0b4c52676edc19edb740b33f8c90885147137011c921336b52b3597a30334319d69d71498b11feb841c09577c2167b58430784a056310d1b264e52af8ae737d7f8dc6431b305afe2ad43640cb90c2eb6fb4d5cb8540ebeed729416c04d2260a6b923ad698541a3315f938ed6a1b1626b1e73ea0
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (6 mod 64).
+# DIGEST: 23f13497afad98ac65bd2a1642935ff7185a839a672fd94b18279ff92202a3b7
+KEY: 7df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5d
+NONCE: ce998f8fb2eaad409ae02116417dae0c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c
+AD: 302a5f47e037446f5891d7
+CT: 16e3c681ba1ece3bdbfb1da491f877e806ddac5f1ae96bc406bd195c9d48bcd4a9b700a8ced21d824bfb99eb057e401c3529818725b51e96c576e8009bfe486610501aa3068c
+TAG: 52e952e88946079d0e7e443f24f113c0c13ee17438fb7c302d82abec8e24524ddb4121bd1f2f1ba18389ea5aaa2ff43b9978425f1795cf3b2b5245f13d74afbce0e6f4107c9478c9e76a803be141320ed0ebd81ad6133d0ba901cfc4ef9802c29dafb2fa0d4b6ec49bde0ad8e359265b9fcdb9caed5c2c3772f2777c8dc59190d554a76d6ddeb67f12a3cb382015a36a93ea747a808feee5cf9abb7dd413acadd6519125a68071f7f490209f2de8049724a87dedfe208322cc01ebafac59d1d7bcc8c2896074908b40c23094a878a0b33592ecb8d407a9c68016a112ff1b5226a0ca7ffc9fcebc4f674b4f13711ee64dafd5bfa757f3820366a26b12f74fc30297a1209c16ea6299841713d46b72d03a12a51c5309317939d556
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (7 mod 64).
+# DIGEST: fc71e48cdc62c15988a84f32ad60aa760b5766c892e559fa1ebd882a587ce590
+KEY: f660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce
+NONCE: 998f8fb2eaad409ae02116417dae0cef
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c30
+AD: 2a5f47e037446f5891d77d
+CT: 9b51ba0eebf72bbcd7a1b8452a49f30bf2d96bf0cde4d9e5efe7f1903eb4e09f53aec649c5a8ad7e7fc6c28a0dcf4bd3556f4377bbf8b3f9c79dffa597869255f783cf0c89206f
+TAG: d94d45b132507172de566b7fafe7ff2f6b50387ba1cb27c2f2d566eeb644490a01e89745aeec464c3aae3fcb240dacea5c13f8fab5e3db55a415052a01e0ea77d0ce06a75cdcbe0b7c83433b33022de91034a18188f7ddb699c55957611f0d1f2fccbf1e8e325d33e50ffde6b62cb153c43547f7faa3934eadc45b5bb18a88dc25470dbe6456ccc99ad306e664226630a761e9673f673262690af6e2922f2376ee9dd486872314d2afa8be11db1baa876a9c0c8d4f2050d65bcebf39a11656760142d0d4d505e2a80a0ae3533608c161cf6f9ed4de850a9fe77a0212bbab0c82b9fec6fd151bf391bc794229736b1a51bdb2b012393ee405f8ac64db7471aa63077d9aca9ab11da3d078947dbb7e8c3935c0dbce060df66655
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (8 mod 64).
+# DIGEST: ff4f42d72ae561abda38963a2713bb743038589bc2d7efa0f3fab298630b9c02
+KEY: 60ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce99
+NONCE: 8f8fb2eaad409ae02116417dae0cef45
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a
+AD: 5f47e037446f5891d77df6
+CT: 5e4df84379f9736d784d9166047003e3ce3375a8e7add80c8687e94f68595aaa52e3bd39a45a7f67d35b4df0c5d62abc81680ebea78d1ec02153833b4dc4bc5112f4dc2b3f14deeb
+TAG: 9772a910db4e6582b98dbcd4ddcf7833fd0e20fb8044161467d80288acdc76685c62394023653d4942a5d1d27e63c12b44dcca72217d43555728199bf2e751a1e17bfddbc0ff8c6b618715fbcd27990a7f94fa7009466dcf570508fcce46e0a807c6892e805aed7141fb4cd151642dffce62f8d9e677a6a5b3f3506c4aab3cf3cac29bf4bc04d8a2379b8ae4d55a3f7b1414cfa7f576f8345457a87f257a75cbe7862829a5b0f9f779aa50bdeaf36ac6411a1fa7ddbba9519fa933a0729f02a404eaeb2c35ba4ee424bab056ee3a8ad0cc5b5199e6eafa0795dab533d062410f775277907f36375ec1cda175ab1b8f8032899298557bab8f3eb67190175b710854f0338418cd46da7e1d4d0ef8fb8881df16f781df7f47b7
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (9 mod 64).
+# DIGEST: f4f7f147b43ea50a1f5a4f19c093ef917d3b92b46e5798e18b5294b0a0fef814
+KEY: ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f
+NONCE: 8fb2eaad409ae02116417dae0cef457b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f
+AD: 47e037446f5891d77df660
+CT: 1ddce9b3f674dfc1b94a6cb34418e6b75c93f14941a6dbe028ed59667404b93afead95ec50b9393a8e0e5f469fc1cbc5136f4dc54f3a005af6c88cf70ff39487dec8dec0a9e6ad33c0
+TAG: 6875fe08d6aec1a18c56b4f446562a523b95c8434fcea5942abbc10f6e10ff7c455db0e80f945f81462a0e689df450630a34a8c9c3379c4494821e762c16a73b029df8e3e5775e78ac2a4106d539a5aa2522dd0a586a974b84bc09e86ffb21f3fc6a0d1c9e1d75179bada55085a3d9f9779c2461f2ccc990765da2450815da4cff73913b224bb946204ba50acf5884f71da7a487b743bfa20a09175a4dc11e9ee6a0b12bba1a7330fb482f925f36532c52a3ead78a8924cd30a1e3053faa174d5acf16fc3e02e0867b921d382c842afe2b69556bb89c853338f6f32434e2b9da81bcf7a237e709fd55ede388b51b2ae62e10b1ca69b4fcbdfa3ac73114713c66eb51fb36678137aa4516530a92e03b9454ca6b8ef35263
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (10 mod 64).
+# DIGEST: c48f43e4386dbf727ca93d57b5b2a4ccd8e1f27b201db03000660078b773faf7
+KEY: 82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8f
+NONCE: b2eaad409ae02116417dae0cef457b9e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47
+AD: e037446f5891d77df660ed
+CT: 6736ca287cf31ea3ec92c68697bfd1f88642e67d9dcab11c5dc8ecfc61611ecffc54a04119f53f9e5476196f220486ab53e2b21e1135bc6745731f0bd32eee9752fe18aa410159805977
+TAG: 5e40a60a3661940d928cc1818e0f0277390296d5a20f1d020452845b5ecf83dabb95153285213d50438bfd32980c294aefd1d302517cf2aad8bdefc63d87d2995523db2f2380cbec94cf5f5a7af4f605d7c9cb2c2c5fc67b567c5c219de53c39e92ce4e597ff10c929d7e66f7a156f3bb8fcf5c05df504924dc282bb94fbc7045e5c758239b70c3f171bc9c34e95f8821738b02b1049c8e1b21d66e8ce2ad606c8492749b78592ddb0df4a51de74514a1f25fc4278b22dfd5aa0761e1afc5e4d622e9088879df40964ba02503e876ebc70ab5e75c33d7ba0d3879e32255ac7a884a723a673fcf7007c8105e7dedcfa91832ebecf6a929033da1069839a1ad5ea9f659e2f2d295b06d5d6c5e685732f8d9c4b95eca515
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (11 mod 64).
+# DIGEST: 4fb8d7ccd762998c343aef821e49cf91783d15669105b725eb1123ddc16ea445
+KEY: 933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2
+NONCE: eaad409ae02116417dae0cef457b9e5e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e0
+AD: 37446f5891d77df660ed82
+CT: 95b9375058667abde693e7e3a598dd4c326ae4db29f54667c54453e6191c52f86d2fb4fe324e9a02b94f094f1dc272b1e6ad85529206a511468879d31ab9e74f44d9f388b72cd2461fb67f
+TAG: 7d5b0073be50f1aa588d60ff430da154c9793c30646b9d98ff8581febbf8541698a3a14e8dcd317d3f5102a828923b4a060843e4f813cc0198d19bc7b8c7c3fb00bbeadde45d84393bcbf90e4caa0b4fb7e8ce97584d639aaedca28b685083417c996ea73686a504e58ce170d5e59dd1e75cc2527c9a9976ab552533fd3e9c22603c5b4b25456d833182821116d7f80fbfeb9b0a840c127a755b4ac4121cd82f12508b0eabcf1255d5ed866b11366f9a2a59becf0aa3944ed0b1531c92342cb89dc819fa342d19db29556a98a6f1d7f166406257c4fc2019f5cfb8e1a2f02a161e2e6e91bd717c3c0b7429e9eb9d50f873ccdf0b487ee1996e38b248b0bc29ff17d713b810907bacca6f4dcc0633757d84bc065497
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (12 mod 64).
+# DIGEST: 756ef874fe4546df371e012dc34660cebd6321b67dac201988cc72e48917d7b0
+KEY: 3f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2ea
+NONCE: ad409ae02116417dae0cef457b9e5e16
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037
+AD: 446f5891d77df660ed8293
+CT: eded2db8c302b3b5b5b0c0d556f8d34408fdb2af75d38231049b5f91e02a4086e6ffcfabcba5e3ec68173dfde382a41523d3c8ea1f7944351baad1588516c548942da82684d52639453ffdca
+TAG: 518bf4d7ce510d2d8b41b8948c72f652efcc6973337da9e53d8daafd49a8fadebd391c0867ffe253dc07d26c12985933288fc617b9f1e0b74ba51b4a85e11d14de331f9af1c3ec66f4c85e0db13e2669a0429b3be48cb3e8a59f3fae779aba1ae3cf8a9c7d3c7c3d7046b3e7592c67da2779af921b2fe68801d739ebc0fe61ff52724a034f8d6ab916cfac58e9530a541148da1bcd17957a9fd9481571d054e6e38f6f13460fc1bfcc51052a7ae75f514a4d6525dd85d067698197322e61212d58c3fdd3f08e0a06189d8773f87f18c0156eda94657acf5659c6bd687188fe8e3f09b7cceb63d6c78e0198cfb985bfea1e6ef70f2e1727b50c45b123d189607c3dbe0e06f1b359ac5f8dfe1766580afe966c8f68
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (13 mod 64).
+# DIGEST: 01fbec0db232a15b4f3e02a14f412e296a0f2c7bbc539ea1e5e835206e197929
+KEY: 62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad
+NONCE: 409ae02116417dae0cef457b9e5e16dc
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e03744
+AD: 6f5891d77df660ed82933f
+CT: a56c9d8579b78c9ef40c4a230e8bd42750510340fbd0cf55393bd13d93b105fd2cd1d701b6882bacc661e8da81b7c9eed6b5dd4da12353298150819c748f464fa35936dbdb39149ed790f58777
+TAG: ec23664bb72e227a2d60f8e04aa12b33b78d59f1237f2305c1041793344510993f4dee5081f28a969c122c414a4218d4a73e4e8ba26ad8f6a8c3f73bfde7b0412f8fd6941f26ab73eca7110a4873cceccd43a917d5ea6418c85788512fbd262c72e594d2defd5a0a136ee74e9d1e76f335965a7679b3a059fdd6b72eab855763e4af5e028e9239418197e00088c7e2f661142d63babe769de4df2bb36f2fbb39b3723516d0c85b1214e82f12367582e9c707097cbd91650f2b0ae6f13a006cdaf65f9384496055bed36622b4b495335850b10fc6376112b99c4ca121228814539a2024bd4e839bb020efb32f858322b4474bf5317fced4ba64817e022bd53eb839793c59e673d4a50aea352db65143bc0a1d14
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (14 mod 64).
+# DIGEST: c49af18a935082656e153daa62270e736e336727424bf48be78da0b7dced9de0
+KEY: be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad40
+NONCE: 9ae02116417dae0cef457b9e5e16dcc5
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f
+AD: 5891d77df660ed82933f62
+CT: bf13550fa32201ffc699cbf22de17ca268652f8ba2693dde72b626d01855eea7c21f0afae3fa03dc757491e8efb9091a4c100f8dccfd15a9b4dd94e4fe1f5e90a96a8ee973df3f67b1b87adde382
+TAG: 45c6bd5afe30cb502e43d1b3b2440faaa2908d171c8e7f53480efb6d74fecc454a6dbe10ca0ea6368b4afc200632c1b078250369c85a463c63c8c79a95a8d5c3b2ed6ea220b8f624e381022f78cb94d401bc384c5c6be68e8f56f353524d93b68dbb590ca9afefe04e642fb8d8650c8e94a873985c14c1fc7f7e114b2dadf9c9cd89e504636329f476fce6fec894337704b6406c634aed0330cc20030543261a628efd49bbd4c52e7d70fe4b32415359135e2328027b388e3dd4edc43977e8eeecc04919087ec0935f3b7482defceac851adad46db682cb19d407a2615164e2930278c26f942572b64ff9ade93d2debb185309fc2c526a80aa57ce225ca7cfbddd4ae17cea86afaf38b1544a8efcef6df761
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (15 mod 64).
+# DIGEST: 8d6f1fdc3d60175573775cc289d7436b88d10dfa029e90e10e513c8e739666c4
+KEY: 8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409a
+NONCE: e02116417dae0cef457b9e5e16dcc5b6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f58
+AD: 91d77df660ed82933f62be
+CT: 9f9a3ab733e50c1584c4f0c2a2dc0ff71bb3a9b32dbe92da2fcff8fe46a4bf16d4f30ec8efb1319891b7d2586839fffe5012a6dc3d5f0ad21e1572a1ffb48fbb82daa5c2de27d8d64515d8b50556ac
+TAG: d59e25e24c745028ce4239294565972873c4debbf863e3a3b5d69c5a32127916516037aff509bacc58b89e041ef8d2c56b7a3898aad9426f6c26c7d61adf61790362e299c73eda72314b6429d9f64985d91820bcfa806cf4b99d45d60369f52c369970c8162499f6c39948bea9a7ccb7ded6b4f69f13a98cb1665a9be4ad2f8e3e584157a7cf74009f504622b4529e55d36e92cc45df30bfea3d3687437ade9ae87e16f64da2960d30d6660faea9c890d4110e18c20576b729bf0157c151397aec86b563c1234f2deedfea18b2ed2a780b3fba34ddf21edef8bacc5155834e2ad144b39eacde01196a70e309122eeada9c1c589ecb7cd22a954a8025edd31383b2e36f453f9bc1fd8779e7a23653cfbea7
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (16 mod 64).
+# DIGEST: 11a40304bc276c51e2e7d8e3fa16f905bf050f3861586be68ca4257b1e6cc566
+KEY: c55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0
+NONCE: 2116417dae0cef457b9e5e16dcc5b6f2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891
+AD: d77df660ed82933f62be8d
+CT: b4d33c5131701c960eda4c50fc0a918acbe28cd47fbcaa328c6a9eb08e3c36b697928c6981992ab155c30984c6b8e9340cb00decef7086f589ed2d730cfafd5ccfb95373b8c55044fa1c95927d02278a
+TAG: 713f2e3e88f54fa870bb429940553f8a55526f219f062dadacd69284718a21914f86d905517eb301bb5693610d69a32becab289041fb962d940eb0a37da57724b4d07c3b968700dec4d019f6672cfc45be30e4ea80a33dfa7d88abc6733a1cc7a788c6dd12f2e18f001a9d8f0deea3411c00e9234d9484fd030375bb6c3519e8068694019cd8e7eda59760cbb775a01d68626f88ccb026604fb260c0e3eeecd3482619d1108c3ed9ee2f992c0d221f8a0b3964a6ac23bdab18f2a825a2bd8893551686224eaab405e027bcf3cf6cfd840479be33ebd22479b72d61e1d26c0d62ec8e378982a61e85da137019fdb017338fb245ed0f82c531be137dcd56af636c69197228ed2be7ae7dfb0097c4f7e5144577a2cb0cff362c52e28bb1d2b284c0
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (17 mod 64).
+# DIGEST: da3fd1aaca630fe609395b45a44384c57f779505188c8b12391b9f34de17dbf5
+KEY: 5b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae021
+NONCE: 16417dae0cef457b9e5e16dcc5b6f256
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d7
+AD: 7df660ed82933f62be8dc5
+CT: fe6540372ad1c40ec1dd644e935c480b9e34aed05a7f21e2e37dd46db52ebc5352cbc3be2aa289cc2e9712aa7d393f4454c9fa3a4acc30db41ada1257693d3469b0a1d5680dc8dbfea8cbb4768161f8291
+TAG: fb0e5d817e59ba33aad224a3d75b490058e8d743e6db43e920b30fff5e931aa17ebdd9f33ffd1eb9d73a2b9301fec0981bd29d85edd9804def4edcc9d25c04e7bb4f092b71322dbfb1c54fb71de189c88b0c63a4fc615a389b7d67758732f2356924813539ba0248d47fe0a536d141210b4e01d3a3cd1a846933c45abf7441eba3de98bf42c217ba29eab4dd52bdb44bc8ba97c7cdf10106f0e5ed04df11835e1ed86290c2b4b79e5b9a3597dfce92a71958957ceed5bab67ca5b00eb19c0897ea081929a9fa4c45db9dceb70875cf9773cb5dc543885f62bede29135a5e637c078029b09b290347f1e39b6ce35c43294fbee0cf3d9359c25d2a55083eb7d3d13486e851b1b60e1f51ef7fc48d16fa427d7440aa890d300d7a2876ab371686
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (18 mod 64).
+# DIGEST: 2ea803a4525d24849aeda1b0adb81676b32d99c42bcd0011932085424a0a8078
+KEY: 436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116
+NONCE: 417dae0cef457b9e5e16dcc5b6f25607
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77d
+AD: f660ed82933f62be8dc55b
+CT: 22e6c691ae1ba796667ceeaba4dcf85582e398e529d938da63c8221a58c2fbe242f6da82eae8c896dd31b45b3e8b72ff3dd7906130954f7b68d4c8729d3ff66ffad72104047209a56f1d6cdd927b57e8d08e
+TAG: 0325aa247e8c830cb0fbe906d495777fb41894e5721f07b1aadd8b0a2419dd28c973681d131ad8866e938ceb84e65762930d3961ec13c2ca461e927a8aa79cab8508709520b1dee01e81ab4c6f5ee93eb610d6185469d88b32f8acd04f6e8e138aab41456c9ecbe0ebc1d6f9edbcf8e4d543515f9cde2610b1a1454072d5d66b7948ababc0c99cf55e2ae3e9a1f0b141bdd8df4a1647f98becceb6229d190341072594cc3c2c61070c88b0513045aabd07d2261df9dfceee46c5f353dccd3c1b2fe4a2ebbaf8ab7b2939761aa86f88a19b84e611a957ba9fbae9009ab565279de6f972f82b42f324fbf7e9668b4f17415bfd796e4886566ee0febeb27397bf971795a7f49d8d302e13d7e8cc4b20fe89999665d03f83245b807fbdeb43cb
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (19 mod 64).
+# DIGEST: 6802d4c044d85fe270b3761ec10ae5cb4b912a565e00cafc8eab935935523126
+KEY: 6965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0211641
+NONCE: 7dae0cef457b9e5e16dcc5b6f25607f0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df6
+AD: 60ed82933f62be8dc55b43
+CT: 4772e647d03817c0f9deb39ff4f4f27fb0fed33e0630eb453883c707336f0e74ef206e92e31fb2935a466105dbdfd42c180ef63cf5cdd3c281337895e399df6078c22762eba5d84b8845ea00bd88bf5e1439a8
+TAG: 294f0bd94a45371cd6205187e9f8357817072cbb1940abd8c54418f1835616f05a75c38117165c43c0bbeaee69f8e20875121564bc383cd435e1e2fe4a36a6db906918c606edd336dd2dd7617c19a3d701756682d46e04609bc2e983b557cab0c8e3facf110be1f18baf31a69d09ff01fb8f51842e38fe3c38e42990c1bf68838cba82a82c4d77d796a59ba70abad4e0d6bb2f989e52622328458d5809ecbec33764dc77df403cc574c9535512c10446147077f8f05aa63fbc0f73195692ae69fcacc30253054064241ea28263b52feaae58d0b07c990308809a86327ff6b031f010c05720779ba1332ac1f93ef398491a438f4f823e45a4f2c5420c91447815e88fcb5f80717141516d8a1974db7a21fba576d77f929f52c84af22ad6
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (20 mod 64).
+# DIGEST: d159516557052899ecffe8072d2cdb753939d812db2f8861e3ba7a837f0fe29e
+KEY: 65aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417d
+NONCE: ae0cef457b9e5e16dcc5b6f25607f00d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660
+AD: ed82933f62be8dc55b4369
+CT: 6dadacb58a7b88e2daba277f66e5757042c142115871c9813d1a72a79e5a71366801a757a5f9982e99c355fe7d742fe3f047b711dbe340bf2ffd00cea6dc6ed7a4a416c17138404854ab8a5420960d6021e2deb4
+TAG: aedd593c686dc75c7bee2e9e90c2ee010801d48e40d62b6d64cf8371d478a9319dc95d959937396c8e2a887865478cecb1d3e9dff34adb0aa0642ddb5b29693c2d9a3e78a7d71f60d6150f53dac8ec04b3832b7af35ae5244f5e49a97308d5dc1dad0254af32fa1848249e00d4dd547eaf98ec112db7d519c338d698e9633c64f47f9471843c2482e647878c5fc32b5bcc092f4580a39489d7ab61bd211fe4af348fcc18ed48389d670eb903313c79a5bd2bcc250f1ea5cf639e965c30c3b3aad31972c4cb451829d05448d5e12b76b03dd22ad2b7e906ed80d72bb13e6f60cbac269c605a47aa8b676fca372b7969fbb608c04b8d105b5e8323ab9b1e442248fd894e263d2cdad5e3a34fadeaf478c5512206980d0f4113c6bc3898
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (21 mod 64).
+# DIGEST: 8b4c76888085f1030618cca2b0ef708b79b68fbe879c266adab2211c35baebae
+KEY: aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae
+NONCE: 0cef457b9e5e16dcc5b6f25607f00d03
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed
+AD: 82933f62be8dc55b436965
+CT: 4307f039e09bbc51fa0477941e321dec14e5f562d3a5ba25d71c3c8afa23f44e1ca619d130890b7476e5227442c27995cd292ed9d0a649773b752b3bc7abf171244624bc55784adc9282f1776789fdbcc5c043dadf
+TAG: 10d9216fcf6eb71ad30348d591c025c364715c73d46bdd26f04cece2b14ba8f5183b7250750c75017bccf9b394579be5fd2c83e77a30eb11c9b2fba8355390a3bc19c98d0cd5f65144701f3f08fadebc29150ce3ecaf4bff75e9db3043228d037861656c2c462668e25a2a6b9d1da7929a44dccbfe3758501ff0952c064508025ca73687ecc1a89f825eb09a762c1d7a63edbbded5ac0ed6baea7ed19677c8844a063254a9a0f464da61ea782ff5ce62462009c64d9ebe9597c467e1d2f5a2ff39c18eeac0ab03cd771dc0c75bb826167703855b96a9ea6acf8f5a1c95f59582a56addbbb8ddefa5c73405b212c8945a60920dd18e3dd4c3571003f227f1a1cab2b41b67d133d0d20708ff44598440f8c5b2f438a6c0c14113d075
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (22 mod 64).
+# DIGEST: c93f922285c3abf65fd70f22abd7ef859a392a9db0a979acbc99563829e3fd77
+KEY: be477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0c
+NONCE: ef457b9e5e16dcc5b6f25607f00d033f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82
+AD: 933f62be8dc55b436965aa
+CT: ee9fa11a7d6f965e7d65d8f48810754770b9d237ba0111978b97e24f223817d0c6ce4dbde85c4e0979bea607a36c66f908c25384184fc334d8d985b78c2e9872d82c4cb1aad49d7dc21d6484b80f9192092da38282bb
+TAG: 4ba52b012bc5146d24c5cd7101ffc935c90fddb5c25d4939422b08a9f36afb92a71ed5cf86418748b8268e236cde7ea7bf8e757079d3b5e74044939d104f48d8df2cf17880f08f9eb7da709132fa7fe6bc1ca3cf9308625e15595a56ba4b2bd12eb3a4fcb06cac3a7f8d5e046e464d5eab6f502e5a9a7542938e95a8e6e0f4106b5b77f100c1b39db7de14e6f777a0cfd8bf205a6d70a76c1820b48bf8e2f1d473f82b71dd5440251473e5878ee858d60a60afe9b9f07f201d208d0e60660cf6ba2440cd0cb2ce4ca1ff0b6085a864fdc8a70fb760747208a72f9108c7d3234ccd69c1218be9d3d59351827500244d0e1eb39d08c82be77ed837d29b8650fda3abf8e8e922f754119433bb1c27769cf7e042c49a6e87f75de521
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (23 mod 64).
+# DIGEST: fecc2d68e7e0874de9d063a889b18ca83d3d5908aae064db20d723a8da1b3978
+KEY: 477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef
+NONCE: 457b9e5e16dcc5b6f25607f00d033fb9
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed8293
+AD: 3f62be8dc55b436965aabe
+CT: 1a95f47f7bdb2d91358f683b7bf803254d88b59e2d3c1d873a09794e1c18f1c924d480727599a1a6890bb664335e690e4e52c385b634bed45e08410448ffda3ea2593a02a11a03d994617b9f7ac85317689cff682990c7
+TAG: cf55f1531360cf0dba29ca8baeba795e3ae57ae1c8d233e5d771be0a7b5e483b1871057aeb254958d0353264bd6c61834295431d1e624f194559d3e476216b295f81ba3a7ce67edad2c998d4d5f2cb4ebf6a83d3d40bf36eb0cfe75652752a4f8aa295663fc4577270c2b49ccb411c0f6e3a2978d77df2bad8db2e7252472562a6622a0c21570beff15ab6d21df869bb7b1f351035b7462753c36bbb0ac6e3b750591cb02c7ecd9b03819fdc47ca0106ba37c21cfd5123479629b57839cfaa4ec72382ac3fd6f1a8f24809921cef7e0474a6372cd4beaf7481b554da8cab83dd4de5767c3c7d0194ce7117100c07161889b01f4deb05ab1fd9de79f7b634009c5e40f2ba9ae916ea70e622ae14c915efd902758953ed3c63f9
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (24 mod 64).
+# DIGEST: a182bceec087418714d31fdad208a5d5c578fa8917a754e0b0527364378afa81
+KEY: 7e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef45
+NONCE: 7b9e5e16dcc5b6f25607f00d033fb95f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f
+AD: 62be8dc55b436965aabe47
+CT: 67466a0bda0815f726cd09d159e06088b2530b73775a8c18eab2d09ed7bd12b743b0a10345cb3126dc14d8f5c503b65a45467ef9b56ec7c5b24e5548e734d3f0fc90fd9c8019fc782882ea6e72f4df5f5f827d6e8c60c86a
+TAG: f6c2c4b7de380be8cbfcd90f06ba067ae2e3e23286dc1079ceee60c2cb7384c229639917d38d6d50c24224981c7ad657c0b4672b2e3e0cb75a2745801195902c4ecaf772ab99592ab86682aa2f0b46607f5e0422b159a8d06bbf243728d0711dd3e68277b9a6f29a66a6cee41dee43a7121ac2d8e9c0d02d2cfa397515fde2161e5484679200c7be71015f0f73b88724adcb6ba772997119a6e17446c9872df0b8b50c571d5ea5ad71a14e9f4a81ad6437c1eccff6a93d1385115f55b7131225b5b49550cf9dad67fe8c9992f8482de6380b64abd01357fe46f98fd28dd2a3dc11f43b9c2306b5dd6f6fa02ec5bf3d9d495f0ec432c9f527f55680d64916bdb2a4088a72985c1ec03f418ef2a49870e1d8f77da41c227ac8
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (25 mod 64).
+# DIGEST: 81dd23016c18f838fcfdaa8afa9c52009af9d93092e250bde67ac11e8588a238
+KEY: 0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b
+NONCE: 9e5e16dcc5b6f25607f00d033fb95fb0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62
+AD: be8dc55b436965aabe477e
+CT: 34f8a83c831f374e77c5601317b658e47091d811285791eac2fc59fb06658c115dc875c80b1089a62fc7d072534617dc81dc3adffbbba4b9db2e7272eb0b8aea73eb9de6480c43190e239fc300377f1839a750fb5a915c63f4
+TAG: f201dd303f2be93385e189f963a1b038564f9648cc09ee82bebd9d471564156e14933ed0ceb36f768064a038f1c86e936d05bd32fe132c068f635a41f5e6c0c9c1bc579b9e218e5b1e0e95e2f95a05171a4670ce0028aa7aeb78229f6b3ddca48e35c5948443bfb0234b083fef65ccd11d3d8894918289dcf13586868c3cfb535dd9d4d79cdc391a59c8a7d5917e47202108fc8ab98f8be0cdacf80582843ddbbf7f158841bc02f01d402b5b8c004b33a1d20d85590d37ca0704e58c3071b0da1f64ecc52532e76736cef4967641ede072cdd0b61a02b5078c310a7091beb07c1184ff74a65db5e71f42fd9ff622040c331687f72f6daa6f7752e21d0d844d4f646202eb18677308ad8747823c524d516398531c356f3b
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (26 mod 64).
+# DIGEST: 20f01a20150588ee1067e30a2ab84904a34ac56cb9e327756a700b1af24c6200
+KEY: dd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e
+NONCE: 5e16dcc5b6f25607f00d033fb95fb09e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be
+AD: 8dc55b436965aabe477e0c
+CT: 2ec0aab31fbb036bd2af5ce39025ee2d5591fd525a199f2233384f52a8746f4fb547843c92d1e4c9fa92bc268174d4a59134142f14e8e1e277f1f1844c64f76dcd20f3b73dfec8e9fc59a639616fe4076fabc5d3fc116a8db5b2
+TAG: 58aa84e06a34424ee932af39466c3309363d93e3af6a37473f54788f7c1564549660ff8e96cbd74ea459c318d52566475062f7b6ef434a4bff703f831c4c5ef574d7cbfab0eb130bff93f7b7121f3bbfd56574f6bb89fc227257ced565ad4d73ae3c72b25f36be22ef5bd0cb5750cb23c52743bcc1306d63acb3f7ef73117a352a95418e8fc12696e99ca1f44c055c227eaf0a116c0847d49a32d1ea611e88f6d2500dc0d2c4cfc84978a31c43f30e2d5028602d7cfa4a48efe16b18d46f078502c5976a63ae91a63266bd068175bf842646264da36df63c134df8171f160fcaa144b78fdb81534ef248ed1c7bc234d045aee646aa6eac6d770f4487e1bb4bfe9e103bf83b1f8fb3a12bd56ecf0c8eb1c5a0d0f35cd7
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (27 mod 64).
+# DIGEST: 83a45f4fafff7e1ec40a34e75a49a431478bbe8c9234da4c1b3129aeaf453d5a
+KEY: 46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e
+NONCE: 16dcc5b6f25607f00d033fb95fb09e4d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
+AD: c55b436965aabe477e0cdd
+CT: 90712d5e3edeed5000c62ce80212d41773a393792a3a8fc62a1cfbff38b3555aadd88f0e36f93c8a12897d7779972b3e42978cdf85da7a3ba2e4b261f0a0cf4e1edaf259849e87133a9c057e5d3e693a420b7861b96e3f10b34f7b
+TAG: ea3b1f0a196af1f2df325a7a1f4fe1799ff35df267da4a912cf0cac8ad6472428fd08ecf4356cacd67de7eaa0e92498afa1f8d01c9230d6dff346752970758ab979e62d3012356e83924e2f9cff28e485cb96c5d87c1882ab472a4dc6dbd79b68ec3e64990a389e864a4a2fe9e8fb4fc66ea5b1f07893864e1d6c38e73fa60ed109bf75d6b96d8512574e0afa2f6114d1acffcfa23433eacc0f021e05b6c4eb3148836449c72485e69635243a8aeae09fea475b361271acc9dba14ab957ecbb4b0a03edc3460d63eae1aaef92341456b395011321fcb7a85be0fdb812259397f8b52ff8653aa27040c17ea4fad7c6f6c9c941d1c83ae08d52c1719bd2c66fcb79c0179e3c1827785cc7880607de862e8c2bc8b4ddf
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (28 mod 64).
+# DIGEST: ec9b1b48a2e7600c92e69277c9e55d1cf7a9135ec73cb736fd26718c5531fb7b
+KEY: be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16
+NONCE: dcc5b6f25607f00d033fb95fb09e4d00
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc5
+AD: 5b436965aabe477e0cdd46
+CT: ea1b542c224788ae66ded1b3ed9f9e35708252a1cd1d4725b0a187b669c51d282776471be5a07f256faa9ff16fa4248c629a4bcd31a9dfb7f260d9b1cb62dbae424624fd816bd81f781b93ca9dab437bee7e80bb7baeac902deeecff
+TAG: 650eb292cbefb80b7401e38e9803fd2b8dbb13ff21f0f0986eb42280ddf019458c06aca80c4784da1930a92427f96531e97f89e62ee5b945f07a8c7fd2b1dc6710f0a97096036d22493c2ea2592fea8e4b2cc93111959d33838e4919068385645f898736a0bcb391a30124694d7421f6cfe486047a95f55546c80a75fb7473ecb4a751db0c1dfab931081167e80a5116977c296d0b9e818dcd72d3404546589038d51f08ae71db0721c64e9ce9449aaec77fd362c41b6b9822c91f267e3cf0ceebffcfd55c7e16abca6ece0de8fd0b58919359aea7062af61e48a6185bb186db113a39be60fbf00d7f3664d3cc64e9f9eed70e01240e4d7f51587b846787c82723195a307c6144b3a1db94a10743df47c86386a7
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (29 mod 64).
+# DIGEST: 7b0d19af32e867b61fe57398a3ed863a56666fbb67100e6a5ff01971ab693fc8
+KEY: 99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dc
+NONCE: c5b6f25607f00d033fb95fb09e4d00d6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b
+AD: 436965aabe477e0cdd46be
+CT: b1025c9eb02f72e5526ef641778aebe786c2f85961997f1eaa090a33caae3a9df34da7088352a2df7a61eaaa026dadbcd604f5baa3a0de4fcbb3812816408d61384984141d9c78f47e725e99cea9d52fc16797a3ee4dcd80b6e5ac836c
+TAG: b1a3af10a3a38373bb7043194d9f0acc257f231ae324faa30c0457ed219deef787c85dce075c04e448ad2039d84718b9dbe23965df0b253986123e8f4427b833ef7679b4c6951d555c98ac8e151c3bcac077b8ffab30b8e6623809c39b7ffbf6c247f8be4993e91841a204b9af2ed9104749d573b01259646e8711d9a8b0959d4e9ba5ced78ccaf37a83035a096dbdca802070baf44c9d97b009c9c6eeefae4f1348ffe11bd512070636627d0defccb8dd737d6aac08116654cad9b36d3f183b3392a020d25f8e03142302415d3d0575ae203caa7581c754c36343bfbc37627320e9e7c0e66cf277e738346bff15b8277c5675827a25e0ee68482849df97d135df15e544159ded6d7eba4fe11c74f01051bd9f
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (30 mod 64).
+# DIGEST: e3b7a347d9bdc63bb1c689eb823076d5ab24c3f502c328f70d71a1b3f00111d2
+KEY: 371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5
+NONCE: b6f25607f00d033fb95fb09e4d00d617
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b43
+AD: 6965aabe477e0cdd46be99
+CT: 10623f3b3c8888a31cbf51eae0989eb3caad5f5b786c13b41c04e0b6cb2641f850df4ebea610a4d521557c8f987ded40e9702503fc4ae62d1830a0f04d168888062f5b147e858a134a4022bf2790d81a20976e2b98e407e7cb7ee4355bc5
+TAG: d1ffa2b9b4db22b1de1eb8d9926e651ce34a85560c2e75605d9448c508e3030ce78f3a5973bd87d99be66603310d19d4e4a94a2cfc4ca9fd480dbf4315a814702d507d8699ed17e89dfa8c3b7c0491e4c22d63daf87bdf3e1ea54b759e2969ef392a659d9a8237bf4545b78d268cced5d4c6ee177ae96f77e555b27cfd6ccac215aef995c383e84419293d32401aa7d98634e99fd5124334aeb505f1b389d6b80b78eb57fd85f8c020c17789696078178dbc1e328ce213a623b6650a4d914037e4bec86ec6e1cf12881b4c71a204058970a1e607846421b8ca0fb346c19ea40a2b6be17fc0cdaff9d3c30868889b4e8664f2b586620ea74960c04e5dc3f9304dd78e8cd2fdc5c10d5b9cb640ff911e4ab323
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (31 mod 64).
+# DIGEST: 9ee27167f084f493a4e6e5b80c1cd07babdac057ed98dc28cea1f107ebc68787
+KEY: 1eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6
+NONCE: f25607f00d033fb95fb09e4d00d6172e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b4369
+AD: 65aabe477e0cdd46be9937
+CT: 60d4a0ba2caff08ac046349b511017a7c5f5537eff0bda94bf838d50c14d59426424e4a8f531103773aa0eb9d242a9e6f2ba5002ef04aef8144c8a88f05788fa5fa1ab1cb5cad84da0d31b280ff8a55cbd75f2327f726d6dcbcebbbf490012
+TAG: 26ce951279729891effbc740a3e38a8eec1d8fd4bfcce6180a117931b1f3ac5a423772156307853624240be289aa9bd4868d9c8b3b93d332a2bdb679bd14eb8f91034468fb1771d679321b067ff9dedb04cafae3cf43c046350c23b97bc3791821d3b4fe50a5ca66057432994e75d53365fbabef04a3b6c4af9f2429dc478145c6e67f3dc1990d0c21fc5d816b25ffe4be41a7b465d8485b2e4c22d597a1419b021714faec3c2d2ce1546b73145a2bfe44ce6a4d6ff162c6904977388cb01e8495aa05a448a157cb986b59d74e3abaac98c024d4658ad842e9e10195b69a244aa42cdc5c073f08313cc9b2036f830a1aed7e70117c91a8fabbabc556d9fe8aed1ea047a83963f985c1914d524e058ef04a
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (32 mod 64).
+# DIGEST: f6b15333af80c49e8ea591c2272618074822d453d85ed3a96c29f249873acfc1
+KEY: b8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f2
+NONCE: 5607f00d033fb95fb09e4d00d6172e78
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965
+AD: aabe477e0cdd46be99371e
+CT: e59fdb3d1413cd6a1098b5daf1662c698076996e2581e11a286e5acd6f29d41ff9d04da8308ce7f5defc52be0b4d1ee96d8e5f4eddbdd5fa9894e7d1b0a1bed483b7e7549e1c10cf5b8ebd1e7f1177972ff061cdecdad8d97bb0308b19bbc2c8
+TAG: 511574a8be372a8f1f9d856e674d266dffbee195e3f7e710f3ea76bc1c83e449fea70886b5cf0917543e45f8cc968502e873e362f1bb376a529cd4301b8e5427342869118fc7d2346aa78a4b3071024c5ae51a73af441ed02bbba31d0c106b720da7d9dd3cb9902048bdfe1e7ab6df1c2cbc78bec0c37333abc14b0725fca3278d54cd188140e35afbc743eaff515db5b740f97ce8062a20ac53b2a5cf527999529726f79cbf4220e0fcfe51863c2251f23a2a139182250e1ba6a9e889d998cc429dc503d5c3c4604346e2ca0adca12699b4ee8f0694609c3816ad161612c9710f6333e5c48e3c07f5a644714554869417dc31dbb5ddbc2de6518b683e6a7bc9355c0332ae155be0b126234b7c7a53c1852e7bcbedcd86e8bca69986dc5512f3
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (33 mod 64).
+# DIGEST: 02dd1eae128cbeb47dbbbf90e2f5cd63293bb0091815c93bc1153d46f176374f
+KEY: da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f256
+NONCE: 07f00d033fb95fb09e4d00d6172e780a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aa
+AD: be477e0cdd46be99371eb8
+CT: 9764272fe16e12bb42a8f2a6620e44d4f202c21d51692e2948e2f4e4a18acf58a12d399310f15e78bac1f5f2a48416e5f4262ab9a8480d9f1429e5e9d15d81df0719f8db8d7ac08da696048e8a048255071ba8926be1dfbbcf53e7430862f64c04
+TAG: 3859f6154fee0d5bb25811575cf137d0005e997ceaaf7def4d374e778bb2cc0b956159543f797667c24c28a2a0bbc352356054e532c663947e8a0b6e949ed9c93fc2897682142c43a60f8927bf2d37cb25c4faf709066465cb2df7765d97d7ceca95391b28e37dfa87e66d8e9dc1715524d22ac9cf618b2427e3099e2574990760c7f729c7859399965abd3cf7dba2c0ad3962bac36b443d318babd6107a11285c79bd897d5145ae0cf3f6aefa7f36e5d28f386c9ed1606d6e61808e79417a38d9a79b03e42c3fa9de1adda9d592a1c1314721c9d24b73d437a94a03668fb9fe43c15d48c0096254a95194928a78843b03d341df7d547d60dc1c93472c31c521f6433595231dbf6cadd58ecfb51df0245b4ffb4c022a86ae2ad502d851eaea
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (34 mod 64).
+# DIGEST: 137fc408ae1b3684a802229d78368f9fc2202311cd6f5da091b2eb998ceb048e
+KEY: 7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607
+NONCE: f00d033fb95fb09e4d00d6172e780ab8
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe
+AD: 477e0cdd46be99371eb8da
+CT: 9b6a8359acfc5d15067e2e6d812727d768f44b3edf4272f57fb54db41d95153fb03d7a7b3371e91c4be80326f4d70a8f2ac1e867ad3772901c513895e694214d6c0fa1f431aeb016ccc93faacb4950082f0cf00d3a5879c9a4f3fdb281e911b4e46d
+TAG: 60872631a4f0e7e07e7ababf7c02aec42c1696e836bb12ee942e3cc5833f3b48366bc15e90cbedb280b01aad3239bdfd49faddc5d1b580995e53b6ed934a57252f498c199149307d63d0785de5cdd501c864cce15cb7b04b0187ef35b3495a164121f6c6773052990733f62842a6a011586182487394bc36abeed63663d0acd8a9c5b3dfd9ad1e944d179723800c1a04566b804b38b4e2dfe81d04d1f4ccc262a65033d83cf299e8e39184576c60c410285ffb46930812f6d4fa4e2f5043d3eee385dd473277300d1feb6e29f81f051f5fb6c28de99bb8445f2a389aa71c1fbeb3d91aa66596fcfd46b3ca0e74c71694a5eb7da4b5abc8cb115a1bc65b8faeee4e96392a9bf2a15914405cf563e35428b69b15afbc9878b47f803b8b479a
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (35 mod 64).
+# DIGEST: ac9d4fe33627d4e9868c57a42aab21659ccc7efe18df8b57819b7d25e665454c
+KEY: ac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f0
+NONCE: 0d033fb95fb09e4d00d6172e780ab8b7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
+AD: 7e0cdd46be99371eb8da7d
+CT: 5818d2a656fce95d7a24bcb216f4d6b91d45d58d6ca2df5c9d6412d917951a9f61ff07fcb6b078fad69862aace436194f86f309373452e813c461fdb36a95f575fdf0f784ffa0914f0c0ee0c57ed1e604ca7a7a4b3d20c272b3b7f2e65b18c1a3fd191
+TAG: 93435a8da7fbb8fc3baae118d82bea0df990cf1018ca14993d2ab594117bdf1a6b9ee715af7d64353d1afe398734f5d88d97fc9cec550e6bda06c31ef12f21ba6e891cf9c24accb264a771570f3773129a5fa2d78e5a4a1299bf7eb6e0fc4fcc9d4ea7f4bef1ff089cbb840a04e4fd81775a72278cfdb757c2b041c190a830206a45ab4b5e261bd65bb206f60c7290b6c15c3f04b5fb0bdc64f775d7b88ad77617da94228b649ad948eb84915970fce864f776541d740fb6491843e27088de5e7ad51b9e80c4f55760ca996631be10cd005146356b7754ec34b62a2e19ff2ccd8e4526664f4bbb6c84ae5595515a5c8ed312a63b983d241eee86511736edee964c12d8f5b2eb775fecbcca740c7c3b2024fd5a6652990b5e1a3f3cd7ab
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (36 mod 64).
+# DIGEST: e59c699ea2887f6c829b7a0e895c45710aef6911fa3c930de3da61fc988e955b
+KEY: 997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d
+NONCE: 033fb95fb09e4d00d6172e780ab8b700
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e
+AD: 0cdd46be99371eb8da7dac
+CT: ad0dff8adc54b5f02f428915bfa9f7277e4743e72e1789dcf552b91cda03bf52c757a9cca0655550c944fd264d287bc97d15dab3b986ed34637f45ffc1eb71b764cf5d5c1444033975829f1e59cb65ce40d787adc630e1f3155b2dc32733a754360ec1e1
+TAG: 6a74ea2b3f209b6f81b27fc58b28585c7b378a9b11b346aa0f155a495e1bca762cc9c73a00796ef7fb398aa1229119d7cbba739c3daffb0f460c0c6bbfe4c6e99164d0b88d262a1ac5c050533db32f61c2e06da092e1e019e1e01dd79a92b9433b2938f89917846f7b04bfd7ee42bdab140e1854db8312f28af64c979360d89b1583896c0c592508106adee7144867c8300d36ddd7bb87482a990141cc0a793dd2e490305feb1b1c7eb9cd3e76bf7b8c767cf17a614d9c816abc8b6c8ddcab95f1dc0f78404704d77403a97f4547742c33bbadd1944e34b20f2e3293418cfd8faf2ac19f0800f6aef3ec0babe1d2a5b721bf3da4c23d80f74c0e157689320d8c1b517f3dc9619874e8b3ecafdad75250e631cff0d5be6e553120cec5
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (37 mod 64).
+# DIGEST: b0ffb7b78f23593d738e845daeb3ed175ee48ed5ed2d827565030b047dd0ed17
+KEY: 7deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d03
+NONCE: 3fb95fb09e4d00d6172e780ab8b70043
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0c
+AD: dd46be99371eb8da7dac99
+CT: 8a1448acbd769e42bfdf00ddd801153db3202daf5ba7997890f5f42a183d3a66faf66d899c7099fa99bbcf5b62b6adcb6ee87fafdd0275a8f625f3f959b0ea9acca88070aa9c61141787435cd60f63e262a80b6aaf931ba554ade7e0fb46b03a06a57db627
+TAG: 3fd3782dfec59549a1f357785c8056274d24d4a9fe64a7fd66f48dc76f831901ae3b39825c1bf24b1990cdb264db072005f5c55c5543a65467ced4291297af0607420f4254947fcc514ed2512e0c678e4d51721b5d6c3536a3f7b57327440c94cd24ad71cdd2d7209a24a8e9402c7c07de667d72854b232f6ab97a44b736322fc9512ae432f5e55d4d1176b985ea0e6204ab2b9f94cdd63db5b0e3e0e7b79f2c1687a055e9345813c718da09a233ab50e054812aca10cf18de8023fd6f28d029b4f38a5c3122e539748c60b12075c0faee5209b346055dc8c5ccca9093fcf4d87a7a9917a34e39fbea94a8f8456c6ec2a1b4a733b562563c79f4bf944068188e099ccffd60c75b87ddf211d55e182f8821b5918654afea2fb66090
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (38 mod 64).
+# DIGEST: e8928848fef7e0556377fbf3ed36b4105f334fa17bd5c5fbe2117ef82051903f
+KEY: eafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033f
+NONCE: b95fb09e4d00d6172e780ab8b700433a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd
+AD: 46be99371eb8da7dac997d
+CT: 0fca069ff1b260179dd5ff1124e557e97a4cc41e069d124cded05275d37913efa220e1ed4768bd04d8e65797040856b686cfcd5b772278bcf5fa64cd8183ba8b7724359804d609b31fc31514a4ed43d84de929d99e63f12306bb497e8ee776485dc822c1ea53
+TAG: 447babe3275b7d8f53437e527fecbb6106e50e8831b2f5df5ee8067d4e3e3f9b320ca4b72a7ed1785a94f24d4c92916fd6ca8fb1f4322abe0152b377a5161ac5c3d2c0bb5912378184c1b19582d979d6ab88681eebef4ce6836137f03195b0b19e3d632009ed05cde65f6996686820632ef4c0845d282b504974ca5eb3232ad95fdbfff4229b8385184fc87d7190d17f68c274f4aeb3d07745f52d4a92a02c776a0b256546104a827cf92047138e641ad188e65649ea1c4bec3c61411d5f931831bd5b5ac45982baacece549255d1c102c80dcca28878b789cf76146ec44f68d8fecc7e5c4b7780ffd5b93bddd40185f63977299381833957757f837a297c207d93d84ca9c0776b1dd87c952bee715acfb350c3f435700caf824
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (39 mod 64).
+# DIGEST: cfc1420c24eff01a9e6acebe2a96090e25738c3e1c14da2c6f36f9e20a857165
+KEY: fd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb9
+NONCE: 5fb09e4d00d6172e780ab8b700433a95
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46
+AD: be99371eb8da7dac997dea
+CT: 8cacbae377d038fe27b37fdb253f3b136aa38660743dc6b4778ab16940a9710c8f08970164316e26c3b603140f2f43f62a88d021426b841baec29fb11a3d8735d0b8c14d133a825e1044be5523932ebd65b34433c083c2d77af313a240b1eeb59a73a2b7e05a56
+TAG: a497c1ca95443d00804466d23f2e960a3ca86bc9688581f6f78734a7f90376fbd81d074b5618b6e4e19b091549f91d7acc16147d9ee30a7e51d528d8aac4f3f49d0afc542d2c652727fe8ead274c3178a83795aedcb8019a4fb9726c3f53718338bd279368e6bafbb4ff9bc5ff57662f16bfd03875770ca633f66c6def6cdff3070ea34e77ca487d68b4a5443e1ed81a80dd0a58c1c7f1313f6dd976c9fca2d378e894ccfc233eb99c0dfba33d95a3c29742038067089ed97c737e3137f28b06847e4147b0c2eb01320feba305c39f3d55747a74d76fb300c11bab7d216729be4f2b1a3a4afce0b3d2475ac26a2ea086a1b681cf1b6444239bd991aee39cb5e45fad5395ab17ad95c37f590dd49d8dfe19768aa86ef271fb81
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (40 mod 64).
+# DIGEST: bdb122b808f40da0ae98fe9ace91fef7f2b39bc734f4f735f7cbccb2c00e4666
+KEY: 64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95f
+NONCE: b09e4d00d6172e780ab8b700433a957a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be
+AD: 99371eb8da7dac997deafd
+CT: 06b44584c9ddd267bf03aa311730fd0c4d3461678d94b4a794eb3e90b9cf3113ecf0ce0da8789d59bec50a1fd1e08ceea4cf9e00b2e0423706c126af7a3031df6cd82a7bcef877b413662e731b5a74ebf68f781eeeb79cf760cebda2c5070dfbb7c6d1ae6fa2a177
+TAG: c897a50e7bb28f06a5d1848ef4ad3688639503d7a832199155e61da6784097c06d178711af2bf868096d23772256707fd05d4c43963f885e5037dff18172b0a89fd04392ef01504ac2a664b6a74c120ed6e50e1309ae47171b6eb9912e85e3f812cecd79b55d2ad7759043c5995acdbac92b0090c9503508febbfa8116cfcbff92a80618cfb0223819548b04acca6da9dbd690da34368faa4cc9058c177f16fdacef52183ccabc3139509620243baedc601758240f26fe58b1632cb21440d905cd3f6ce3c17efc82e2e167132100dc18eb4c92b62810aa8651288c0ab882815b18f75175d61ef47393913f125e37b9126d5d8dcbdfa6221a28683f6c4aa7628ee28d95e0a3815ef3e601ed44bea3be0bee95a0ca5fd15f28
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (41 mod 64).
+# DIGEST: a1c40dc7a17b3ef6c9170eeaa9500014ef9ada833615b6d40af3fb2e14d7ddb7
+KEY: b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb0
+NONCE: 9e4d00d6172e780ab8b700433a957a74
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99
+AD: 371eb8da7dac997deafd64
+CT: 85da88e13f3ca14fc4440ffca7bc837818daf1dc52a4c505583edd070c7cbcdb4642d8ee1ca687037b08e1737a2f49039621823222f9f02deef2c340289af5184a86af8429747ef2f7d98d6aec2af060fc8e6895c2182bd1c479fc6a2e7ecc03eb4b03204db79e18b5
+TAG: bfb333acf9be1bb3abd081f67f54bb1a198e007b1152a081c13cd0279770cd9314999ae438b54d9b5e516ac648fc0c83f3788a4a4f396a4a65517bf8499e74528ec72fc640f26dba748606e16f566017ccb911caa94a814235c1f08c080934dcaace98ec6220ddf784c2c281776bf1aa758608466561cb62867a1d165f3d46de65d7d3a8bbb36e3ba645b5049ec1760e80d114374a0a6c1628c99f5352cfcf397df3dbdab10a44379ad1ef93727191d076bbaf70de831e14721162e8173531efe43a2a739bc3c76359bbead3d5032006efff46ac2c7fcd48a8071c3211496a61f2a6de0d690de8338c628fb0e3983bfef09738c1bc2bbd6dd9c51613d15fe0c85c02f2f9560809894974ff005b083d5abdc56f5106ef04
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (42 mod 64).
+# DIGEST: 677f053b9f421414ba91c060ec7ed66d27982e992da0372e5264898c9edd2bab
+KEY: fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e
+NONCE: 4d00d6172e780ab8b700433a957a741c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be9937
+AD: 1eb8da7dac997deafd64b1
+CT: 10ee64784345c076e3f9aaeacc87cd51d6ee0b0facc9f40b4e6a1b4bec669ac3c5252c948b0c0a4d8e798248e6b10ee247e51c81793c2be91aa8c9666e0d8774439ea159e4745014bdd2e9f379ba461a7e638cab9ba2aba1498397044edd3f2759dfa56f488a0118e6c5
+TAG: 3db7a5fdcdc460c6454407a23ea3d0a8b10439d34f66016049a07d33d7598f5debab758abfd5140243a129c0de5dcd36172bcff878216959047099c4675effc9f8faec3c5749afef3624adaf4aaeac2bf6b8c39119d10689de6b734e8fde8461da3f3e71030ac2dc83c662b646169cd492f7fc426088025f5812b73ce182fa9bd7f024c056a7ba3778b5b369c2ef437c9cfc8b25e9ee868ff17d64a814a8cbaacf9079ad75dc055bd3afc491331bfffb8a61c058012879be54680e44d01cef9a35c796dfa3cc450a6f69d239d1b4609917abec22d969b7e3da0a400f359b93c78ca4134effbef8c3fc63e94264aa67b4e98548d14c5cb3817f59de84dd54d8120b317f07a96115fb0d75ac600491ef781475e2adb6ee
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (43 mod 64).
+# DIGEST: 9c1c2b1853244d015dde7f4068220d7640501b1aca325b82c1be8c015b61e59d
+KEY: 65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d
+NONCE: 00d6172e780ab8b700433a957a741c9e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+AD: b8da7dac997deafd64b1fc
+CT: b90220b919dd02b216aa2eb7863372a645b09df88645dcaf138fb73d8896e39aac5a1c2f0535385e15cb850a6febd5d6ea9f3fb573944cdd5b30cb80aff6b73a173ffd7c85673248fab94e3b9544930cff59f52515dcc8ba39b6f51dfd0487bc9f8eb23b031c3f6d70b763
+TAG: c9d421b4b147c4392238c3c6e3bb6421e47773160722749bb244efc4a9ffe3a55b2952aafce9bf5e46d29f9d916c582e9ab426f60258bcd75c96fb4493fe0923356d7647382e103ea4ef363ca1a063ac89ec2e1ed9c45e84aa8d4e279af1bf40ecc0e5aa8a4af86b7e7390ec15852515e28bd8ee956709bd90172d8d03624c5a81dcfce21b573e1063d416ed59afb316a4a7fd1d22dfab206473567ac0b94aab64b2c201b84f8e89a575c5d1510cde801dc4a24b7537e062d1caf08f6008f2f14424edf16bfbe3960a857a2784ea033fad0ecedc84a917405458dccb12a107fc7f603565eeacc7573571d05483ea8dda7519bf10903b9ef9feef4ac6682956b193e2201dea4150b5aeb6c122cf4e0a854673736837
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (44 mod 64).
+# DIGEST: 6bfc1f2aeae329867e5d7f268979743cf267d0dd73b7882abc0240ea586b21fd
+KEY: de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00
+NONCE: d6172e780ab8b700433a957a741c9eb8
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8
+AD: da7dac997deafd64b1fc65
+CT: 9807d89925c67a45c8ba18cfdb817f5bbc21e58c10f7dc8c15b70acd97e8b97e0393d5948d51a65f6f092590b38c845164e6d2b49288bd0f73c4f4b551b362470638f51422dcfdaaff5e8aaf80ff715f3f597fb9385ca18355b8e98d1de17a302b81470c8e64a2443883cb88
+TAG: b90eda5e4260d45f777533784bb41a3f580fecdd1c088958d001c2a34b3f19ff6edb5176fc369816ce5a3dc30bebcf6c727a64acad6e390588789aee7ec9371fa86589d89306ecd74b90ff8811b6c79a9319bda6fac4317e10a756044e97b68c47a63af7b20984d58d9e982ba135b620eea8b84fa0e4837f935e847a85b81167766f9bcba496f54d47652076e48c96aa2c723f52f1efe6b8188bec0c53c71c4a27a39a25d13b7fc94f44babaca1676d8140509f65983911a2aa09547b5db116d77c734ba30e766101b5efea44b1b425b6af818c1583c5e3d24d517b4693d819a1eb7f85c890b1cc560722faa2170ca6f7d426ead202e9c3186864bb4fd21db770a972bade06e4968caf0f06348dd00608d074646
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (45 mod 64).
+# DIGEST: c1702d4f70a18932e2f4d3951603ed904588a990123e0a02d29d7259afeedf69
+KEY: 39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6
+NONCE: 172e780ab8b700433a957a741c9eb80f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da
+AD: 7dac997deafd64b1fc65de
+CT: 8d69a3691570f0d175aad5fb77a0e9abd3f882b10355a08f0160c113096acfecdbc4ac32f037d16c2c4dda4bd3325c8690bade6bf39b14435cc11ff575a3d7e9f7b09b5b40f9645d9a5dfb44f42304d82298cdd866e957d4ab64374ffb86879ada9fc8d6a17a7ff1b06cf33529
+TAG: 1355e78bcb4dab39264351b32e7007598508d90f012029967337855deed8787fb8907de3958efefe76d5373c1834d53e506d18ed9a60578955c019a04fbbbb9ef011e6c284734f28e4d228f5901c163145257073d12dcbbad11055192c4d4781e7385f892e4d712e5e265e846d19712159bbd7c7bbee86f2a5201569018c7a4bee87a9f12e78472183f748f72c53046529394b5793598ca555d00efe86f582c6baea187cd47216cb02c6452429dc70f0926dbff7d6cfc830134da8073f2a4fe97ea612cbfaff430d64f7e111291c6abc02f6443230b492c7acc794c22376be011b1a71b9665657632e1354f49faa097e381a3fff3b1c355aff053dc7c2fdbdfd8279b300b1e06d6f6cb6170429f25090c78ac1
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (46 mod 64).
+# DIGEST: 09ec84331099e1d602d0998d99c199a6037255a5a4d96bb3af54cfba357bbbf1
+KEY: f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d617
+NONCE: 2e780ab8b700433a957a741c9eb80f2b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7d
+AD: ac997deafd64b1fc65de39
+CT: 26d675c591f287b26eb35f87231624e454c4aca1f25491b74a252e971c48ca523b353b4f6c0106c1b3b40182eddbaf7ba47263790c3b22d23b09458d48868bb18b2fb01bdfa965f7c1b211fe02f9b78959b71e872ee05ff3baf548a85797270f456c24459e019d00f06b8a73aaf1
+TAG: 11cb33f42c68fed775b06e02f9dcb709d62614f7f3b74d8b6c429b10d0f3763d2036a18e502fcf000e9f831d01588656c5be6298f8d6b757818edde84acbcedd0608a6a36c1d827f750d7a4ef5f6df6193a620ea2f101d2b9aac4ce02a4bdde76d195cc3641bf1c0a3242e95ce5fe82c653696cb753e0cbc22bed985a860615b036ddb30a4c8c0f0ec22cb94ce3b792c9126d283eccc7d42a92c57ac389eef5020b1c1f0ca880137d21fbbe99ff07ce2317bf608ea29df9ee4179fd84dec1f9285a1e601186af282030a68a4477b59c9153d8a91c08d6e94c0746d641f9b108cec371c32d9c6068fb3f05131089787a0cc113c32403cb196dc4f98bda7460403a7f6ab6d8162ac4679b531dc266297c7a132
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (47 mod 64).
+# DIGEST: 7d506a5c0299a82f5f93dd69526156e0de9aa5cf94f9fcaa12064ef920a1c5b6
+KEY: f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e
+NONCE: 780ab8b700433a957a741c9eb80f2b02
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+AD: 997deafd64b1fc65de39f4
+CT: 9c61bfbbd3e8395be166b30a56b3e192748ba3bbbdc334dc3720206ac10c90dd777aa4957695bddaea0b7e554951c94f2f74a2bb7547ac20a7e357fe249614204401144fef61394c140553d5566c18ded15e0fa50fd5836cb725d277fa46210e57fe3c24d3641fef78c33a009fcfe0
+TAG: e39c89ecfffe2aab2a48fbd01a8b58895abf2bd66029bd5ce1b539c46e5878cca37f1c8031c8a820cf0e2500aa2a2c65a4974bc260c949d91180d660d21c918415c5cad09f1c5561bfb21f9f765c5c7f60e2c4352c0d90cf1266fca704562d003132e3b1690ae9bd9ba969c469f8d43c821f92e3a622f25d03967127a9ac4c3b2a62956216d525216ab6082fac62c80eeb993eeea3f966952065cd2b1ad1e9bbf4d27d07a377d363d1955ff2e8bad69db97c1fe49e1dcf405b73eedffb9c5992015b56073530d68503aae7b6b4ed8df988253429e900ad63f7e925e415174b24f724c9df43e95ff5b96a365beeecf08fded61eb6c2219bf4102351111231ec0c4fdbae472892eca04c91646521bd2ada50
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (48 mod 64).
+# DIGEST: 5e9c0270955ffa14e3383a79a1cfef00baec4e8be496c867cc14dbcaf609b61a
+KEY: 3541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e78
+NONCE: 0ab8b700433a957a741c9eb80f2b021b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+AD: 7deafd64b1fc65de39f4f0
+CT: 174bb28ef8ee033bf0f39cf6a5d3c2157ec773078860232827fdb1c875e9622e198a00a50fcc03b2cbf1e4a747efcdecda8b612ec3ebac650a7401b4b204185e4b42306d544e3f6512b87bf36b5f55ec0bb4da01c36aad92a16865cb852e1a5d1a86d3d57e6336d4376e8988f00162de
+TAG: 0e7f9138058d2a9141ce79d896edb6f752349a730e9b9de2edbe431d9e3cca2b617e3611e84edf9c87917806ec955ee0bacc7474224d8bb364164127bbdb1b1560130ff08004ccafab3af0902d937dab57a572f08179771b00b214ad684b9b939d959b9b1e980c5164cbc56a4432c9837b154d2ca86b0c7882cf1c631602e8054bb07665230f10259ea41f812454eb01ae06f5f923a01764f29fb130e93ac4156317659d07e5fdade989a8e1d86dbc7033c7898d34932d6165e12ee01110aa86031812df4d79e6abd101709c42aed2b8eb722507f0d282469e6bb1db4dcd23ae4c9fdc96fa8c3382150a4798cfa9900f4a515d858f82ce1471723b4a289904143e34b892f4c8d761de9c0c0ed11f276ba964a734f60a1cf0a5415a0318473d2c
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (49 mod 64).
+# DIGEST: 57739c0c5b8e1f0255bb93eb53822ce8688a4078d971c0a51e757a0269760bde
+KEY: 41a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780a
+NONCE: b8b700433a957a741c9eb80f2b021b14
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+AD: eafd64b1fc65de39f4f035
+CT: 9b01cfa97c72b5ae8befd0d357283a52f6b8c5d9292d28f61373334280f815d6b69f878936738cebaf6fc84d20baf51868eb4d2ae08d64e724beea1887a76316acc955a00b5d1230fb120bf7d51f74fdc5f332521c59406bbd3161987c6ec49ad946a6a51755796de19830631daf69c7d9
+TAG: 37cbf6f77fc5e964017bfc5582ba07d6b111668bd2db6aa7273b6cb35e6c440397401307fb7f979b6cb39cffdc26c3ef3ca83a11c0fcad66423677bc0c459c4448d87130c23e949561dfbc097b947832104e38dca519416e9ab9d98922188eb9fafb20a771f05e0713a56e47dfe1fab667c2bdc23c6287ef14c9ca985082ebf601bd18128702c54b5fe221040306a40314c9be88b86fce8887e465e9d2e062a5236bfe6ca2914a9f0aa5c43a88a7353761e10516c27dea9cd619a69b05e6287c0e8e28e2f5572c1a48884e9f8a890e11f4bae1be67beea5efd34cd69ca5e17ab7eee5ee4bc3af28a6e49bb47a0bf4a9a967bdf14054e54e9e8788e3ecaf5c4e8d5ee3e3844e560f5056503788810ba1aa91f51d47fea9ba1b276d83b0ad78c
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (50 mod 64).
+# DIGEST: 0ec4072fc3c850d4ee958a0af170d5aabd223b024c617df36f4ad245d0304c0a
+KEY: a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8
+NONCE: b700433a957a741c9eb80f2b021b1444
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+AD: fd64b1fc65de39f4f03541
+CT: 0b0133ac614de667eafb516e1fb33b016a8b49e558f335eed239d50ddd13a4152f1570269615a243502fe1c6db0667a2de7975120ef65186f5af83821598ff45494e943acae24a6095ad46a498971f7b185d7784d451b1260ea478c03babf0e582a8a777cec20905821267eb85aec1a2ff29
+TAG: e275096ae20d00bc4a15e380c877226c0b2ca24ffe959b13bac702c8eb499c2668abac60eb58c7a87c3f8d6af3e659784b87ab549ea4a1b069dfd5307a46aca1617019e262967c9e92affb78af2dbf7e8734a736263def3b210e3cc1cbafe1f652d427aca9220fecd8cbd5be52c711bf5a8cc9434ac1ff4b9c54965e477af9366830dac8b6573f969d21d989ba454b3a1439ba7186e4793473df702bcb9f191de383cc4447c07204d680649712502d1122b4fa4c7f980c453dd3b7478695a8cc555db1f8c7cdf1e41c9ad40a67c35f753a0318127e9be4225e957d3b34c625f5e5bd475d0d8dbb9bdd8c22336b5a70509ee2383e4142eba73748e1d9cbc1d361ba8e27e2cc33bbf6f455b876813aeea97ccc8c2d51ba96f3fb2c6b77fc4d
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (51 mod 64).
+# DIGEST: 640ba3888e6cc260a6022fb69dbe5c5267dc8604aa92216e11888394fe59d292
+KEY: 1be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b7
+NONCE: 00433a957a741c9eb80f2b021b144476
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+AD: 64b1fc65de39f4f03541a1
+CT: 8d5b92c78a48ca6049da6a036735ca23b99f9c3cfb97122312e5bf0279d094cfca0b976e24f6b65d81f85eff669da35486809cbfdfd1fd615a5347947156148e6b71a11f7bec611e7c29e19f6f62f94bd7f8b89e54b6945dcc1a7e380e51456a31f1d511bb92443deab5987c3bba2663e44640
+TAG: 7acf0a75baf749f03853423ce40ae4561a255e37361b6c1d7112ece841573d869f21625490196ee94935af6cc3cf789cae11eb8d4e4919796eb984510bace170f192626127324a5defe85e0a226c8376f952528151bc78f33d093453fda77dfda1e6364cbcce001c22b3018689cdf769580642616eaeebd22345191c0c30b6e7a07a83d333aed065b0fab2c9c40e2cc08537afbf8682d434f5f9538292d7094519bfad7842b0c708af475b43770067b5b86a9178ab148e5d8c0815cf4403f6336d66079763f4923b12a53ec020967df5f1a416bcbe2f851af26f7eb79a26946fed4fb3586f6f5219e1a995a5e11ea22dcd9b78867c373d04d17241f19cf705df9cf57bd58e38952d8dc30d262948dfbf00f8b4b4ff9f7d7dd3f5fde29f
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (52 mod 64).
+# DIGEST: 7c10e4553a91588e2c39060e9b438736721926cb7bf53858293ad763e9b70fe2
+KEY: e112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700
+NONCE: 433a957a741c9eb80f2b021b1444769d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+AD: b1fc65de39f4f03541a11b
+CT: 997bd62c118718ee23b9d75f5ad15bea914cace8858ccf9534ffc79a626768802f7e86930243b3dae80d38782a6a61429cf0278d37bdb60a0ce3ea74163ab77eb299285efafa2895fac6d7f2ea65b35e579e07a7a6395e2488db288c415b402a913d727cbf3df623ae4a205d9867c59658d48c7a
+TAG: 6cea3ef5940f79c341e22ca98771e1f4a27dea38724916ed5027d2747056a192e72ed7bf35cd1e3d9a724935bd778866a7454ee24a7d9ae6781aaf221ea99ee6e61d72a8918caf36d30d5a190494f0ba02ec3d96b4e9b12ff747e0f1c98ee1483ca32cdb68fe1312ff5f0f49f2e8e89eba814807cc8e44abae69cdab9d7ea9ca0b1a785b743f9fa4444c23e29fb77fa5c329941ac842b47c8b052a26e59eff599d1007f9c2a037c035c475134d272abff2a4fdff42e561afc2a589686be3eced7ab14ec72400dde1bca8738605794cdd80688b8caf366f08c0be0f200fc6fca9bdbc8e5ca54d75c1d02832d8eda711e4a4db319b622cb1af0ee8ef22d88d16e4552fd6a38d4f8517db6cd9ea6420c6d89b99ef60f87e43a0f6b3c63a
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (53 mod 64).
+# DIGEST: 0e88468ae741a9ac1114e212499c092ba60869973f2cdaf456ceb336ad40cee9
+KEY: 12a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b70043
+NONCE: 3a957a741c9eb80f2b021b1444769da0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+AD: fc65de39f4f03541a11be1
+CT: 6ddfb308153a27c84009486ba4794d3ae0367fe3f75e289a28e2bd79af4ac294827e034a8957cf3727463c10ebb82542a1a84d89214905da11bbf882b702168e670725717f360b255b6b1c4035c0192b743e62c20545f6f8706010fe2fc8ff25c7ecbb2184460d0944c1e29f66484c450b2b06fec4
+TAG: d15b520c601564fce30151843ef4a8bce43516f2ff8acc27920dadccaf244a659d6ae5fe5568439d8af51273fac3982e690127a424b82ea2c5accc995c3002d70b6ccf3d46d86e4a231092b0c2a2b3fd2e9d199f8fbff1c4a2cdaa03ad6be6def2378c8991edaaee10c27347cce20ad1576f664b8cdcb3815416c89b62a3bb8477041bf3d070f2b862295c6fcfa2066894bc573858ea750607e0cdbd2a41771664b0d35c7b7cf9144e5802252b26cc2090e46887c2836f2d1a8bd4d82cf00915be9af229081d9766b95215c275271b2ee52b16fc6dba1ce627556d4749d058de8bb849021579c462f918cae2f4eed68ee4447100dbf246287022fdeacfc9599296b9ea3adee378f0743a78650abf652a78fbdf1ac7c64c844e115c
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (54 mod 64).
+# DIGEST: 4bc1f00622d792e473151668845b2ffb30c43027972bf59ff86ce53a380f2aea
+KEY: a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a
+NONCE: 957a741c9eb80f2b021b1444769da00f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+AD: 65de39f4f03541a11be112
+CT: 452c39f1ed638a315dd21cfbfa383115d3345ae07f9968f2c30e47a05891ceacdc0f3b4669c929765f51f69c0db940b6ed5d0266894292e57d04c2fbb3b1fe2bc3acb98f87974341ed985a151f82673c237d101161ec73bdfa6144198a83a6e7ce8866b5fbb7bfdaa908dfc2fb15b9175ae8d6cb87f7
+TAG: f7a43f52963dcf384be1ab05d5c76c82b0c56ad9cc7b75e28f08422429f128acc6768d744d05668eae006037f8f7e868a3489d746f5c756c130c910b48cb2572e351b38f89b9ef2d2b4b2a8890b5e3084cc630519519f3e767f284f060e04445562d201b94b5c07938ced76cb43ea1f6497fb86751f3cf76d58af9d9b32e367e012202f94c0bacdacf632c28c3f5d1623031e3695b7e4d82799ba9378415713cf3837e6dc815895ecfb6712207042ab4ad7afab51677b4132e5ec548346b062ae85eb0fb0e1a181022cf06edf4181aed1c28e3c615a11c825f70c182689dd401eeba16f021efb28505d570cf461237710533e101991196db42b2c82d4063377c3013cc2e2be6d8e544d44678eb80a137c7ff63377027f71d1a20
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (55 mod 64).
+# DIGEST: 7ddb9526ac0b917c3d63a2c0a4cd720d4814a25e29c34a5b203d8aa4d4e0eb00
+KEY: 2933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a95
+NONCE: 7a741c9eb80f2b021b1444769da00fcf
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+AD: de39f4f03541a11be112a7
+CT: 8aacfaa8f3562d65f4ef8490db090ba2c6a4e80b99fdf707317a66b871dbfdc3a99d04229410d3e7e69325c62aab79ee16e898c32f56d3fe6edcd636291f195f60deaa0deb05b233f25530dce9ffc8e7a75de992afc6929e90e53093758b94038584acc9f235cc463722a18d0de99069c086062de66b39
+TAG: 6031ef2bc636aa219307178d4e56307079c664416b5abf00149aa8040229322a006f6c621628e371d85d733037069df7356b8800a694d5c964f8321f250088f1d10d8a967b8290c9495c75c26d81ebde01469f46bb4b39934200b3da55f26847ed74dd5c26f641b9f48331dcedaaba9216bf4a9329022294e2c79b770ae73ef355b98ce6fc755c38e24d1782a74764e3720c01342cc07283d8925789c42a7f29704437476c1d510fb04c16e9e5f89d824fa861b05c9a18e52a8435e8b6aa8abb22a9a8ef48ab8cdee50636130a63a05dbab01908d12f30ec71d8475f54af9936c00d1ed3d69be870f6dfd10542473b472fae1171e8dc2f66643ac3720b8931a06b6f460b76f63fb12bc2d82acd6180d8f7a3340ab84c125b9f
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (56 mod 64).
+# DIGEST: cf85268a8412f6a450d7c8d48a2e744b508b00017da678e76cac09902ca6b0ad
+KEY: 33c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a
+NONCE: 741c9eb80f2b021b1444769da00fcfab
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+AD: 39f4f03541a11be112a729
+CT: 1425f735d28f545c7ab1627588b21089cfd0641b2746bae57d36f0286c43e9f9476f47da0ed156600455ac14c65c5f2999e8aac4d99f69a0deaf7ea1653dde591fe26139e30f64ba29d0b11c7853938d86d801e721ce7ec81be6fa8b5f281d31b14fe3388a028319f0fb12ab50438a3ecc32ee959cb5d393
+TAG: 03ba0e494d4f1f602f3554bf4888706d6f686c9e04a1189d755a8b43f41abad6f5abac893019a9c3fc38f17a34b5b257107206d04a7a3d2afbd3cb03e5f10f2c79c5e2b18ba925a2eb112eea5477d9b862bd7323d0275a24b63675ffa375692b4a9237bca54478ee86981acd437ed1e4e2d71508b39c35b3ad3633ec617ef2d35ee174d52946a3018674eacc4dd64e705df60203cbfadc3b1f21c80a562cf2f6c42287e5df030da4553fc450b89e908ba0a6beca9c228729055d875f65c1313f5356b63a986233d10b5a00308ccfd8b7e1524e1b96a07afb980e8607d9586bfd0c50098a399fa12ee706b26eb1df88181103c2828710990c311ab321ccdabe2406c6acce5ebde7c10c612fbf6397a3da38ae1b016208eb9d
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (57 mod 64).
+# DIGEST: 0ecc677bf17604e63d1e4ac4a1d56702dfb16e205af1da5d105d553e87d14680
+KEY: c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a74
+NONCE: 1c9eb80f2b021b1444769da00fcfab0f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+AD: f4f03541a11be112a72933
+CT: 368ce97b3b9c28678363cbcee49ac8474b6a12ff63d783060a8cb33ad951edd059260c4927d5bc2ce252b4deabfd902ec1025a8847bd6fa57324d1d8cdad0f23aacd338c8162f77024291f106dd73b1dba3746e7a8dc3c3132c6edf1367aa576046a7d537df7827059b25e469dbb6aec50f33836bd166761fa
+TAG: b69fa0f760a7bd618bfd2225597444ba67a29e91a8bf110dd8cba1cbe05d335b40a51b1626c389046bdd3cd6f4211e127c58fd8b2fcdfc8d137652a8e3bbb7e3fc6ffab78b6b3b95ed52cc9884a5362339928db7e8d85a83dcc6634d92ed8df610885a3ba813ce831eebf22358d1c46b24cb89ccddf41ae4a4166eb9d48a62a6e3da218fc992a87154280093c178c3fb86133cd0427e8a23338536a7c6fe2614002e5a7765c49ea08ef1cb816d74dd7f6460a674f82e779ecc4d1346e6367b8e06586a1219cabb6e73de95c6546f7472bda8f17a2fa3462e1356d64affde34dd51c2fde2877ec1479030f38418c23c429189c16d38b2be3726a46f96d0013378b7a6418c9a29ce256fb50f991f3e32810c69e34fd73d9b
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (58 mod 64).
+# DIGEST: 75073f11e219dda101a54987959be5353c48af4af654fa6dd23e32639ca2ea1a
+KEY: b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c
+NONCE: 9eb80f2b021b1444769da00fcfab0f5f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+AD: f03541a11be112a72933c7
+CT: f48fa6c6c0ba5d8904335d29ba3c5ec00b90041b67806c726a4f3b88c105db3b373499eb79f0ab9e348da562828ffd75369c90fb026cbd76cec6666bbd61b74548fdbf7f44c45c127e82dbb690641bdc7e9271fe154f6e148c0831d08ad7fbd38a4e3a9cf47e0d4803b4bb045e6808b228d1a8605661c54ed964
+TAG: b4e59c14bf8f6fef19c49bc43295dcac4a43bafbb931ea101cb4a5fd7b3d14ff22ca54c5e0c3ef3317314f7676e327452bc5e46216f1337fca84e93de5afbf3d50fc3466e5aa3a23772fe9fc05da1fdb3c5520740b372733ad60dd874f592fb48aa9a2583ac61ad50bfa680f029b0b31cab014791e9374076e015995dc64b403d0307999cac380237e2063730356767323bbd11e8363876bef0c390091cd2c5a4102f08d15f4aea5761a8576b059ba59f6403b5f286d370f987a54db50b464af74df3c53a9e90f1503313cddada7719c2e5a43db5b94ac79f51bdd0747bb38db9dc38261b1212128b7acbafdf4172402b64fa9cb9fad382dbe28d14d0b40957c045565cacfdbbaaf0b0332ce1f67ee60aae09e29832c
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (59 mod 64).
+# DIGEST: 7390da1949a9ec86934b6f6c7af07d60fc37be21edd0ba9d937e888402731c54
+KEY: 4ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9e
+NONCE: b80f2b021b1444769da00fcfab0f5f93
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+AD: 3541a11be112a72933c7b5
+CT: e4879e4b80eac7bf4b235ee71db7af4a9b68cd4151d92ec1d33476595c714d4c6d97810f5c88c7ce2f45b181cb0a20b1969c88039248f7fce86f7f9458f51b726faf05610b76cef8afd0855a658feea188abdd705a3de0a655ce2e9a54617d8b646853210dc47dcb094c1db4c198cb1bc55147837b1c0bba9822ba
+TAG: b82121c2929f5c4caf4220dd99bf0836b91dd5db0c753d8c6c88dd63a4964b60896712d926229acd3ebfd86d40aac7b8045739a6800284a57e4cfdb9f1d58782aa709b89f529a4b148e2ef9f4772bd57567a0b6f331b800e8fa71052eb99aa64efacf5f7060dd42b7cc653df1d3b784befcb1069bd2450f6b683c91ed7bb892a3f637587140aeece58cbc1500a8b93e86292062545308af906ede1f999bf1ac3f99ba5384fcef40967cb2a50270171cbf45cb5aa3b04fcb33ec022d82254a8852bde63db56730a64c163a017c9cac043ecbe2847ff740d768c72894311c210c0959a737abe70c1e20353c0db83dad2c4bd2d407fb389351381381c3bb3ccabb5d571f550c148ce940c0c401dd21230467dcc06fe44
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (60 mod 64).
+# DIGEST: 174d05b7079b80d455325eda1a010ec9bfec7110a14120c6cfe365d270099069
+KEY: d4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb8
+NONCE: 0f2b021b1444769da00fcfab0f5f93b5
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+AD: 41a11be112a72933c7b54e
+CT: e067519b3b6b3271ec55bfd3b68ee9c762887b3eb80cd4f65d3267fe3c6baf3b83620aefab953b7406b7b8cc6fd5e8f8180af789d3c57c55d580b00ea780cff26f5758edba93b7a08b2292104ff11e4743e404f04055e136bac3300170b0731c35bee9de79de13da8e24635b882b9f7c85fcd6f94e310fad8d27cef5
+TAG: ecd6d54ea9ef0297664a6f0c3ee972e2752233d0fe4381474bd846d99174f15e7312bd2f58547a9e8f301c8ba706d7bd0bb8b8a3bf16821d72895af7787acdb345c9d0f58171564995e53783343e782eefc468858321350c6c8f0ab1918eed7b01eb0265749226a19221f57818af356a3909ff17daf229510acf26b07273e21713d0ecb8f8f19c6c1679377409c4dbe2bd04de8c6546a6e6b00bdb72613b210412fe79998955e0de4e04a6a113243051b1e2d3ecb0a8beecb32f0374f78c804b0818410a12a12db227d49fd7107c02ccbd6dee62856cdcb49354e96cc434cab526b0cc4f215dc4c8e2262bc44e3c1a7fdef268d03803d1766c039d576c5799c4ebb148ee655daf7fd8e9632f90dd88b5cb6f4145
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (61 mod 64).
+# DIGEST: 338800a96a5cf6db2ec5d06de2a53d0fb1b94918f1f8d5c0f222640d4c1bb96d
+KEY: fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f
+NONCE: 2b021b1444769da00fcfab0f5f93b511
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+AD: a11be112a72933c7b54ed4
+CT: 9b5f06ef7caa30028667c9d88efe9069c214d2244ab9b30443691c7298ba292241099693d831c5bc50dcf8a7eb983df8bd7d91497d8e6892e3c6ed49aae987bc5f047ea53b3a44960b469142662b1d0aa726b99170cf0c0edbbd2223efa7fd3c97afeeb9c50ca0a8074d2d339e8b4ebc0def814188cd87dee400b23ba1
+TAG: c512d19b8c661985b1bddf12672f3ce85664c911566da59c3d0f4f8f044fa5fe6200371b1bbcdef5a5771cc7ee919e36c6b0d035e9a8b518be4aa8464ed8eecaf4e49d3270080d0b29589309fabc79fb533efdd869e42b2f3fea9d78756c266b245b4a37310eb1cbc24a878441b7701a813cdf7692a1fd2172001a90346c7a80b80ee21249e45e1eee7b19472987efcf4335f8b0c59c2ec21fa6d52624e7ebdf5a2a5d595a098eb56a6ec24636b021b5a899c27868f6ea549cce01a64af21e36525ae16e54700e9b9f57fa61caf0fd49a2c948b0059b315592cf52d5976d2022e6425ba227c9d9cf1d477517b5d25fdf33f6f719c2a6f91a032c5745477f53072c373f5507757417f26126b156ca91500325ae
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (62 mod 64).
+# DIGEST: 6dc3a2d32318422ad20e9c7b09a9a73d8608a326eb14efd6eb52b87ffe4bad09
+KEY: d0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f2b
+NONCE: 021b1444769da00fcfab0f5f93b51106
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+AD: 1be112a72933c7b54ed4fa
+CT: a7a27ff44599a6263753294a057c527552f4659590b97b9135c74da778a88607d0781df713f4e0d72d044f0c2c7daab6fdcbf162cd700d236999e29c25be1c599b5b5941c774432494b848f6d862da9f95d28d132c7333a4ab436d5488466ff8304415494bac0a922c8aadf885ac23dbdfc19a0311857d4d58d69f714939
+TAG: f18f948248b93ce700f586b0d146f3156b4135696992754f1b8d15fb1066b23b63006e15e5545e7072a8d7701b259692e6651dbf00692201d981bc0bcfbd7896ae69fc0219f089ec44cb737d07c25dea40c029a1146c062496765b002128a8b0fc1d11795e908aa0cfd095e96dd84c3a205db31bc1547aee7b31fe35eb388e15f8742e9c6aba30f7fab80fbb794e31f8801ed5aeb125826b545ece1440c33b3cd5f7fb4a422f456ed501248844da374ca8a033b541904c430ec09f0f72a53d458519eb55142156c823425ed89a64a5b0e5d20a1bec8d7146e62877daa08d4164fdedc5c85d93c4b1cd914055c6a80ba366f8f8739fe377be0afe56d198e96970d952d694cff07c9d83d9ef13e0e135d4ae86
+TAG_LEN: 32
+NO_SEAL: 01
+
+# Test with maximal padding (63 mod 64).
+# DIGEST: e2c5b8d5e6f07c136223bdb8a1c0197cd99132dd8320a3f1dd1a393a90e575ad
+KEY: be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b700433a957a741c9eb80f2b02
+NONCE: 1b1444769da00fcfab0f5f93b511060c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+AD: e112a72933c7b54ed4fad0
+CT: bef9d1b0ca29860a27227b7d32af256a09503a9febf9c1124054533c15117d846447e74f8963fe6eece8507f168adcce0664448a4c499b1db6d0d0a57eb9b4f86f797f2defefc7d9f3b5883758ffe189b6f9fd921eaf4a4d6b7f445e5c871c7fad06031e5a5efe9ad995b5e0887765a8966f27680ac925884d4850192214e5
+TAG: e23947c16b562a55cf3b68611ca4d729dfd0b33405313299329e4eeacb6a8edbc64ddb87711bcbcf11c72fe70121557f1a0ef0512f606ce8e3221afa9fdd6b23b8f7bcbd9c296bb48821104f2701c6cbde78615c1a90adb1653f9f559d4291a339c385f9c26a29d37d923987226522cc939053fe951ab61cccb61846f89f0a4791f30166d5d9a04821b453917614a36766fd78fa099ae22ce788c44c0980df3a73d6ea2306dee86866143f8203357db580c00d4e4dbdbe9b53c37f08fad9736fca2819b52728849d9e36a0e7d75dbc48a7347b70cdadfcf8a81bf5734faaf01c795adbcc0340201402950b072359db8fcc5d7b68d84d59ad34bd20c3a9b529e397937700fbe5817a8f1c997cb0fb7c1d02
 TAG_LEN: 32
 NO_SEAL: 01

@@ -42,14 +42,707 @@ TAG_LEN: 20
 NO_SEAL: 01
 FAILS: 01

-# Test with maximal padding.
-# DIGEST: c6105cc86e18eb8376c16ea37693db5c07b77137
-KEY: 8503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+# Test with maximal padding (0 mod 64).
+# DIGEST: ceb2d295bd0efd37c6c34dab1854c80e986174fc
+KEY: 37446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
 NONCE: 
-IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c748
-AD: 1df3f4183aa23fd8d7efd8
-CT: 17944422f667bf1356c234189f9c6cf7af52b2832b2fbaa990ccef4e7f9bc3841e59e25c00e3686d5bd5c29f
-TAG: 3ebd1b0bee840e8a6e992421c62de5a8fda3a82f0af0de2c6be5f12937267befe9b421efafca4455b5af6174cb0e6f929031086aa7b85a073705fa3718a2a9b595e32a725ccb0b3328ea913edf6a42dad4c44585fbbb9a500b0c938c78d4fa17b2e52b479aba6921b376bec72ff6d66a5854180afedb8edb06c919016d19f252ab39d05c3c4f297038badb09ad7f23c88d5cdba7e793f1e4f2d107571eb9807efb3009187e1415e5d0d3c6110ff77f26da9605955843b9cc60875e60c3181ed0da4e5ad390e1d3c0fb942b618d1015716c4606030a40f0a554c4929764da415d773d386b3bb018a4ce72e85f28cfa3e08f0659464c0e0cf3215996c6a769894023e4fbd5377f387bd914c1d64db1ee5f88627b59
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba
+AD: 2fd6773e0d0c302a5f47e0
+CT: f2ab16ba87c52d066c0637d387b89d700a66828ef231b480f39aa08ac2447c8ddd205d1a95da37f267c06a1338532de890904f9f19c930adfb684e81cc06bdf2
+TAG: 3ff610fb9e208ff6ad58b78c5b2cf54b997eb3f24ac0171229ff7ee9cd5070de5a604f78b35b6cd25b3f2ab487847ca1e3928bf7f19bd19c9c9a1015dabd2de426fe57d342009ae4a2e67fdea378f24ec8dec1e87b62b6f70626bfd71f8d8d5e5c5b935a76527ee8a9a3094d635dc2b01a31dc4df336aa023517d7c35e142ccd6a79bc689e335f187a5358a00a7d4eb168cca3f9c6523ad4d74609a5b5c9e36db6bdf8464c4c8497c501084afa17557d070a7671c9144c86b4de9d57f033bc6b59a7f1f4e947b6a2d69c85877de731f6eb3db71d9f4c2dc086a3303bcbcd2f5b71643058b7ce08ef5879e0578ec81ced96ce907d4f32e67fd4cd269de9b60e09ff74bad6c86356ee297475ea7fe75d75
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (1 mod 64).
+# DIGEST: a07054c760cc66fc704edf950201005031f3faac
+KEY: 446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be1
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2f
+AD: d6773e0d0c302a5f47e037
+CT: d7059edbabb5cfc2cd5c459abd74e136790aad50d988c6c9271428597617db171b89ab171a68b14f9d417bb81f9f7d2e2045aa47c0b5d166c8b2622bd914c4e752
+TAG: e3d17e303776640b3ab712f6068c44e0e3b5d375203a8b01ad47e6f4681011eff04a41d03ff073e61c630b5faacb744447226a35e7496204911ddd660792be62c5f34c918a0d8514872100c4637ca12bc9c13b1580aed10a68c9187377441bcdf213bf3aa72831f3498d990a7a5960e1e6795bb11e4c7910a881d76ac81320ae61b151b8dbde093bc9e56b8204463d8ec31dc32b3cad5cd8cb48b5f20e54c17469ce97c069051c8e4b2ae5dffc0c2651d868a9909187c2732056213e41e315e94d14a84a24a676155ba86ef0b96efee3e4765dfc750953dc9a7ed739422c7d988f290432320313848a2eb7723c7c85ca3590eb35e3058d0462ddaab0cd48730107d4031a216c6c2595d1ca0b3f1815
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (2 mod 64).
+# DIGEST: d059c266cf6233af730b7a229b19356a4c6fcf06
+KEY: 6f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6
+AD: 773e0d0c302a5f47e03744
+CT: 8864e31c8b2ce1bcd1745671da5bd66e1e366b0af66b91f605574c841084a5df358483c7839e4456ae5a442930f21d4bde67578186a91c0a603468339ffbe3bfc607
+TAG: d8a0bcddd40964405ef006e0083e67a607b9f926e6508880d7784248a626d56a0673ff990920960fb307ed9cf40c2a1cc3b632b1f94aeb30efa02123e66165b77aa4be5e2aaba4c4a52372b403cae2f78a3bffc1cae8dc6f53839de7f16b8984304abc4a81ffe1ffb42799b54dc43ca0b963be6299a404fd4b3acf65939ac319966aae0a941c74135705092567e1237044c88f79b02b68ef622f9c776bbc04dbc2f58338c129f25afcd8cad7a0e91f30339457075b68df4960c003ef574e3aaae870787ae9ddab96495861388b341aa63ab2721abb176c4f2e6d5704cae123c20f1394d6a12d51fd5782dcb59d075775dfeb72df846995b87b1d374c0d0b8a003ba60f713ad777b8d6ad42c5e373
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (3 mod 64).
+# DIGEST: 8aac0687e33041fcc18da154b41f20a6af2bfb28
+KEY: 5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a7
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd677
+AD: 3e0d0c302a5f47e037446f
+CT: 1d239b3880e2261806ee770e7296d573d308d9850c8bd90a0764822faf5f65770f98f18ce4738538f03ad9b289bd5fa1367258f00d3ed91e32885bc45c30a240cad8c2
+TAG: dbeb6d1a1165a902128a27d7f55f4d928b56a3b83fa430d47bc4f935219fcc6005487f1ab14df0a07a270645d1c2fc23efc9866ec7e4427fe0382b75215c0f994f09c4ac54bf360f8ec938b02c17c4104127d2cb1eb51a11455180931b8e473838e5b1e61cf5cd05947a5b154be5df49905e6e7c049d00f065f680b0e5f3f4a7e9dad37d493f13c7ba318ca2bae086136d67b17a6ebf28b45cebcbfe115a45dfa32786a8b8354d51acf58bc126a13146e0ca509a26cc32c3e8ecf5b9d6ce76a9f76d674316c42f3140d5139304479376db2a167c65da7250e6fefc9d3b37a2072180ab3202f1fc7dd7f4598d1d976b15945fa73e1be07a91186ce7c16c4249d9f7287baafc572673925e95caba
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (4 mod 64).
+# DIGEST: 53658226c112b86438dd27b58a71f9e36fc73c1e
+KEY: 91d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a729
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e
+AD: 0d0c302a5f47e037446f58
+CT: 719d9de3bc86d08510354817d0fb94340ab1ddeefdb95a1cf460f7c9b185837b5320dd862b4c319619a0b18dc75f1762cf7c9bed63713c31e39a6f7069563441b9e6f106
+TAG: 8b61062c9480ffa62f7b96e9f50249426d05bf237d25e2b676e0041d40ba97101843d9ebc978949eb7ba53b8989ed0e93e5b91f13365345baefa1d7f59b694f6ef0bef0adc1d6763978e12fe354e57b90127533f3f991ce611e31e88a97962f859ebbc0e50d130c323aff35581f1f45cb5c650299025a03d99026d6f6a844ed9d5fe66e15a9fca79726afdaa54c077d148d561ca9e77e427b8f8074714aaf8b011697524e4d91bbab69bc01c8346e9055d7269cf124b503f7ad38c384abfd91ca36159d8a41e6389212167278b830ea464f7dffc3e01c9807368d3457ad5f21b33bcb1afd41ab7d805c9ed2f2c32da9bd4b510366b362dd02f50666ab8e5a72486b3c0d6b9bafb38c9375dda42daef635a0007ef
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (5 mod 64).
+# DIGEST: 6b7d5268b0b5037afb5be5af6a0ceb34e7656ac4
+KEY: d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d
+AD: 0c302a5f47e037446f5891
+CT: 9adce31c760d09ff911ed98eeb7146e82017261c8017d9a5fae1127479f6fb54d081cacc1ab7150f05d13547b992c1fe36a6e8e55ef1fa3bcc45bca495a981000a0c0b4f62
+TAG: 51d033e8003b06bf819a4f7978d75abec450c6b11a00bdf27f549f6060390ff99e0feb9509c6ac882777da699f5d5332d1b838a0436101574789ba485769ea6f4d73a10db775f06331140b218fa2ddad7fecf381fb9e3d26b06b3577bdf57e2a8435ba0e5b1e305ddf28070d1749d11ec5504cd9aa51ffe9133152ff35de21e4bbc3b109a318075d924bbaf0e267a1abd3d7afd2d3d8f4d951d4e96fa63741087a975eee8156b01fe566f7f6a309257c17a0bd9faae4c2781aae72eeab1903602b09b69026540a84b4786b8dce2a3e5ca26c65eb7b220dfad400cd236a4435d7fb1be60b9074f2f226e810d54abe7ec0cf10e7c465059720baf93915dda8a56d5a012a990d72408d2c9ab9b8dc813eb2f1caec
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (6 mod 64).
+# DIGEST: 63efe7af502231420ed5aecce9a28446b257828d
+KEY: 7df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c
+AD: 302a5f47e037446f5891d7
+CT: b81f6e678c5a08244a5f578970d64f96f50ad5b5724a9287ee7b293308db34e03456f1745f79c594ecc480fb2a9412bd685e6c0df028eda06aaa15c90afa4ec01736450e3eb8
+TAG: 63b849636c212d353918c6e3044d298da268ccf1042987617860b58eb7ec8314ccd7762ebc39b62c0f0f1c346c8f4bbcbf3bd0134c0a7374de1868b08ba013398d8e4b578bb8d7359f2cff1629ede34da00138efa4a724d892fe4ed2b28613e66e0bb4830f66c14dccbf8656e615d66f267182662fee8a3e1fcde0941793f0bf2b00d6ab6e9fcb30553b620cf8e9e0a15f122808d739e698f88aa157baba12428541e928ed556517978f6c9f29c6ae8fe5b4e9ed6f0ce49351ac2a63e74bda9288a874a7fd5327c6856596a3271039dcf54affbaf29a5556f1fe1062279d2600b920f4e26c96e9e8fa696c521f60e9418975befa58ad564e730d1de312ca1b999a5e89b813743b1512659d809078243170ab
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (7 mod 64).
+# DIGEST: 1a555c300a1d1bd5b03cdd6bf2a678621624eb05
+KEY: f660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b5
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c30
+AD: 2a5f47e037446f5891d77d
+CT: 6b6f94bc2326760d257d8156de961acac0b32d7f4d0e20363532e76ce76641ba66a1aa7945b9ee58527039cf83fcb01d8ef85254566947347463e161ec8cdec74a839637288d09
+TAG: 77b18bca8ed1d056d9c974054598216bc15bae5b7d70f3bbe32b3deb92398b0ce25a1efc5eb6782fa5fbcdbb415ef43eca090fcad4d34d53b1fd89cdd760e6424715c7703c51e08b72cb3e3b8a30bff159d5126f1473f216d5c931ae03703d3baf311a59d7ef3d6db123f3e8c0ca26fd3f8809ca63265d2fac935bec32631af43626ed1ee9785c81d7bd0cbc0c5178e1ca7de5d12c3592a7880be6590072c4728b2afa1eaaeecdf7cadd8304c2d4b614af7af14efa00dda595be92de09c74b39df05d7d023db721f86992c57061a264dead21e24fa47816f43b77b8ccccde44bfc32a015134a2cfaf04c582fb839202b08b81543ea9358d5735e7c197762a6a39936e26de58690a02dfc273e6779e77708
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (8 mod 64).
+# DIGEST: de9156349b578f2f44945ec6a676a67a829daea1
+KEY: 60ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a
+AD: 5f47e037446f5891d77df6
+CT: 8f211be563f98f493745cca0e385e5b0113027efe3b0a880805427e363014323c4f6c7e6b30d2466c70ed56d63157f2c4f6dabe14d5a22c6c708ab3fb667a6c64ce5c8de22f5261b
+TAG: e5807ffa59e0005c9dd7eef0b854ee1b2cfccef9977f8a963167cc563d844f795c4ce4f9d03da95e4cfd2fc80c9efb6424df8cd3b7875a6ca129da8f509ab09d1f0eec0211e0ffe5492913fb688796a29a8eac54f374e8948991059f6e73a68eba75a892b3e2ed5ab9680eb0b308b07337e75ad5b406c260af5d27955aa820bd0435549700e960e66c211000885e19b804579acfa8c526603f8d743491d916fd4d0e250159e485a4db2fea39a8eb9443516518e6612aae97b1d9b7ac48066d5fbe2c1be3b2e20233a2fb4d39052ef4ca3bfc47e561aaac9c57a7dbff922d6d997821f6b09bf3b4c91bc6162b150e17bfa2544f93f2bebcb4d20322bf0357fdffeec8f75679e6627b4ffbf8e0bfee63c8
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (9 mod 64).
+# DIGEST: 12812df3aa7f3bbc899f6f248f5590e02570c292
+KEY: ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f
+AD: 47e037446f5891d77df660
+CT: eeb6afcfd2626da1230067ed9938f7df35e99d2ba1c91d0e91c3db53034a3dd2ce3352b06e3d1b9e8415ef4ced9b2257eb05bc86db8204a8bd943bde51423a09459fecd528faccb646
+TAG: a69c7d8db2c021284e73b3c07620022eb6f199509e34611ed671c3558ae7c103c78024d96c00c791f3450d1e0338598a246855811af4cc9ae1a6522487a4a77b57b58ce29038ab0a2036404eae59133512b9ea40e2d7176e1b36965a27ee2c898d6514872bec952a029d9d85bfb0c99d8b348db6a3bbfedb6d1a3128664c454b9ef29f075fecc469f233e18567fe16759b378600a1d71504231e6caee5688e9858e14fe6fe850d95d7c010865781f0457a22f53add7ef57071c7153d312ca303e4884b83c9acfe86686517d80ce271c148cf3ab6464a9751b66ac7682a5f885ad9301a5602c099e89977f06b41badd1c2ea1f7027a38b749e2ca1a3ff4e4889e6dbd3674a52c8e24d2c76f64a6bc77
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (10 mod 64).
+# DIGEST: f3c89f21c327fca4aa400fabea9e39780378e901
+KEY: 82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fa
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47
+AD: e037446f5891d77df660ed
+CT: e1eb2175bfee27951357b7536e2c3a4c607bf511d1922f6cce462fdf98de9dfbbea66d38884c270e29d08c5ace1d6bb7bcd2b46eaffc67a99e225927421a9894238cefa73bdb48694abf
+TAG: fc1d8ef98aa65ba8a288ca04990bfb373071633eb1e8f30847d3c19ebef66962cce12d015b045e10c9e0aa7f275137e00cb2c9a0508c0187827a74faca4bcd015620f1cdd8f72161bebbb8231ad4b705d1982db6f9fa1d2303c429469737a3141adf729729144f55223df1fb45705fb15adb5cd03c2936674a47d7f6aa5d2a4d9a017e57a4f5dd954504abb588866457730304878ca322f776e3c8e7becb8437002bc757d5b34b16d04ae4710553a624a3fca8866fb3d20672d6f4a2f937edecd58e68b7b0a8c39819ab48788956c1f3f5f4a15e7d13350090a20c61620c9181f03b4d68d7e4f336cb7e4a1a277df5101511150dd39fb43a84cfc480fd548035c8e9ec26602dd66d250fce39dfd8
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (11 mod 64).
+# DIGEST: e8e41988fad6c8b44c56544964cfe0a347b35b1e
+KEY: 933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e0
+AD: 37446f5891d77df660ed82
+CT: a799c4a6590a4c48735d1da9746e5441cb11b664daada5d4d68d3a0110c4ad8d5e96d7331d5f7a0d1df9af5da4208065b6bf31affdfcd4944e8ed55b0ba7b7911be1a9052fbd93d5fbe292
+TAG: 6a6e5ced88748f87682759b554d9685280e094e083d297dc5fd474c4a2605612b2f8b1c31dea24d58c25bcacfbf03b8b09dc662d6e1120868ae9a0f1dbd2799756136c2a26a22e3a61a0216e76e94393534586e1a59c570d8bdb37d5ee6d0762e60c7171fc7953e59d74b0f2ff4a061d27a7baa8ed138c51264b356d9a42b0768bca1c1c458acdc82bd621031e2ae7790596594d2f6eda2c8d58d4b53cf6990434da8aa9e9eafec648d52233e9b92994ca5cbc071dceeed57b02e36f93f8d22551660cc4c1e425aa77dcda3bf6c98bff7905becc075e1707e37453de8f300be5aabc96c1051fa46c796a2c8367a00af3c4dccc58bb7dc8aa2e21e0886eceb898080bbc7259648f2be9da0f1b56
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (12 mod 64).
+# DIGEST: d1c7b2c04dc25fe7b742a1d659aec20e1475ee4f
+KEY: 3f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037
+AD: 446f5891d77df660ed8293
+CT: 2b8ac97f05a67490bf16bc64381e9c49e7f348212d0645056ca5405e9e0a248b6918568481ceca70e20ae4b7c1f62700a2954188793b34504fa86decc73f667e5fae944211059dfa94ef072e
+TAG: 5f91838f37198290b43fc04a186db6a05261ea9916a1dd6450604ed8a7d0bb59751f6637f593ef1a7e3aab6421b7a0cc6b5b47477d36bf439806dd8156e2bc2e229bcbaed9a3beedfa383d674d3b91922e6248d1aa8ad62361a4bdcfd3d86daeb6d775a521916ecefa2244aefbb0cfc0ede1b1c0e0059a4d69850160d2f4f662ea2b77fb074a6de69feab87bb56f27edc3a42037a041007f0a08d204cbad0a9047f7798dad51e5c04126519b53772ad4f3017f9d9fe91920aa7585a5f2d95e7a8fe5c7b22fc696be10e308f939c34e52b7bc2e71b06a56e3ffa5a0ed529eaf5a8c4b6857b1f144f51fc8bbc858c88ede7ca325d231b34e4ae0e7ac8fec3e8f6a9bbc6f8975fec1e877f0d05046c3fd7a0e15ebb3
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (13 mod 64).
+# DIGEST: 116e20ff1e79e0af464d473b1e7c187f4dd66007
+KEY: 62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be90
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e03744
+AD: 6f5891d77df660ed82933f
+CT: 783a362232c871213daa72d58658aee2ceb4de66198df21e227326010be056d5c4d2481ffead6c80733603b132b256d1c52d64eb8b700d614dca0adeacc0c7a05d1a64ee7b5c8163d1eae17fdd
+TAG: ba611208a3cc40e2cc638c335fd508441aaa15c612a5100c960543d2ceef9709bbb3e70904f3f2efac3112fc61bdfe7accfb5f0e9d640812a4f5b0676d95b1d5298eddc97ce3aa16ee761491e9f424af39119c9f56322b10e8575697bc93d1f6a63007ae085bd20c83fc32a5d4e59ce8840f75b8c52f6aeda4fc34f11301d64e058b39ff765e1ec9997ec51aeb43b35cba9ad4b020e7dcee79ad532b897faee018dae1231ceafa1a5fca1ff1a01f863580c9c07b13354e31b0067a2fb16477150ab6d027fe88276767ebb46b1029c7d6dcacbf418f10d932dea2ea161ff8a4f6d79e0bdbf0a67227d5c9100a45fde25e2d4e360c0c0942e9ce13b570b5ea149dfe422fea36251e226b3f7eb709ed7c7339aaff
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (14 mod 64).
+# DIGEST: c081d0d09b2c9eb39a372ef4a7b0246a0956b0f9
+KEY: be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f
+AD: 5891d77df660ed82933f62
+CT: 894d8fc70288c7b8a5d12e63ed6e6e8c74b8d9837720762ccc519a42e024ee05e8f770180e5213a7c7ceac56cab05834d49847aa1432fcfad8286e092feddd421b33212e41716b3db5358903c11e
+TAG: c00612f3ee6619c87aa5c7958da77fdac74ea2ad1af9115fd003edc7bdb36f639dc2d89668f6c2440827a1e7bdb65acd172be229f8852d4b81d1d2ee1e167ff127fed768d0a6eb822c2fd88e733a0884f06e47d5f3a7e84e7f20d8b630c8e748a03f2eb807f3d6bf67d3f93ec97f22a3bfc477143f9e34049fd9143ad5e480bf538464fa847a5302e6d9ec3710122fe6c295191906d98d69e01e81a79de0538442a76a17fea214c74bec28c01370a0aed01e1a32a629857f5d48c3275b79a25d3fe549829e5d72d9d26c2e07fe133e214e40dfba4cd19ddccb01a6887bfba26db80b40eaee435a7619415af7be271739dc339fbe4a500db56613498b34c2b1f9dfbea13aff30c84fd1380ecd821b57cb3775
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (15 mod 64).
+# DIGEST: 6f7bb1f9e2772eb909c315e653e4737cfed78a18
+KEY: 8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f58
+AD: 91d77df660ed82933f62be
+CT: e5d56aea96fb40312e288074a21691ed29f17a547529d2427e8bcd5024e617411c08999a8a514adc83a14fe27c51b0f7d44f684fc60274c009274ff9af14d4b1277cc03453e02c0ceb26c796432f0d
+TAG: 07cea5df6c6594985f9af65319e2fcb1882f6d1d66fae0ab595ee72dc4a1118a7ef8ea450209809349b41664ee21afcb053e8edfa53bb1e66d9aefde4c48c6ff5b5e411c1228cbf5c1021d605311a20bd6708aa004d7da8bf72ddce1cbc9a12100969131d596cca0fe61c82208d0848ae0d098036a07600cc4b443e344b06d3162c8ebe14850239f77d178152fee009b1bd81a68bbf632082f9a62dbe60a1ba579077842c713ab4d5619b7abb15eb8fd3b1ee1506fe8df31bc90a63eeeefc0f23ab5ec83f4a1e9fa8833f15c90d6b68615ce297b466d5d67a87ac9fb10a2ffba5a91d31d1b18aaee8c00ff1a8b8df9584a33e946e85d8c6a6c8719421b75a8a56f964725abb4a4be790acbd60efde68671
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (16 mod 64).
+# DIGEST: 172f4992e692a88f49628e5d3937959be01aed2e
+KEY: c55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d4120
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891
+AD: d77df660ed82933f62be8d
+CT: 7923c66ac88a9d3a2c9d9e714d491372caea0658b4e5692a7df8da934dce8525d0974848545ce89a44a735eedb22f18b5b8f1455c0aeedea9cb8f5c0bb51addd065a83c4e825ff3993ff58cf0af7577b
+TAG: 06b8d51726fe8d46fce9a59b084c3924c4aa9575d3b3f9b9e31a098c2c0475e460a89639863652164b724927ef13d2c52faeba797d38ddcb9274dfc6478c06626ec55954ce17df075f0b089ef155daf416980039458b7979afeefe9fa3e365ca19637b05cd17987e25f20e62031c32d441a102c22efb3660e4e3c13800acbfba0e7dc99175e35338b87ebb56d09a3b4bca72774d87e9cf92ce8e66917835c765129c8946c7f42ad8acd9afc22acc44a89dbebf6f4b2a55c139312559e2aaf6115aa617ce07cb2a63c66cbaeeeb5c95ce617928f93031f6dcbd3ee30a6fcd4cd9606695b690d95fb8d126c4962f49f11910a6e9daa2227f46a249819074a06cb5ffd449bd5744f9d9c70dc14475fd4b9a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (17 mod 64).
+# DIGEST: 00133da1f7c63fd5f0eec364e9a359be02c1d3da
+KEY: 5b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d7
+AD: 7df660ed82933f62be8dc5
+CT: e0b671d572a26f0553cdeca68a4d023615570ed0e9414e5783691fb6d1c2bc30bb4a7590d3138972345f3a55f2f90fdc8ad46555d41968a00a6462c2bc0931a18df5480e48cfcfcc00078314cabe0e44ce
+TAG: d01f174c6f726b83162a8a0734e1b1e9e9498fa067454e3a488cee1a04703987d5ce9a219b4ba168a809a181d6a291eae84f91705fc0701166400f24775bf5816a67ea6f011829ca07ef1aec6ac3b7ba0576c26b557b00fb76e84b6e633c48b8c425678ae12c922a7af7ce0484861efccf958ed418e2658b03b5c978fe624b16428c41a2a7ee1cc07c9d730b689cf92f2041b5e68908fc93d8221821106d73363e2d53df824a82841be5bdc0668c5b8759a1e79e193dac2e55e4cc083569fa727b952a45e71840fc330977e072457de678d3f3694e429131e25efd339421094512755604e1ec84efdb52259f6e8284bb7ebdf229cd3e4f1abfd6498e3b493b21184f8a42ba31f4f22dbeacbb1d977d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (18 mod 64).
+# DIGEST: 60a6821269be6c5b985576b245f106128eb0b325
+KEY: 436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77d
+AD: f660ed82933f62be8dc55b
+CT: aa02a8b8deeb507cd2b2ee187af85b5afa85583c258df91df9cf5307316d03b5d8aad0441bacc27c4cb26c56239423f8e46746978c0edd3c21018f6b9a1c39278f71b462c6da999a6f4d9513a47cd7986c88
+TAG: 5cea96fc3da1457f7e66f324a3c634829a6382fb75efc614bf944cafda4c9cde5bf3118838487401497849d59f895d761b8b0da9f339123aeab5b237edd48d6c1ab4120da7769a7f8510bfca3d7313f0f38dc6c34fea81f60dd3e421afef2d9a61e6b0d7be96b357f1a293fe5c21d4ee858725a4c088f49a24930d846d2c0fad98002fa66a618367425cbae16fe570f3058fcfa2544f1d085ddbc6226e35c4355c916660f7f8fef4f5ab705c93b5182269adb8a4eeff4e62ee278c0588b96043f1ad24ca39a7ad458f541101e1d6cef99d742e2e4a124e4f3a57986d0192537d956231f4e49f5a87f5b7f5a4cdae6cc647b90177dc4d81232c62bad3d99036812f84b3208ed2edb8058f4973abd7
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (19 mod 64).
+# DIGEST: e2593f3b6741a9ed9fa188fc06efd057556ee624
+KEY: 6965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df6
+AD: 60ed82933f62be8dc55b43
+CT: 8b397fb4fa218359120058dbd145f4bd99def7e5e0a88249783128801b3828909ea19d9f5fb0f3e15ebd624fc32525796ccf9ec01b1da3acc6dec2a9306c57db4eeeeef4830575fd8166c13c23664d4df4cbac
+TAG: fe141cebcd20919976fe53fa1a9e186db43122704ac5dcfd23abc2da394907a9da4011bf32a3948b0ae848d6d010024c6f37191f6fe5cdc46430b915a9c5cc80329ab5d32797fc97bf3ca270d8b35c14e3091c99ca3947492613d183845ea5b80619d20c38434261dab80d4068449a0880eadc55f0b43cc344a875adfd23020b6e63c3015c887ef52c72750c09f60c7bc0dc29ac7a6494bf9771c4aa931aa440ad400c1cdff8f3d1bc4173977128d1eb57731e4b69d3e6d4715dc5d2a9cfdc2afeabf3513b3e3c107a83ac48f511750f887f59b10f40e8f2d197832dbb1febb82c29627232e3793c8a72d7033c86cf99fb54dd2e3ce099d4fdb50a63b06d5f595d5bf59474cb190245a36095bd
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (20 mod 64).
+# DIGEST: 17450a437efe239e1858ac4062f34024305372be
+KEY: 65aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce99
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660
+AD: ed82933f62be8dc55b4369
+CT: 24e568a27d8bce547f628bfa545c4b7ccffce40f73b5abd6e1b60d5efca7cd6d5feda872e172f64d9193d3d2d3381efb52c05f98d3e1fb689fb05d7017654eb57346f1b3dee23b0f166e50531626582115af7cf0
+TAG: 4dae8797b02d7f1d8dc42b10f18973c094880a10207d9479aa8252df66e855a7a4f6e7286ffda82820f510e8fcae2e08349b9ab46da4d31a7b537484589ec70077fa9a68311eafbc03e3538dcc66ac967e1b992ff38afd452ecc033ad86503a0c7bcd9327d4b4e9dfb90600725cb82c4bc2363aa88d436b161003fa42ccd464456fc057a72281ae050315ebbcf8555be995dd37737da005998569caa83c0af4819df86195e6ea95a343d9f91329bd059d393827f8c1a6c9ac173e3cda42c1bc85114aa750f9d3af3a889b736c9c608c85201fed8f31a9596110c452119ed1780dd610d8d8ab30725aeb07e168016a9508a31a35de30ee16508a481f00b9342847e4793a44831d92d92ac504d5dee049440506bfb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (21 mod 64).
+# DIGEST: a35fc7d25f90dd9cbd35910d5532aca8aba88b29
+KEY: aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed
+AD: 82933f62be8dc55b436965
+CT: 5e91bdcdc26c9100265ed7c6f029a1aa46ea6807340a161cdd07d21bf6bf7181eee02d939fd95aaf343eac9f629e01a665dbb40392e95da6d00839e3f9b412229bc48d9b289b8e91fb2705a0d3ab85aafb130e3e8d
+TAG: 6c57ffa542b745e2313b7c92ca3350ded6fbc529715a5a43615f0cd8922ce27560c2e28222b37b0cad173572ae81a0af45502b7b7194691dead0aa46643bfe9f0b3538f76ae07b540e1bcf43f781c72df95d89512a6024598e734e16cdd8f246b810d5043c34d400c77db515cda8a3c9be9012b21bf2ca6be2de9aac8ddd11fb026e7e3b4a96af04fea4407599db8e37676eed4831eb66c1a6177b70c3e14295d623ede8b119a43f4c25cab2f203788e7a64a07c59ed205080e256d28b40249adb08d116c86bd1c325aefc73e1b6197f8d5cdf71730bc83d1c1edfb92492e8452cbe98fb873d5ee5779bff94ee9531f70a62f01e96d8069ca5f7345f7e6f67235dab750addf54df5e71302e4423dec5d0d5340
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (22 mod 64).
+# DIGEST: 73eff0f03358879f900b6ebd515f0f4e5a6929e4
+KEY: be477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82
+AD: 933f62be8dc55b436965aa
+CT: 140efb950a30f6be51a219c49b6601b035efddd7a3cd304d3bd79e13515a4fbc7a2bcb086e82fb035c7ffc2358982c6dfe6b266304e51a6212635ae6f4d498293c276b53e42f62ddc2fe50272e6120ca41c001f443dc
+TAG: a397170ad51432a18accf22c04b831ac81c72d8eaea23682cf8ce6e201f454bc99cecec1a220b7fc24087d040d43d1313022f890e55e3bdd37b67f4b7d50e73df88a862ce10b8fd4383ae560e1d04da0d9505570ab151219ba8ba46e1d5ccd35b3ef4eb621be54598debb136df86307a0bdcafa1d3f6219fdd60feb80709a2b4cee6e0a642bc6a0ac6eccc95405e9c55e0782eb07e2717d784982f81555d49eeb81ba1a3e03bb98df0e79e62acf23c06945e85188dd61b270dbc1d146bfe4368dbbf33db9597837fbb9cfe9f17efe470a6a14f304e616fecd358cfdb5af11b4db71d94986fb322f692c18721d68298367fa840a0bf29643b0d48f74ced1d9958e7fd1542d17bc645b707c6cee2b8e7a00d13
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (23 mod 64).
+# DIGEST: dd6cea270655225cb4f4231f54c19eaaa146eac5
+KEY: 477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed8293
+AD: 3f62be8dc55b436965aabe
+CT: c06d04e3216e4752d83464251209990997de6c38136a51eeff0a1a109744f99f9664ddb5a230099e8af3d6ed85e1e45d7c4f955cb4a7cc3f24997b3427581de167c2c3cd7c4664d988cf6c6abca2f6b3899434398694b5
+TAG: 26290ea8be2aceb775fc57dda96b423a9cc6b141e4d48f530ad42eb0efd03305256b52540e2b7fe82d0bd0d614d84ff97d56a3d74b87a075aef3f2887577ed2d8b09273ab21ee8244f56ac0e404d5c8e84aeb43a97dbc1c4aacd35836e049e65c9c1c8763d773649e21ba91a72434e94355a7f33c0638adb178037c1305c8b66c28424217c5f8712985e0918212b69478f1c64f2e15fd1150ee02fe508e6b4500b8a1ef796b4514b43eb8ac575b0e393469cd79648ef568b42a253f518da6b40667d65fdbfa5742854eae18127eaecc690c4f0a5aa861e02a761625dd42bfff6fa034b012837f38f75ec685a887fd36c0cf9b183b1b47a22cb7313b9441fbb2f03d4ef74073838801a465d2046fcb8da31
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (24 mod 64).
+# DIGEST: 34dd9bf0ce19eff890ecad474388779f63b0af70
+KEY: 7e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2ea
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f
+AD: 62be8dc55b436965aabe47
+CT: f64f633af5421e2b8d343b52642ee5448527831821d39220eace1ee48eef879efe49679f13a9c7594f16511427d3b5eacc8ccdc597d72ad37f5ae1a9bda42cd690ded3eba9a6fe3bf1f36f480805351df8daf2d92fb90d18
+TAG: 6c1c5ee308c4a212efc9fbda5ce9da172fc75acf889b34506111272b1e9cac72722d0f6d6c7d04282ed902ad23e77c6f5f43e65e51fbfe45887fef73035287119f57a813d4d1bb0fa785ce394c3517dbb3ea88118c1b7947e5e211dbea161388d78acb0d089a44989d566181554e0122db86acdb36b128b30effc405fd65e685b66d322bce2edb08d92f7eef94e849bb6c43c882a912528a49e59a39056c0aee7fbbf3687218e84e9d6094582dde5c67138da65b3d821cf959e88bba7823fbb26e8e5fd95cb64cc868dbb5dad55bf21c09192cde9176cbfd08d782efa5fe6b9c683f4051a93ee345fb31260e26d14f9046abca30f2a40c7d690dc49d07cbe5381eede0421b57edf0d313c27442ba572c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (25 mod 64).
+# DIGEST: 7db8cfbd3b29f96d752346eeda3c2bb0bd070099
+KEY: 0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62
+AD: be8dc55b436965aabe477e
+CT: b4f47d4cfd61b38f87abb714da89e4e23d37f155110311947ab5977c77cdd5f6605a2950374cca97219686684dbb0610a750c04f2c208572d55c72f1fc90a6e194b387744f94bae4a24e7323c0109141c2a4b3550a6c00f227
+TAG: 345e27a55a67cd68c3f26b7d7ece71ceee4523c763f8576a6763143013cee6a643306e2c35dd3d0743e9bfac035152a9a70ff7fe87b9b08e2708dac277deb2508115a9bc89a989a4f4b1f81d301154b4e243d032258c683459a7bf4358987c0b8a305e3bb2a16fee9d9eab8e4fec270734d76384319f7ea05d6f2263b43b0e65dc372bbebae760441ecd7395b0683ca08c7062faaae20cc598bdd055530f51e27029b0fddf4540e6d66008f76215fc39ca3a70a48de734c227b4e4d9ed31926125ede1d74f7d6122332666a937448895ed74e5d3949103d61dfb81e8d1b814b8051796eb8498d13f16c8a0e0818fe24e396f8b815163fd0b422f97a696458b8c9b603e714ed08742c38a0a6af3a565
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (26 mod 64).
+# DIGEST: 4abaa8453e8cfdefd918571a961d8351754ad5b4
+KEY: dd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad40
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be
+AD: 8dc55b436965aabe477e0c
+CT: 2de7b7a26fa9d1b0d301f9bfcc0772b0a683ad5a1392bc38f495fd88a44a648cb4136d63ccbfc994f5147cdd88a40d813ad4cf7c95db148871433d23f296f2c0edf698329c760b76f4c5eaf2a5b620c482494de0128c9e5d2237
+TAG: efe95b7e557cc8c83b35c5df397497e25369e5063d674610696c9b0f083f44ddb22497522a3968da01a4bb3f8e626931643c0a98027be8f3e64d1f876aea2dd346936dc53eff94a1eac45719ca038cc1b83bef54585aadb335dc415c7a28c4918b21a21a32ec5fb16ed7fa7ba160f52c7ce2b323239293c2728046db15cdfc67cb666267b8471da3bf7e78794e5c77b5d49d711355b4f465b7c06f44c8597c34bf8fc5d837964775074f6dbbbd4c3addb7e7d2fd78dc531a8e8e62fa649923d8f96e4a759862b1df59f63c1a448ebdcc3c36d7fed786b777674ae77e112a623020299a8d2e40adf3fe5cb34cf9ad3717f072d637c2cca32cc49a9cd0baab294091650e334b74ed29b3d325c0d1bc
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (27 mod 64).
+# DIGEST: 0fb9d7ffcc7c9b84f34661d472ae2d4fa25d3d99
+KEY: 46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409a
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
+AD: c55b436965aabe477e0cdd
+CT: e4255961e18652cf9fc499e5758eb2b446c55acda29e4715ca8350afe1b52bff24f91c290f488f6c0d89a7a0e67beba1970193b764bf4fc80ea42ec5086da2b113d739c06708d32cf568aefc9af83a8e78b25a9f8e0356e8444732
+TAG: 040155216fca12e96d110f56f859e5d181fb78bb992aa72b550ae51488e905d4a7af7b37401db261c2cb25ef493b358d26d6bef6706b6886c9c720a501c260cb7472d03769a214972f830ec5020757831a00e844dd8316f447886823c3c5307c048d63a4140744e6afa135c24ef1884f08f2c4534d8d0696219dfcc771bd856b3520b832fa619dae97e043ea4b17e520de4b357f77e572644609590be328d3dbb8454531b82694404b628ecb3206f32e2ead2a0a424203c332eece440f9831ac2979b6c86e2c49b2fb308c334bd34f016f4a6be174f86a2577d0a463688808dd42b1c867a1d73046b4e94b6686502a94348492b722698b7326da175af4962898739c6fdbb16acfd1eee2bd7f9c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (28 mod 64).
+# DIGEST: c68fec315401703e49722fe4b39cf28b14e9f50c
+KEY: be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc5
+AD: 5b436965aabe477e0cdd46
+CT: 3ead3affa3e6e553cb4998d3f8aba6e02349ab0a588647f3518037145860a949160aa182ebe41358a57b3617effb1acf2525db768f042ef5221d32c861962b70a11c27c536a57d369a5d24e8efa23cb2018932ef77b567df36cd81ce
+TAG: ffa39d6befec6b597bff8a23c4fe8791c8309b2a694cb8400f32d8408cb8981f1e4277579e3c28c906a077e115f0eb134257bcaf7cf8e4327d7e4800ffe21bbb7c7ff9107d4f292448892802186f2b7320ba98c2b2da95cc5368f68d5bf723d7f1392ce9e212a9de44aa0d556936f707f45dd25a1abf6aff829a0ca82b67ae51a0aae206e940bc84dbbab8b3a0c62a755e9b59418202eab6806afa5b00e887e45dc95fb9ad82ffecbd5701d118429a39116bb4990cd45668785c252321a0d98e97c28916c8b4d9938d542102faade1852450b9ea8160f786182a6d9ad77b515764b16554f57b06f3e22bd1dd9bb125862db72ea46344649efd0612807f6b5c3c59638fe45a0cee01af60478f36c2ec146ba7df63
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (29 mod 64).
+# DIGEST: 15e1aa5285beab679aaedbf51a86b4aebbe3d7df
+KEY: 99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae021
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b
+AD: 436965aabe477e0cdd46be
+CT: 7c5e36678f3fc8465f7770d619712f4fdf45922b20db9aa521e721ca35a02446f1f06ce15971afecb695e3e780f4972821f9fa044564fd8675f1626c5b5f8a24da4493917526ad72b631acd16b13ec9aae03ee7b5034919200ca8881ac
+TAG: 7be23184481a76434648417fa7e7afe0066c7f614cb0f5519e15170216db443ac5d840afe41ef010888b5ec1d708cc3a7948f393a3eda3974f6a542482d29c5c0c25fc6375e62dc88cf1334bd81636b0d3efbd4a724273e587c921addf86cbe0d698bcaa2f8acfb8aacae535526c28af0d332e83e7d0b77c32a82d62d5ae67235c827441bffd2efa05b6436cf20092a5332ea695104a0c5f83a8c68322e00ffe42718b9015765525d7af77602be97bc5b91d58034b1f4bcd6b8141ae6a73841a0bb99d8e81a634a42744d2256a44c1bf6a17991fc12d9a6520978656d82d03c18c73abb7587843e503ceecd7d3e2d9a2100ee513b2fc9ee78fea7f235dd9c0ae96ea15045e7749d5b5b819d1779c83463a574e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (30 mod 64).
+# DIGEST: 8cc0b1164fc844e958e055b7ae43f2f95c29e8c3
+KEY: 371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b43
+AD: 6965aabe477e0cdd46be99
+CT: 82892eecc52065f09b6c740654823993495b8ade7b0626a666ad6294d35b906b9e106b92fae1e767a37eb5088869cb9d01ae6b77631419357e0d966c841185b389cf76b680499e4c44f87624960e5eea44d9df0afda08ed29ba41936250a
+TAG: 44542585005f3619496ed8fb0d4a784ba3ea52cd0a9ff38e8630cc354e47dfcb7a8cd0a03d195a385e8cee049fc2de3529e7fe7e0067eb0c5f65e257141c9fc73b9f23e965ce24ea845134082827ec1028f0a64a1f6a2e31faa8030a0c0ca63b6d4cbf8d8937a40ecff26996e9e409255956dcf889108aaa23456023c5de3e8efceefb1bb40500fd7b08c760a083c596793ce63de2958ced2766005544811ee2beea90d42b6f4b05148148cece4b9b089d0b7dc0b948d385f17205135391259c697de5bfa726a135a2d32d2516d4c72c81b171ea9078cf68dbb758177e04953a1c3c669fa682fea1a1c5d23d9173e4db7d02e957144dd149f4ba2784c9acde563d54a7e4cc164eeb014461d0535c7d094ddd
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (31 mod 64).
+# DIGEST: b51001b6ff9d27bccf3103a4961280e0a1406257
+KEY: 1eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0211641
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b4369
+AD: 65aabe477e0cdd46be9937
+CT: bc181d050d6e79cd5d66a1410338e4031378d60a217bfbdaed1404453cf8a680b9200f746ddb6106a8a407aad8204a7e3b5ce8b8f34d1bc69b84fa538745bf599674c6ab008435897a765e5072449a7c79c4fbd11f0883548a88244f5b1dd7
+TAG: aaf4ba13e0df9d9f0ea057ac04f64b48a97ce398674d0503053beac9044920191d6d619f2136341cc19f47a800e803e0b696166d306c8cf969206956c0e198157c3d6f114c7217592e358c27f064c5d940deb2631a232570975fea1011e07b85539a86cf83fce7a1f4ca35635ab86b901aea3bec5595129b6a8ec633fe08ce1214c39ada3da5e6012525c740a23e1babc5ad9dcdb6cb837d78567a59bf52d8044655863e1143e5b367916a154f7dfa98fbc7545813ed2e90da0b365733090f264aa5b004ca22adaad01ab98c3de62ffa15095a20967a2c07cd3792831027839d91a8048e1c927198644be2407f0543b0259d649c15aa6d1374e95dedd203a9ea03f3104aa2fd27963b199c669a4ef9735b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (32 mod 64).
+# DIGEST: aceed075f31ab159f6610f43ff0a6ed3a359bee1
+KEY: b8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965
+AD: aabe477e0cdd46be99371e
+CT: 630021a2b51b2f47aeb76833fe4f3a6471d208bd943d7ebe9e97ef72004de998b82a7270ad9ece3738b1322ad5de184ef9eb67ed7d0a7f76990cceb64eff3bdac11ddef22000ec6e476de4d13b841b8bbb941ba4622e35334ff293014408c1a6
+TAG: decedbd573c17d487e3fe140a08cb446bfd23c5fa71a62009e24f83f5acdb3d8263ba693c43a0c1dac94c700926bc51bd4056944dc5187452bf927a4dfdfc04be4eba66b25d6dcf4e7e5a64b935c835a8a4fda3d43fd2f3fbbb1498a45495c1d73c6ef8463d1d22cd46d874214a806bab520ea7400ac83f009525017c9ade73d9ead4d3b52613cfc91c60acb38cf2e1c05e2c18aac0c2728135648087e7e24bc54d55f622577c34417fd6dcb9fb1be14740ea5a452e314414b86fda4a3225ddcf4e9d686a483e25f66d218ad252441013c36b69031cb7ce6589eb0f63fa694ba4984831d863135463e152c4c536361384c07782932f6601d909f548c5afc0daa3c80e8ed6a2e615a792fced1b452df67
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (33 mod 64).
+# DIGEST: 976ca4c9819e25a204a024d05fbe7420f717bc58
+KEY: da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aa
+AD: be477e0cdd46be99371eb8
+CT: fba7b6a3f55486dda6db0c08da51010c3c1158424f4ccf5bbd356d401309dbbcdbaa89ad46e5aeb5df48fbe000a728d5ac5ea57bfd1ff96327b57a4c2baf5cce0f31dc5266ff97b875f15c5d0a4c2d85b81b69ae42f6209111d4742ededd8ce84d
+TAG: 3083dbc3588403b9c01492e8d8b7cfd2b5070ef097f57d4fbbf1325a4f1e28ab44b0eea3818403b063e86345c1cc0f242bcfe1b854aaf6d9158d316d768380c35e4f191f318d16af31ed6c8b7578411ec57999238b7fd2d69ad2459e0090de55abd96c0a40b4a0e909427ea3f2c626c054570929f7aee33fb45e97daa90661f455b4f38297fef238fc5d715d7d5a846399b8cfe78d64186b1b0d884a6b89c358a4743f3271df09b52c741f83e364c8f836b4f41ccb1145dab7be582301bcac6cbbabd7c4c4311b0e21ddfc152018695be7b9d58e95b8f74fcfe98ba8298d931878dd1318280221a5b0c5df31fef128f672b89815aba99ffbd41df840ccdef16a3e8750830ec84c2f50f3374e550ad1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (34 mod 64).
+# DIGEST: ad8cfe7556704bb1974e94f70d8743d147c5c3b4
+KEY: 7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0c
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe
+AD: 477e0cdd46be99371eb8da
+CT: a6e967aa8bfe23d4237d593e6cb2e279174b57acd9037fd150cb3a00a5524256756602c8541f6eae44e2b97245f0f63894afc812ebbf87f77be763320d0effe9974df583519582f72b57845bf20bb2f82ad5dc59b7d695a424001d0b9a1194b9ed7e
+TAG: fa2419a17ee52bf8e0671e1a7197f96134c63110c557f7b6f0a0ee57de8c64b3390e56a4c4f2c75a7d4e4222507b2790e31043a6ab18a2d71786b3334eaa37b2ac7de20610a4f4af3c6598483450383199e1256e05e2bb20df5d3b7c24156273716a122de04b6bce230ccb8fa7876d191152d82206cab40e1cff6a87d906de2660876b4abe90491ad6a10399f3c4a351d86dc9319ea803dc2df41b5a33c4e17c8654cf06eaac402a8b45f252714fd8fe060d33f05fa195fbb091e2076fe87ebedf239ce36783af321e21146ed150f06083e9578b2e022553ce43dd05e25033698219a5172d6a020bc9db1f5f2a954c994bdfe0e7ef7f48c243dce77c2274357c6bbe8c8267f8f98a384c4fc177ab
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (35 mod 64).
+# DIGEST: 1dfd9608adabb5a55e12949f1c4bfcd5a77cb703
+KEY: ac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
+AD: 7e0cdd46be99371eb8da7d
+CT: a547715740d6cc64021b5e70bdc0aa8299369a2b45931a539e146aee243338dfacbe531274dd5daa12efee9e2ea90d4d963386d57804c01767abac3ab329a08ee974d9d8723f5695bec5101e6ce1d727ed919eb53bdab44db1e5f789729cdf91010292
+TAG: 107dfa1b7e55565fed6fe7ac9ce44fcf6c5038a586f9d02b2603cb02936c0b965da944a945d5b21ce2a234e6431fd442b428e118058ecae90f09778e2b914035eb700ca75cf4d6d1589c7c7e1b7e12f49a4fd3422e064c417156cf6f0782d52b71915bf697fbbfabba723e39a770e89f0d7c46399edf424c735bef679001da5a789ed6a3d253dc4f332a80aa14d745d88e015eb246cf3c5782f0ab4a3bbadb9dee73f2dbba55bdbd9e0bf3f009a3ab434156aaa02aad0422110d45a647ab90021ca7a10541363198e70521f96c2da7f85ad56de15b4c90f01aebbb76910a2a1240cb6424aef8db7ad185686cd63f5d1a419a5e4a55be8a6a5feb7a977b0bd25a23f540205a1cd98eb7cf40fd10
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (36 mod 64).
+# DIGEST: ad2b43eee27e6267d8c5c1c3d558a07dcd6b1f5f
+KEY: 997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef45
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e
+AD: 0cdd46be99371eb8da7dac
+CT: 7ed8d60c67875030c8a20cbb5f71e22d1e5c3f93852a5bf953ae67cbb3a4d3c0b69bd9b43cf807b32dac4833e502fb377d67d2575a62e9f6dcc12c4df05c71802cfa5b6b3104d9526941bf1b48bd5e65710e15862b6c0dacc1decf5aa1980fce6cf99e0a
+TAG: 82dfffccefd195e0b64ed804149472b11158cc39b4f01f6cdc2b4b3ca53bbdbc2f2b1fc3a75bbfab6f349c809c5c775261bf88188db280c9611f9ce8aabd6d5517e56408ed5d6fde3a0d10b20af0cf684fd7b904535d124bbc3fd9a8fdd3a08c6fd7a8161bd0d1105d9da9002db95dd7eef295102cc45458b9af01dfc90d480ed40f425e657d1fd915e92b3598cee8d815b4358ceb1a7f79749071895730200ee3da95a40a2aa951478fa101aae1619bc8019dbe0059cfdd4968a719f960a11f73e76a9dba8c81017ae31d70301c24671191f13e9a84c6ba169e4609b750833a9eaf6b87312077f83e62dd6d79e1f2e7c18d3c603506875f2e6b1fbe540fe896e84ae227efe2f0193b4b9ed0c101c6dff09491f4
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (37 mod 64).
+# DIGEST: 3dcddb1e4f49633e7b7bd36f4056d16c53be7f5e
+KEY: 7deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0c
+AD: dd46be99371eb8da7dac99
+CT: 0bf6e04e00d7389a3f9bed220be14691df815190dc4038b802981bc5464ca4e98b94617b8ef1f05f3646d3731766e0b58f65df6c255128114c3ab1c2037da671bc995991ac70acb0045b4607e6f8ca51dc21692c22f3da6b326a248b2e0d9266b42e47b6cd
+TAG: 2cfcc48fa50220c001f814b46fcf19aa0465e49cf9935c61f3d52f1d6cce66c1a7d9a775deeff52b999a895f29ad25f2d1b7d881e7a4ce9a73b19a10a782d320ac0aaa84937fbfa74d95e0d9615cf1718a77cf8bf2e59716c65ee1667abdb850ec5a96f3144d2e35ce7e67ddd0388e90e70450b362ba5575bbe0b36b66bb889b59ee6eca1da0bf48297e32d4fcd3be55ae58c5909c1686ef666f29fe76eef53885e9e2bb6746da291569af7d2fbe1780faf03321e816980a10e89fd11eda9f8f3730a4f34890531890194610cce83a89caef779e83673538efa753f3d558b24469427daf7f1395031c998efb55a36a1a13d7c35995652e471ca22eef80221b923d39b93abeb5193f3e98683d3748167670b20e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (38 mod 64).
+# DIGEST: 25b982a242f669c013cab1c18da425330090e3cd
+KEY: eafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd
+AD: 46be99371eb8da7dac997d
+CT: bb14650012537fd52f03bc6ec909cccf84694ff8109e802ca28b9caa2c992a65b9d11aaa29f24d45a0f0f38249675b1d036ca598c7e7bf77aa6e841800149f16453bac19b3d40bd494ac0113a5209a8f831e4b2ea8e99c32a52496c5c61988cabd4c5396c760
+TAG: dd942f26ea4e6fe44450ce4931bf947085253ac61a85a1434386770be82c57951e8f778b5beaba709d94b0c6d71cd29b12a8f173435617c72d9d50719ffe85f81475d7e54d05e8e882e9ad174c25c532c8c17c1c20985340957bda87fb0f99bd5107267d26a7d2f9f16b3de38761645395717224f96ce23a657420d164149862903cb91bbd887f8250a4a9b7eaad088c7a094a7c1d313b7561448a1ca223516433d0e7d9d0a3d28c26e1833e6baa5c309092803a8a1a034510b5833264d4e59a7d2cef2e4c19f9a90f3f02304fd202e54a246d02dc81d90f5ec7966758423a82a53350e8d5ae767eb5de1b73bad4bc55fba1d79efaffcd2ffd2471ba8dd85da35ebc2879cc07b200e8095da4b87d1f7d9e8f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (39 mod 64).
+# DIGEST: 9d7958e23777ff2472f5a24dea5fc19c151dd921
+KEY: fd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46
+AD: be99371eb8da7dac997dea
+CT: e21464474404e9d0d653d2e5214e332ee7691e12bed8f91627208c67da34033887369def4de497f2b7d39c0b0c9101bf25e7aa405a165ce0ad00f7bf311e19f6a45fdf5e13f6ea9b6007a5ebc584e0e68dba642f1d6427a6cf6f84147dfb3f3d589759a44247ef
+TAG: fa083f65f3b87f4ae6601498a4640410ab34ed18ff329ac22e14dbd511480063bee2d2fc2aa2b5d710aa22f8e2982b863f14fb815f85f8fc70da961695d2c39177d5833a07e26577708df2a984d504d139541636d87ac0aa773b8140bd90e9373b87ef9337e80fcca9afd4b533e49d8f878c41ea9a51105beac814c2b16a2cb7a47ebe228a509ed65a08392983f42aaeee6a1b4a9d0b498faf8580c4f4f681403b758692f4c32099080193b2e6aaf18590343b20fc84baedc245b8f0f9c90016738603c1fa2feda4482093d895825e1751fa4e1f767d8de6e192a155ec3e66ab85033c4b2e18387c72f58e21eccdd2fb05c4eec7d10234c6cdbb309a4f325b451ca3ac6e9303fa3339f4aecd94f8ec8d5c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (40 mod 64).
+# DIGEST: 09e9eab51bcb9faaa3bc3e473ff66b06e39653fa
+KEY: 64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be
+AD: 99371eb8da7dac997deafd
+CT: 2d2b0233e9dba69ba134610eb54a852978727d62c1b219b8b2efb9342d675f0548847e340004db6ff5342941fa2169ba06a6e197a8abc7ee7a4e1470f0041e6b1aa25ed35c3a19c84493669557b56431089110ef4ec66b1fe45654c965f4bfc7cb834bbad485bcef
+TAG: 3626aa475924187edb74cb97a36fba693e52b980825e58c0a1509bfa40cef0b41a8e660404a00d738191d10ceea7cb761e3a75734ab226693f56d68ff405ae2fc2c2aac8988d954eb65dd0e86ac7fdbb208a4e99d4b3b17f6d1e8f347c540bc00132b6c3e9e2ad17b8afd7b1fb28bb1d120167713233132db4bed535c751de37d657178f6a5ff8968b9ae74410c0ff8015313eb3af8ffb57d771a6a03984a8509eab4d1c9dd39fc675192b47e46d22fe347d2e25dac07c1f7c26b17f3ffeecef8fb301a66c71fd582f5a6cbf045a107481cabf0298184704a52bcb4ff08fb351bb699e656b1a479de60591b0bee7c875e06f55ebd010b450e1b074c9d74795bafed4b7ebd5934281ad392875d0061e68
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (41 mod 64).
+# DIGEST: 7b17b7cb19107af8fc4671420e461060e2ef3e61
+KEY: b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dc
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99
+AD: 371eb8da7dac997deafd64
+CT: 245180810407934bb7ef6fbda3f64abd712a3959d0fa2502464c159ed70fab64a10f360f22dbaaeaf44d4bc926c1028675cd1c3a94ea951b1561c8cc449f0940c6766b67ec21f8c039f826afa423e7960bb4e2f7e71f8f660ab2bb24e2f3bdda5c070a3529d78b1cb7
+TAG: 502ba1aa764ed0da7a939f1aee2b6fddf982f99fa22b6f45cc755c8c283d91cadf163e9f22a69ebc2d4a3c61bd8f3c570f7e79068bf5e95c0e89a0644b6221d1e999ac49b95988fa9d060681950c032c48145be411149b6a5b3c3bde1b0908b63c8c8e52d1e36c50041bc59548e227f39185368b565e8aae6034c2aae006ccae61a6702d137618c0b41a8a4e5240008ca488074284c4cdf7ba323215b32bfe4ec726af4d15bf0a0ce9b474e41506824f3ed60db19aef83d83e612200532ac173f00398c8f2a5ed6e72c8d30e4cda5c05248d6fd2e5fcd095a5d1d7abc63027849c92ea911d4d5b788ff7edabd3a95fd6c1cb78eec290505ec9a1144c14963f700e28eb9da0e0c5d1eee0225bfdeeef
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (42 mod 64).
+# DIGEST: 48586ad2eac603c136911b28e2c69f101a8ef371
+KEY: fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be9937
+AD: 1eb8da7dac997deafd64b1
+CT: 05fde16dc64641e35c07c0026eadb56dcfd233c5dda80544e58789fcd41539edaac9d47de790b3193d881e79fd79c117502e7cfd1a48e9a35d8fa3aeeca41457c46e5d9efd1950c1a756b5fd65c18b961d33a6d1256b92a6c6f339fe3522f2d4d9c44453f5ba66d2d0b3
+TAG: fee333cd5c24b3e53d6f4022c387c560eb4ec4574c520631d6473e8d184dc0828663211c464f65694144c62dd91037e9e303e6997273e17f1d364089ce48cdb0a01c7a19c0c10c83dc41c6954b60d5d21ca71b91667e40c0022ad66d2e095b3601b71aa08d5818728c088927dbc3da13c3c2a58d36e71943a3ed59e3f0141b02fdda4d20a9bbb8f8f6b9b9dfbab00f510dbe942e1defd78704be7f00460476189dc0c2522bd70c5d399da0ddb64891284060741bfdfd576facfe51119b8b9522b20ada5421f6c64413be1e812aade8c034d5ca0ce2e8b5abd30917b7213d5c04b4bf5e235590eae64870c001ef0312d45a9217c9dcc8ce6c69484c00df028df2a62c9e0d5b341250bdb6db585c33
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (43 mod 64).
+# DIGEST: c37456cfc543ba6e5848b9b8f4ac5a58a104b521
+KEY: 65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+AD: b8da7dac997deafd64b1fc
+CT: 8618242fa24c47146327575ab228f8fcd546c71db9d1183caacb5f5fb93deecbb242e8bd6faf60a39783dea659f95e5b201a0ed49abc556954fa373d1b839b4f01574c5b3505baa0f8846826aac8c12f40874761422570dd0ac01acc7d1cd3039940076d00d405ffe57913
+TAG: 271bddbbff5333b22cc39ae0b9ea9900e34e9005d6858ee9dd3bfa7a073fa7de3ecb28e6bd4abbac684a25afb2e19c488429c397711886c30a9657060ecd395da79ea077314e5b22bf7448b70f7c3a5132b75e46ce0711da9c38ebc9760a3facedcc469f7f227b0bc8674433d0d81d71d9a20f4d1a453afe62d6a0b37f324fb58d8a70cbaa7808ee4eb6ad5039e51c51698f94287cc7f476e30ba54043d7ceadc720ec13f15755eacc50f3dfdcc67b23a7135173ac1c726c7b65e939e9656871a5d30e9d2091cc8b102bd0c800332da884ed4ed7ea7ddc2d2f471e4a8389c0043214b99e8af524716bcb37cf82a8707ae13fa5fcb855bb003c99bc388f238b3bd0b51db5f1fe8e6b43a7ea299a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (44 mod 64).
+# DIGEST: fc113d192686652653a15887974eb1f9b8e32248
+KEY: de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f2
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8
+AD: da7dac997deafd64b1fc65
+CT: 3de7bd95f32d7bd6e263993e48d69eb4cd90f2995e437f1112707f96ece932b1aa317ac0b4abf88a8a90581b9118ceddb576c74c960d5e734eb157b90abdc61b90d485314ffe145a5603bc661bd9a09f4dde518b762ab6de54187baed5f23d6d27f528f66d080a1be66fa811
+TAG: 3c2759a67021bffbab4583101629b11486ce26bf8e5081371e2fc36a0a73a43968373874ffbeb4684f0ba4bbcaf4d27a344e77d898cfea20a4790f453fe15cf44586269fcb3c3101358c01ba604c29afd7cab72fbab16ddd134f986f8ce58bb9e8c282ba7603c8591cf223000230073698b40b28622cdafea8964f61e6710cded9530795ada08afcf1bba283f26b3ab408445429ff79b49a5e8bbc60e293074fe8bb5662e83c1d6a534af9604a4fc86481bd2ddb66606fc51da69e41f419fe99c2382a486fe941a684d36358ceed40e827545f9cf55cb854c02407eb04d7c9e9ea0b11c0fabc01551817e7e003f8e3b3d3db5b0b168dbfcbc98de8ad34a5a1431ee0132f95262695535ec6816cdd2a6440fb33c3
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (45 mod 64).
+# DIGEST: bb6e5b5be84ee383caac0378cb6f541726ecf61f
+KEY: 39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f256
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da
+AD: 7dac997deafd64b1fc65de
+CT: c48489e9166fd23fab715b3e4885b6af25fb48ca99baa15e767c8064256fb9b2259688377d7be9148fc471a89c66b848ff95f492b1670075e98a0547867293094d89a2d5d73b8d54da8fa465fdcf122caddd66311bddd54d645991a4f02708eddc30c51b5b22eab8645e2119fb
+TAG: d3e3d002bb6dcf09c63e08e7c80741796d19fcf9b7350b88c5bd7f785b0c69f5cd6d78becebbc53b0b89cefcf8debc61945bd6e34c8ec5b5759314f8128169cefcff220e80f8847eb8852348e5aca843ee4088371c411bc2cacd4b1bd73e3a9855047ab87551f79097ced9341935b262939e7dc5d7a835c4a6aead77a52471a669a0b6a4c99dd5672da39ceec57d01e33365c5f9d9db6ec97f5b4e0545ed294284cfdb41b81b8449cc181caf2ff5a1749d1acc2c3f435e5d8b698186ab6a6e23126a7a880898ce3cb7ad75ab4fd4ba40c05e77304972fbbff3cbb1412b0b7ecdbc495ae719aa5e1c4d17fb057b27eb51d1a50c1a61857ef88efb5c754a945614f6d9dc3259d5932fe1bfd30eea69150d613623
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (46 mod 64).
+# DIGEST: a27799fc2e00e7abec4c5939451a834c4606cf7a
+KEY: f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7d
+AD: ac997deafd64b1fc65de39
+CT: 4fc30349e938933fbe87c1b071bb54ea2837c2bbc4ad4a59291fe5e190d25aeba4a14adf7a8968f87be1d68d3251259bf66b5413b4b4354e2f2e0574a3055b4c70e736ea139159599ba7f7c9028671c1bc4af858bf7a691429571743ec154f0a7cced1f23b748cc93cbefc234dd8
+TAG: dcb51409755c687cfe32d594a0351affd831a978b22d1ee70468ca3c034ef15e92b06edd903f128c6a1aa34a0b0a9d799063473c8a53075854b48af38f834ddd538cdc2f15038db8bb8ed175aa5889532fdc8e6e61a4dd2a67f9912f3f8995439c7f500214d038e6e167a566963dcd4e56f51b12929d494f9f520dac3e8bc0a0b7a6c5be098881a7d9365307a45e5bb7a8cab8a3971b3f8181bed642c9c0d10cd88146978d82d86024c719ddd9868497010abe14ef8c339cc49e4e743d6f454993e71d551cba457f172b27d9406ea9fbc0413606b02ab86e2e8654e55f5e9509067632a5c07cd30f5373554cbcb2ba552f98f5c0e6a5d588ded804885e7939b964252112b28143191f068fb1a466a1f13226
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (47 mod 64).
+# DIGEST: f30eaff92a640a397f98e6803623e8d1f0c1fea6
+KEY: f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+AD: 997deafd64b1fc65de39f4
+CT: 94579bb637b0368834f699b42ab802904e1d026cfb7e487b2568c482b849c1a7a1cb0707ac02ad9425fd9743553c69d2ddf543264e8d0220e98410e85c9b70a0b85143f01cdb0e0f53cadf34c5c00e7e8da23f1c1302ad8bcf17b765c19b9f9b9e0f67804cb92b4d6104985caa3656
+TAG: 9e3da50eca9da0692ce30210517e1bdfc10ff6f5230421148943fabfabdb5c8c0d3670e3caa4e109a6f07dd1fd7be37814b1a1a8af65c6ded32b3023fd5b422eb4d1b421e87552b38559fbbd3a511516e4c94c6f717e8895329d98a6b7ad0057177ee64ef837f3b41cf3cedf2537659d8d9f3d6515787ede245a6cdddee4c6cb793b88c298e8a5957c18cc509f76892825e9d48915da0d9baa82e2b1f804a40a6ad9d576c8c8790ef2cbb800405adfddd8fe3f646a5c19cfdadb399538173051fe361ec536397600f847f779039086635e52f9d7f8d9396d480ceeb8f62bfea1115aae28540fed0b1954ecadd6c16ac5258b25139564dd86e3c966566043c6d871e3859151b267256c02a5ca8530473ea3
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (48 mod 64).
+# DIGEST: 7227537c0113a9f46f7d332a0b37ee5303483d00
+KEY: 3541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+AD: 7deafd64b1fc65de39f4f0
+CT: d31d0051cc45826e4e89876c67af6b7e52e71aeed5e2c3254f81e26091ba702063718458cb798c268cb850bdf6f09581c685b496b2462649132e19d621311afbf5a6e88dd471566d937bbb2669b36f5ac015212ceef7ba61b8ace55f5860a1bc48c12709c5b08d5420f416a4ca3fbbad
+TAG: 7a5bf3d74ea3fde41ba65d954b164e675ec40200f2ff02d6b2cd26ecfbc51a31e8e7b2d681defdbf3928ade27ec4e87345c3a2955f20e7d96955a7653fbe0486d489307a75cd23ecac79133a781aed1644a69cf35ee51c0a3bb936a3cc49be699bc4d71fa8f6556412f73db40aa759ee10d2817156b7275934a7e4a8340ae578f175d7e96b068a0762a6c96ded4fce216290672f0fac667e75cc9556ee6463277085828354b9affb2a588e3129d54b35efba0616efaed3007b7e320fd8c7cb260ab9848c89c03e4332d47ecd10730cb3ebd6822aff3693b1a2095f8e364081b0c88a1591bf3785883e9cb85583dd3b05db81a9f468fd513cffb1c893c33539864c01b771a0ca8d5c7ed684bc9a555b8c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (49 mod 64).
+# DIGEST: d76570385cb65d30c3d636ff25c5efeb8d1ea08e
+KEY: 41a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d03
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+AD: eafd64b1fc65de39f4f035
+CT: 29cd7e2276dc4170c3f73666ab4e87527758ec7324c9956629128cc2291d73e1894eddbdc234f9fdc70cd31cb4d76438e9e0f9f43c1788fada093c829aae078fbfb287609ee81e2e3b6e607245228842e001345c1624c4e40ee09042c7074cec076e2efe2dc58932dee704728ce57dda1d
+TAG: a56278ca93f23453e7705ff96cffb901b008e0a85064f6747eb0f179bc37f006f3b19ef0bc20ae87d41d87f23f83e9b942994112bc9deb76afe7634f0959f60218909eb9f87d89c5a4a465b9f71c2a79e2bd97ef266099f9f703749a828ad8c8c6792543de8b080d2ccf2ea4a44237181ce6d111ce2f1dd7658a5f32e8233d2083af5c6f77a0d865ab2f09eb8e5087abc3fcd6dabadf1951b7fc1715d64dd1791e4b2b98c45b645b15dbcefd2b556d9db387b082acbd0b1fc1cd91ba6fc672734172f620b9e5472c38c0f2f636416231253a401d76e908ced1a9a08d0cf0c154e6ea33ac7bd8b1db626dad3547e59c05a705e88a66a8c39b2313c6ff10ee4a1a4e491610d571aff4bd6ead07fcc43d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (50 mod 64).
+# DIGEST: 170369666d1f2337b29b5f14af68d47910388e7b
+KEY: a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+AD: fd64b1fc65de39f4f03541
+CT: f5f144041bd31817211edd73cae8b44c3a4b1d5be0b58c1e8e2d31cf0b2591de5b114eb4b7131e130c81c9dd7bcaf5d9dc62a0db2649bb62ac34c297d0bb2188511552d37fc90cdfd266ed262b5e1912c113c145ef0387852701b7f4d80b9ff970586243fc3440db58c06f2dbbc39b4d1568
+TAG: 7002ef6185526811fe8876682e2a02ae686d4a5ae9de7a4170688167a20145d4babbb6b442cb0653465550f0e01561ce93aa941c3f078a783a286b4596579deab08af3fa2e5f41b9e7f1daeb17184c4082f244bee7a73966ab7eec2c8e6d37bd03a477224422d44e56333e36bb8a407aa13dbfbb7b996eeb468ff4cd62de406e370499c9c880598503b8b996cfc24b368228f890295f919a1106cb0e32e282995744f171b8a00f1aef904ccf320d06b0d9a26d76343da893f506c9c6189165d26a439310144603af15713e485bf8292544239161069a236567630148b900946375e38fb9b37542767096136680ce3e926c862279087a89d511659f90f1683e1512487e90311ef04c83a6a0c46eab
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (51 mod 64).
+# DIGEST: 7c52593d1d37b0dc380297231c6cb7b64e04c493
+KEY: 1be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb9
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+AD: 64b1fc65de39f4f03541a1
+CT: 4b735990123f86b6d35d5c64faf77b21b07ccd281649d3f70353b0515698c843c2fbc2ba7ea0700112990ca0c7c638be7f1f0e6f4a531ddfff6db4638c2f38df750ffd5ef23976fd56d79f1d882f6a5db8c107e6a76c2f74c3b72b14127504befe98541418987222f4620738e7ae67feba4480
+TAG: f15e0eebab83ce6db242365b526cc6556c3d3de2a6aa8fce72de3ec3931c2defd8da2400ad84cb489078cde12012ff2cbcd579572d9a4d05e839c14622b81a894d03c80de8c983ab7b1c28a49661d201a2b4b2f126d864e4f4d8b34305bc8b0bbf24494087b9f66e1a161d415729cf6e5894b0c2a1cef86443525d952a8ea369b61845b8db6afedd656f42c2e8213d83e37625b501c0470515390bb152ae81849b2a5fc91967b95240c65be58567bfcbdfbab19581181044ffd5c54aeaba46617dda655e8754f77efbdee94cd056b0bc9148bb40a67957a9b9e6ab46a54ba2afd488c2c52aabbf457b218bcffb119f3040a711eadc712aa5b5d194df0d32d1fcd58bebc808fb4f0113ce003f03
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (52 mod 64).
+# DIGEST: 09a1659100052d13bebb4defd7f54f975a58ae2b
+KEY: e112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95f
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+AD: b1fc65de39f4f03541a11b
+CT: e405c8e15d95c848b303d4ecd4cb639414b88bb8fc0eaaf852b8ba40e0606371b0d7dab91e2421ef13a30d2fc692de8be33097724813b3a1c4506e7bfb763b829be71348921cf9e3bcba87c353ce81bb084a1c2f42725c2a87d26df143e18ae23189e10e2a6e60551f1d09e30042f63bef6b6e0c
+TAG: 4b4b1760eca2bce482c294c5862412b47f1b88e2320f68778adb653a35e17f5641bacfebfc604cb3487d9ce6a9b5061814ee2e4892b3bf51e6f5484c07a4f5175713fd214774192ebbb9224ee02d6ac2992922e4fb4543a6595ea80a9618d7a112aa2e4ab44a494b593a19deb25e49b32fa46b175abea83f6531c3c74b278ad4665c6e7b7a6f6fa7637072257d13d4bb051be67d61f37c62beec329848d3c5a716a385d3a22cac950ba3327d64b70ab95cc89791f37f4cf480e9ffe3297b7c42282f98f0df3faa971cecdffe549fdbd998cd6f0144180b6479336b4c6c1f52cef17c9b0a10bea8a03659f3b19333e731456cf50f9162254912d82e495c28c763c985dddf7d64d9597516497fb43622971d6b3f04
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (53 mod 64).
+# DIGEST: 230c3353ccbd95e4f0acbbb0073053a0186f833d
+KEY: 12a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb0
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+AD: fc65de39f4f03541a11be1
+CT: de0509be5c03f3a780141456aa62bdda440a9caa1bb485cacf56a26b0706640235cd57e6f0875bd528860b6b6217d01def0eb0fa530448032aa42ee4f853301b85515931cf0829afca22494c87c90cdf76bf520db1e425f7366c45689c520bbd0d3ae022212ccddbcbdacdaacaa2512c5d5c3448fe
+TAG: aacec8473ebff95d9907cf57d2a3f95019bd670dd90cb238b8eebeb05d5d5564f1ab927b37123e53f9a0df3a5897b021fa45ea80d1fa3ac366fde6c533bd14e49f4e979d1901bc611a8599c7dbe9630eff1dd9a6eca68a4b0d76c8a9c4ed7f1a56cf8ee1dce0f171c6c7ebb6399a5bf64c6c82b42b26b7dc27a838fc5924df1dc95b8e7e8199e5381bb3624287880c92e24340a5140ec42bbea9b824568896316c78a1e0f568e430eea0577b798246d2a096962949d62536ce9c27daf62529c10495095c7dcfc4530b8d7c4769810203a7f743ff41629dece1a8315ff5da9656a1894a1a49ea0a7a559761459875792de2dccf7baaeb69697e1bc83e3537149024e09ec4eddd2523cbb3d13d8a042d75f95ee8
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (54 mod 64).
+# DIGEST: 701e141608e71005d32dd1e29cd068aea736c9dd
+KEY: a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+AD: 65de39f4f03541a11be112
+CT: 3e94752703e605b1e18ade7f560525381b41b75c871add14d3190286f19267b75f44135e3c1cac10fd59c29c136b9f105dc503721e831f10bba87ac8ed1844892e1b0e4895a778b7f1be7f5cb76a04358ee28471c1b55f28e571e297d6b6eeb4634fd3c7593dceb363211a890fb44f61279ea663e1de
+TAG: 800badb3dd87e39ca3c17e9f2de759fab456bc6588dd96a440b59651b316be2083c46bdd670ddefeefde4fbb32028cc9210c67cc0435138b8e0148947012bd5815a06b8367f6967bc9ae319b0cfeca8cfc9e3906a12c25f55d279a127f95106bd435d63f6bab294479760bec3cf53202086b9888e2545604b1a2ace8b7840b59e3748c21e6baa48377287afb8e7221bcf0c85908dcde760fd8c289383141901abad9f61f69f38560096accef2d838e3c8277cb7895a323a6e28ff4e81175a2f0661c1b2ababe0ff21e0d03650557dd4e70b2c54c7b73f74e5c4b03f7e2e44fcf0014677c8024272529c2ba028cec909c14e80cd5d9e87ba5aeb73019c84954a1d056cfc59190aed89d741c9351dacc3a698c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (55 mod 64).
+# DIGEST: 9aaf96b472ea76fd9ff4adf56dab5fe0400d18d6
+KEY: 2933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+AD: de39f4f03541a11be112a7
+CT: 0d7cbbb8753fd2843d599d72bb2c05103eb7deb39a5407b711392fa1a4c45802eadf5fc25a746286ca9aa180134b1ca402e3d5199abbb46374748513bb6746efb19edce3ec5462d1519e8b1c9fc912df4ee7e94bb0b40061090db6ccb9280561f86d52566d7172b23e1571ed1bc2d648e6d5ce5eccc91b
+TAG: e1f9d58d0d0b915727a4c6c978f36a0b45c5bf9aa092bd84a855b09637fde207142d6c6427df3341d96e4e089677d1df815249c623e836eb3d64532e8a6861f06fe0c9a12f9b62b4f249076bc1e72712c6eb5c3386cc13eca38ab8af540e210d3ae3282eb8eaec0396397845d53a44f6ad352fbcea9688039c85c4e16d5ec2d85d5a3e11194258d4d819df6f02a1067155d79348a3e8f6ff0bae991fd012b9b07a7ff34474b4c22af7b4663b9b629919b1819e9fca96b805b5f1ebe11fc955c298e9b1ff91d883dceda10133752db7b72414ca7b38ecbebbe30189c5a2fb29eb84ae42f5162a90c7c45b82a26283cd5dd4051588019c14f946b62f892558439a758fe0e5ad41b929f06565ed4c038fa2eb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (56 mod 64).
+# DIGEST: ac6871d354eac507556770d8b6bf10b5240273ed
+KEY: 33c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+AD: 39f4f03541a11be112a729
+CT: d93d6d42642cb56dd5a1e3b8d5913ef595a8d71fe4683afab5f8f6e3f1f87d08af1efa5257e2427a9e34041dde5deaaf6f0f808debb26b0f4f32860669879324369aadc41982a2abaea1c1c04146144d028b40be77e4f07ab6d5903f6d88aa7716748c3b158e5b2b387b0116a8a8ab1fa852c210b5cef20d
+TAG: 5ec2d60d0ace1a7de20afd27c436d478a1ab8f00e1ea78278742b1e3c1f44587070c5b3254ae7638322398f2562344e11efdc8ff68bcd5baf89e44189d8e8d5492819c3791e7be2d460b09ef92dbd696edb298b70d9acc8fea33ac85ee339e0c58c8ee78a5721c3fca9b6fc7696654f93fe64780a5b5aa7ad2fe4f4a715a6d09e8e46870056edc41641ec1fd8638308c0dac426cf5555281418179d3347d79cbcfd507bcced4e9ec25e27c191ad4e82f0e3386104ee5517ed7c8950e9a290f9c1705856edfc37786ff076e83d4eabc42299ed776c2a9319a2ecb94d8aea3a7195d354d7fa8b72a22a044f2150e6fcc7d4ac5adb23bf909e79773de782186b55374c2a8e39c3f38a7ac423812ff6cc138
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (57 mod 64).
+# DIGEST: 050258d6ad6bec54f8bc48c7ba2d669d6416c11e
+KEY: c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+AD: f4f03541a11be112a72933
+CT: f6c220150aa1ab97883bcf382dbf137dfe3475efdcae422f889e095d386dcd0128a8079e245cc320b8d37bc2441bf1d65677f615d6e1b057537e14d000cad962b0ee4b89fa24a9ee064bcf49eb04bdfc5992f314bb700112c88a8b286d29e9978a0639ede9a54bb3600bc0bd999ee5e06bb34308b079d670c1
+TAG: f432253e6b7f7bcd0d6e57d9f550e90d5438ec1ba7976e324de42bc8134a31d46ba731af045f9c51dfb54357d9b711a7df76ecd0c14c8eb6a4013d1be08f13f3fafd69c9e8070eeaa4f5bc32d99609c9ff031f380ea82426021f14996c8869e2f507536be48809a69ee8406ba74af4278f0a26d11a874d38f2034ee8862a30aa68355bd3eda7ee0b641397528e33b473a36d93dd8b921bcf4b6a3a831af782f56bf1ad1be1d75492a45a83cf0d7795de267e3d6b7ebbc69a852ef64239db4c50f6523a8ada2a6698a1f7e3ee4693d16c2ffa36a19b8b7437242d43ae9196f03d8f1e97ec950648f4ff35922b371be5bdefa5c035a3516f556883195db970d4dd30959a1cf694be1dd0bce2c773dc88
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (58 mod 64).
+# DIGEST: 70060f86c76e53512933c09deb5872eb23efad67
+KEY: b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d617
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+AD: f03541a11be112a72933c7
+CT: 421320a96a896967e82ce4e44ae903e234918bebe6e20176513c90983efb1eaf6768b44c49ce8f1f34210b7ac7d7874f37ab4f7f67bdeb6b46f1261f661f5dde53617f9cbba64c86e9ae14da95fb7466b06545e233417d0bd3caa448ac63a433140c939e4752410fd073dfde195d11d17861623834b64a3dda55
+TAG: b3d1c7a40a6efa20814d40b4ad3be4475cb1e33d773f28761dc92abb8fa071206c242b1d8708883c7b0dd380f5d850efe9c5c09577581492c123252b65a9c05c9cb474b2572ae77a619171a9c683c5ad919ae5f640382bfde9db318c4bb1ccdad251775472f8a380a6ff2769dbaa7af4134f964c3983d0ed222f2773bd34ea243a97e713efde86ee4cb9b7539ac8a648c61e1f553a74dc23903a9b47e2c2d82b484134c58fbeefc57f2fb0da54b8ef6cce1c8a5b4e878003e3a45ac1215ec30d9d6be6af230dda4ba55f1d2033af5f97f910af7997f4f8af16ccedf12707c00a1559d12845399fa06ec8dcd7f9e43eacdef1a8383e2e8b6b1cf57db924a6f109507033ba2c860ebf2dbdc47d71fe
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (59 mod 64).
+# DIGEST: 58286fe273bf572a76a2725933dd969777c303c1
+KEY: 4ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+AD: 3541a11be112a72933c7b5
+CT: d426f1f4e5e9f77c9ce41b9e3078d1138d28428a0c81cace18a5c10c83ec1d9e6ded56404f7cebab2aec5f8c0849246c28c08ecc495202ba4e640117be1489c0c4e8c9b1dfd014e801423c3142c567e06d41378b18741b0e1f73c1663297da3a2391cdae02640328d528b03d536b8ab97d019e8e68fdc59903f98b
+TAG: 5dd4e5ca278c5b63d9fc7046f0e3f30742cbdce371d5dadb24dbe8b4237e7d1fc32ecc160415fe1a9e8654e2c8df0085bb8a8a761614218aa9c5987a6dac2d6bca48f26412173ff1b9687beb988242b622494b7ef8ab70b3922f7cd9b40628a7a6f42a494232bd90ab26862a2e89b49cfea034b26a9763e9f34c463175b6f838a4acaae95cef8af2edab85aeccf7a6c625166751d4219f44ae7112222f53ae89d87ed696c84c73c0001c6f0a377320b675a5a203623359a559ad7774ed9cea77c9ff706bce4f6ea9c837ccfc7c15138c563e019909e68088bbf6fb5344e955bfb99eeac2ab58d1a8581e0788699af2a77c7c7f8cda6141c2b844d9396e75eb810cd2cb014035eea7eae9c54751
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (60 mod 64).
+# DIGEST: ae701e5c8672dfaf728bf0f43f5e5247ea9ac13a
+KEY: d4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e78
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+AD: 41a11be112a72933c7b54e
+CT: 7349da70e2f5ae86dd50aa94b568004abd84586d29d2ad5bd94f79ad4b63e402212a762ef5ff90e8cdbe1bf152b2162e6ae565e6737ef744a1d67bea09361a92fd29c1eb9eb802dd71279e0269042bf048c791628bba25c15650324ecce12c8a39b31885b915c3417c7612b9549dab0b0db7c99a4767e5add635e0fa
+TAG: 69c6ef3f04b8f79ef911e9636f6b01ce97ca3c71d31d9bb732f01f502102490ed003c7639c631bec7dfe5e69ade48eb82769b3ffd8feb85066849733716784f25a2dad8c2bcd8c1fef23055b090cad74d4794a2346adfe00c64997a940d08954daf7737daf17d71ea4f0eb09069e712ed70aeed0af037aee6fb494115abc548527bc695e2547811cc5e9a5618960994a86e4ce2b55f68eb1b85bdd35675f22911473b9c713b4c4ff3c021fee2d4ed0a305481161fcde8bfb3c69a083e33201d630d1b2c32692f43e3f1abd6d573211314028891fc842a00ba11f87c02d6f0c36b948f2f1519ea8c3d78ac97338f418e50a85d7af21114b099cd42cc09114f48371a6342913dc617253c43780da57ca95ceb5c1dc
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (61 mod 64).
+# DIGEST: 4f498d0aa9205160827626ef80c163275eca1f78
+KEY: fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780a
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+AD: a11be112a72933c7b54ed4
+CT: ed719f396a0c720c91486127e58916f010692f6018646fda04b0321e70f3d5736ee3827743f541857fc2bb3c41497f03563540655a7ac43f69e62d876a31ebc3c14e24a432814aa4a448c44ac4b02624494f703bb171f6878236bbdf27be2f9fb651cd855564976b0e875e4ccfb42930422db234008ef6a25723c944f8
+TAG: e17447e2588894570bcd7913bb8141042b7dbccff24195f1e50c8795f7f3a03b1b1ed26b49f8f5cbfb0c2e493790d816fa33530265c256ef4675c2f0c5f1feedf3b384fa0f4419c33c60d840eeaa561745bd4bfbfeaebaf0218ae5f02bef51f5aecef98dd46f2d4c75ded4dac17ecdb0e6c615cd6758ed728f9f8bf3ff601c26091e83310b670f3d21495afe55b440f8aa2ed8a9a717b9f0191b173728443c2635bb4761158cc3d8691540ad7413213e7ba9bfc088ba9271e292e716041a2b6b05505519f4dafa07216204a037059048401ba3c7e7e0187ad0ce4c53b60547daa7623a9d4e61d62c4c8474ce13042f0ded541de3aafedba24fd579f78a328586f254643b6cdd1fa448d41a94f3d918a99559cf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (62 mod 64).
+# DIGEST: 8c043825b2a3764e8a0cc35a011696fb3ed03c2b
+KEY: d0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+AD: 1be112a72933c7b54ed4fa
+CT: d988f45c0ab83dc3674eeefdceeb7eb10b18efa791a39599404ea479d7c84579268013592599cf7f9e099d2283b841199d823529507fe8c30b7a66ed2c3e46e21116bfe53af3dbc978a1b556ee3dc464af5529ed974a8199cf7a4e4674aece3ffb8209d17d72ca7f7d25898d462b1436fe63fb0cce18794defe53dff51e4
+TAG: bec26441d062334a5454cc9f5a4f7c9afc1b333261ef7e731fdea9fbf53b100ef548ec9f17569310252ef812f416c44f70bcf50b0e79ae04030a16647db49c4df74f5b7a48f643d52eea0a3e6300d97aab984fd084f989c14f7a0a014c0bc6938a85dd29c6f71e2670141fe7426e12c06c09d5c86429a763965354a822872a3e08e89be61e6b033ecc514210316affa8fdeed9909d2c4e91810c2ddb9504dd9e17a5f26afab33a089884616c9955cf287f68ae43b8bc1f28e60bc910c117535a1ad845d1151e5e06507ea30d98f36037d8c0c497f3263a0ab503baac0b6d2a944271f4a07c76d51361b80c11a4d83bebaca1ac2920d6467202207e530f3380ad44c329288bed2aed8784e452b16f16d8b00a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (63 mod 64).
+# DIGEST: f3a432271c9be858725fd024071c4f479ca9a971
+KEY: be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d00d6172e780ab8b7
+NONCE: 
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+AD: e112a72933c7b54ed4fad0
+CT: 7e8981283025150c549a20da52e5f63f59c885d13777f072714e47c01f15b3ec9125a7253e487f6a368b9c1e92005f4ae90140545c3c92d7be4cfa5e68b49f848f58664a7ea39c11c277f9b69bd0f70336def9668bcaa507d517cb2e390fa003917c4a35f303511a6eb79ca64c8059fa50d9ce9581fd1efd0c48b3bb39e282
+TAG: 17a8e2521babf39bc5896910696c7bb8f9bdd9435020f07a934b4889d7aad15224dd9ddd8b1c0281a54febea957d5e40186e91f41c207d6ee0267f8283adb7e4770930cd3b4f2fd81094fa1f8149e652b36176b72d34abd507af31b3ce8d28d652dd42555fba0b8126ab23649e6a247be5411fa5bdf27fd84427eca7e26babac3e9503f14f328445ec83f50e2ada2b4da59e347460e8513bad65e1762d8e9aaade5db0f7bf44e76334d2e15d6a7354f4478b504f05c4db1af8d33af589cc9e97f14032aa7e9d92101bc37f54e6adaa564111c9179984f286afdee74c90cb3d44ef4409fca335f10fa7642b9d90dc07447525e83a0fda15985ef904cac53e1101ad5043533f3d2c8a656de9b6b81931e286
 TAG_LEN: 20
 NO_SEAL: 01

@@ -42,14 +42,707 @@ TAG_LEN: 20
 NO_SEAL: 01
 FAILS: 01

-# Test with maximal padding.
-# DIGEST: c6105cc86e18eb8376c16ea37693db5c07b77137
-KEY: 8503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
-NONCE: 7e0cdd46be99371e
-IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c748
-AD: 1df3f4183aa23fd8d7efd8
-CT: 17944422f667bf1356c234189f9c6cf7af52b2832b2fbaa990ccef4e7f9bc3841e59e25c00e3686d5bd5c29f
-TAG: 3ebd1b0bee840e8a6e992421c62de5a8fda3a82f0af0de2c6be5f12937267befe9b421efafca4455b5af6174cb0e6f929031086aa7b85a073705fa3718a2a9b595e32a725ccb0b3328ea913edf6a42dad4c44585fbbb9a500b0c938c78d4fa17b2e52b479aba6921b376bec72ff6d66a5854180afedb8edb06c919016d19f252ab39d05c3c4f297038badb09ad7f23c88d5cdba7e793f1e4f2d107571eb9807efb3009187e1415e5d0d3c6110ff77f26da9605955843b9cc60875e60c3181ed0da4e5ad390e1d3c0fb942b618d1015716c4606030a40f0a554c4929764da415d773d386b3bb018a4ce72e85f28cfa3e08f0659464c0e0cf3215996c6a769894023e4fbd5377f387bd914c1d64db1ee5f88627b59
+# Test with maximal padding (0 mod 64).
+# DIGEST: ceb2d295bd0efd37c6c34dab1854c80e986174fc
+KEY: 37446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+NONCE: de39f4f03541a11b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba
+AD: 2fd6773e0d0c302a5f47e0
+CT: f2ab16ba87c52d066c0637d387b89d700a66828ef231b480f39aa08ac2447c8ddd205d1a95da37f267c06a1338532de890904f9f19c930adfb684e81cc06bdf2
+TAG: 3ff610fb9e208ff6ad58b78c5b2cf54b997eb3f24ac0171229ff7ee9cd5070de5a604f78b35b6cd25b3f2ab487847ca1e3928bf7f19bd19c9c9a1015dabd2de426fe57d342009ae4a2e67fdea378f24ec8dec1e87b62b6f70626bfd71f8d8d5e5c5b935a76527ee8a9a3094d635dc2b01a31dc4df336aa023517d7c35e142ccd6a79bc689e335f187a5358a00a7d4eb168cca3f9c6523ad4d74609a5b5c9e36db6bdf8464c4c8497c501084afa17557d070a7671c9144c86b4de9d57f033bc6b59a7f1f4e947b6a2d69c85877de731f6eb3db71d9f4c2dc086a3303bcbcd2f5b71643058b7ce08ef5879e0578ec81ced96ce907d4f32e67fd4cd269de9b60e09ff74bad6c86356ee297475ea7fe75d75
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (1 mod 64).
+# DIGEST: a07054c760cc66fc704edf950201005031f3faac
+KEY: 446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+NONCE: 39f4f03541a11be1
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2f
+AD: d6773e0d0c302a5f47e037
+CT: d7059edbabb5cfc2cd5c459abd74e136790aad50d988c6c9271428597617db171b89ab171a68b14f9d417bb81f9f7d2e2045aa47c0b5d166c8b2622bd914c4e752
+TAG: e3d17e303776640b3ab712f6068c44e0e3b5d375203a8b01ad47e6f4681011eff04a41d03ff073e61c630b5faacb744447226a35e7496204911ddd660792be62c5f34c918a0d8514872100c4637ca12bc9c13b1580aed10a68c9187377441bcdf213bf3aa72831f3498d990a7a5960e1e6795bb11e4c7910a881d76ac81320ae61b151b8dbde093bc9e56b8204463d8ec31dc32b3cad5cd8cb48b5f20e54c17469ce97c069051c8e4b2ae5dffc0c2651d868a9909187c2732056213e41e315e94d14a84a24a676155ba86ef0b96efee3e4765dfc750953dc9a7ed739422c7d988f290432320313848a2eb7723c7c85ca3590eb35e3058d0462ddaab0cd48730107d4031a216c6c2595d1ca0b3f1815
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (2 mod 64).
+# DIGEST: d059c266cf6233af730b7a229b19356a4c6fcf06
+KEY: 6f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+NONCE: f4f03541a11be112
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6
+AD: 773e0d0c302a5f47e03744
+CT: 8864e31c8b2ce1bcd1745671da5bd66e1e366b0af66b91f605574c841084a5df358483c7839e4456ae5a442930f21d4bde67578186a91c0a603468339ffbe3bfc607
+TAG: d8a0bcddd40964405ef006e0083e67a607b9f926e6508880d7784248a626d56a0673ff990920960fb307ed9cf40c2a1cc3b632b1f94aeb30efa02123e66165b77aa4be5e2aaba4c4a52372b403cae2f78a3bffc1cae8dc6f53839de7f16b8984304abc4a81ffe1ffb42799b54dc43ca0b963be6299a404fd4b3acf65939ac319966aae0a941c74135705092567e1237044c88f79b02b68ef622f9c776bbc04dbc2f58338c129f25afcd8cad7a0e91f30339457075b68df4960c003ef574e3aaae870787ae9ddab96495861388b341aa63ab2721abb176c4f2e6d5704cae123c20f1394d6a12d51fd5782dcb59d075775dfeb72df846995b87b1d374c0d0b8a003ba60f713ad777b8d6ad42c5e373
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (3 mod 64).
+# DIGEST: 8aac0687e33041fcc18da154b41f20a6af2bfb28
+KEY: 5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+NONCE: f03541a11be112a7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd677
+AD: 3e0d0c302a5f47e037446f
+CT: 1d239b3880e2261806ee770e7296d573d308d9850c8bd90a0764822faf5f65770f98f18ce4738538f03ad9b289bd5fa1367258f00d3ed91e32885bc45c30a240cad8c2
+TAG: dbeb6d1a1165a902128a27d7f55f4d928b56a3b83fa430d47bc4f935219fcc6005487f1ab14df0a07a270645d1c2fc23efc9866ec7e4427fe0382b75215c0f994f09c4ac54bf360f8ec938b02c17c4104127d2cb1eb51a11455180931b8e473838e5b1e61cf5cd05947a5b154be5df49905e6e7c049d00f065f680b0e5f3f4a7e9dad37d493f13c7ba318ca2bae086136d67b17a6ebf28b45cebcbfe115a45dfa32786a8b8354d51acf58bc126a13146e0ca509a26cc32c3e8ecf5b9d6ce76a9f76d674316c42f3140d5139304479376db2a167c65da7250e6fefc9d3b37a2072180ab3202f1fc7dd7f4598d1d976b15945fa73e1be07a91186ce7c16c4249d9f7287baafc572673925e95caba
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (4 mod 64).
+# DIGEST: 53658226c112b86438dd27b58a71f9e36fc73c1e
+KEY: 91d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+NONCE: 3541a11be112a729
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e
+AD: 0d0c302a5f47e037446f58
+CT: 719d9de3bc86d08510354817d0fb94340ab1ddeefdb95a1cf460f7c9b185837b5320dd862b4c319619a0b18dc75f1762cf7c9bed63713c31e39a6f7069563441b9e6f106
+TAG: 8b61062c9480ffa62f7b96e9f50249426d05bf237d25e2b676e0041d40ba97101843d9ebc978949eb7ba53b8989ed0e93e5b91f13365345baefa1d7f59b694f6ef0bef0adc1d6763978e12fe354e57b90127533f3f991ce611e31e88a97962f859ebbc0e50d130c323aff35581f1f45cb5c650299025a03d99026d6f6a844ed9d5fe66e15a9fca79726afdaa54c077d148d561ca9e77e427b8f8074714aaf8b011697524e4d91bbab69bc01c8346e9055d7269cf124b503f7ad38c384abfd91ca36159d8a41e6389212167278b830ea464f7dffc3e01c9807368d3457ad5f21b33bcb1afd41ab7d805c9ed2f2c32da9bd4b510366b362dd02f50666ab8e5a72486b3c0d6b9bafb38c9375dda42daef635a0007ef
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (5 mod 64).
+# DIGEST: 6b7d5268b0b5037afb5be5af6a0ceb34e7656ac4
+KEY: d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+NONCE: 41a11be112a72933
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d
+AD: 0c302a5f47e037446f5891
+CT: 9adce31c760d09ff911ed98eeb7146e82017261c8017d9a5fae1127479f6fb54d081cacc1ab7150f05d13547b992c1fe36a6e8e55ef1fa3bcc45bca495a981000a0c0b4f62
+TAG: 51d033e8003b06bf819a4f7978d75abec450c6b11a00bdf27f549f6060390ff99e0feb9509c6ac882777da699f5d5332d1b838a0436101574789ba485769ea6f4d73a10db775f06331140b218fa2ddad7fecf381fb9e3d26b06b3577bdf57e2a8435ba0e5b1e305ddf28070d1749d11ec5504cd9aa51ffe9133152ff35de21e4bbc3b109a318075d924bbaf0e267a1abd3d7afd2d3d8f4d951d4e96fa63741087a975eee8156b01fe566f7f6a309257c17a0bd9faae4c2781aae72eeab1903602b09b69026540a84b4786b8dce2a3e5ca26c65eb7b220dfad400cd236a4435d7fb1be60b9074f2f226e810d54abe7ec0cf10e7c465059720baf93915dda8a56d5a012a990d72408d2c9ab9b8dc813eb2f1caec
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (6 mod 64).
+# DIGEST: 63efe7af502231420ed5aecce9a28446b257828d
+KEY: 7df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+NONCE: a11be112a72933c7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c
+AD: 302a5f47e037446f5891d7
+CT: b81f6e678c5a08244a5f578970d64f96f50ad5b5724a9287ee7b293308db34e03456f1745f79c594ecc480fb2a9412bd685e6c0df028eda06aaa15c90afa4ec01736450e3eb8
+TAG: 63b849636c212d353918c6e3044d298da268ccf1042987617860b58eb7ec8314ccd7762ebc39b62c0f0f1c346c8f4bbcbf3bd0134c0a7374de1868b08ba013398d8e4b578bb8d7359f2cff1629ede34da00138efa4a724d892fe4ed2b28613e66e0bb4830f66c14dccbf8656e615d66f267182662fee8a3e1fcde0941793f0bf2b00d6ab6e9fcb30553b620cf8e9e0a15f122808d739e698f88aa157baba12428541e928ed556517978f6c9f29c6ae8fe5b4e9ed6f0ce49351ac2a63e74bda9288a874a7fd5327c6856596a3271039dcf54affbaf29a5556f1fe1062279d2600b920f4e26c96e9e8fa696c521f60e9418975befa58ad564e730d1de312ca1b999a5e89b813743b1512659d809078243170ab
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (7 mod 64).
+# DIGEST: 1a555c300a1d1bd5b03cdd6bf2a678621624eb05
+KEY: f660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+NONCE: 1be112a72933c7b5
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c30
+AD: 2a5f47e037446f5891d77d
+CT: 6b6f94bc2326760d257d8156de961acac0b32d7f4d0e20363532e76ce76641ba66a1aa7945b9ee58527039cf83fcb01d8ef85254566947347463e161ec8cdec74a839637288d09
+TAG: 77b18bca8ed1d056d9c974054598216bc15bae5b7d70f3bbe32b3deb92398b0ce25a1efc5eb6782fa5fbcdbb415ef43eca090fcad4d34d53b1fd89cdd760e6424715c7703c51e08b72cb3e3b8a30bff159d5126f1473f216d5c931ae03703d3baf311a59d7ef3d6db123f3e8c0ca26fd3f8809ca63265d2fac935bec32631af43626ed1ee9785c81d7bd0cbc0c5178e1ca7de5d12c3592a7880be6590072c4728b2afa1eaaeecdf7cadd8304c2d4b614af7af14efa00dda595be92de09c74b39df05d7d023db721f86992c57061a264dead21e24fa47816f43b77b8ccccde44bfc32a015134a2cfaf04c582fb839202b08b81543ea9358d5735e7c197762a6a39936e26de58690a02dfc273e6779e77708
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (8 mod 64).
+# DIGEST: de9156349b578f2f44945ec6a676a67a829daea1
+KEY: 60ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+NONCE: e112a72933c7b54e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a
+AD: 5f47e037446f5891d77df6
+CT: 8f211be563f98f493745cca0e385e5b0113027efe3b0a880805427e363014323c4f6c7e6b30d2466c70ed56d63157f2c4f6dabe14d5a22c6c708ab3fb667a6c64ce5c8de22f5261b
+TAG: e5807ffa59e0005c9dd7eef0b854ee1b2cfccef9977f8a963167cc563d844f795c4ce4f9d03da95e4cfd2fc80c9efb6424df8cd3b7875a6ca129da8f509ab09d1f0eec0211e0ffe5492913fb688796a29a8eac54f374e8948991059f6e73a68eba75a892b3e2ed5ab9680eb0b308b07337e75ad5b406c260af5d27955aa820bd0435549700e960e66c211000885e19b804579acfa8c526603f8d743491d916fd4d0e250159e485a4db2fea39a8eb9443516518e6612aae97b1d9b7ac48066d5fbe2c1be3b2e20233a2fb4d39052ef4ca3bfc47e561aaac9c57a7dbff922d6d997821f6b09bf3b4c91bc6162b150e17bfa2544f93f2bebcb4d20322bf0357fdffeec8f75679e6627b4ffbf8e0bfee63c8
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (9 mod 64).
+# DIGEST: 12812df3aa7f3bbc899f6f248f5590e02570c292
+KEY: ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be1
+NONCE: 12a72933c7b54ed4
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f
+AD: 47e037446f5891d77df660
+CT: eeb6afcfd2626da1230067ed9938f7df35e99d2ba1c91d0e91c3db53034a3dd2ce3352b06e3d1b9e8415ef4ced9b2257eb05bc86db8204a8bd943bde51423a09459fecd528faccb646
+TAG: a69c7d8db2c021284e73b3c07620022eb6f199509e34611ed671c3558ae7c103c78024d96c00c791f3450d1e0338598a246855811af4cc9ae1a6522487a4a77b57b58ce29038ab0a2036404eae59133512b9ea40e2d7176e1b36965a27ee2c898d6514872bec952a029d9d85bfb0c99d8b348db6a3bbfedb6d1a3128664c454b9ef29f075fecc469f233e18567fe16759b378600a1d71504231e6caee5688e9858e14fe6fe850d95d7c010865781f0457a22f53add7ef57071c7153d312ca303e4884b83c9acfe86686517d80ce271c148cf3ab6464a9751b66ac7682a5f885ad9301a5602c099e89977f06b41badd1c2ea1f7027a38b749e2ca1a3ff4e4889e6dbd3674a52c8e24d2c76f64a6bc77
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (10 mod 64).
+# DIGEST: f3c89f21c327fca4aa400fabea9e39780378e901
+KEY: 82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112
+NONCE: a72933c7b54ed4fa
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47
+AD: e037446f5891d77df660ed
+CT: e1eb2175bfee27951357b7536e2c3a4c607bf511d1922f6cce462fdf98de9dfbbea66d38884c270e29d08c5ace1d6bb7bcd2b46eaffc67a99e225927421a9894238cefa73bdb48694abf
+TAG: fc1d8ef98aa65ba8a288ca04990bfb373071633eb1e8f30847d3c19ebef66962cce12d015b045e10c9e0aa7f275137e00cb2c9a0508c0187827a74faca4bcd015620f1cdd8f72161bebbb8231ad4b705d1982db6f9fa1d2303c429469737a3141adf729729144f55223df1fb45705fb15adb5cd03c2936674a47d7f6aa5d2a4d9a017e57a4f5dd954504abb588866457730304878ca322f776e3c8e7becb8437002bc757d5b34b16d04ae4710553a624a3fca8866fb3d20672d6f4a2f937edecd58e68b7b0a8c39819ab48788956c1f3f5f4a15e7d13350090a20c61620c9181f03b4d68d7e4f336cb7e4a1a277df5101511150dd39fb43a84cfc480fd548035c8e9ec26602dd66d250fce39dfd8
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (11 mod 64).
+# DIGEST: e8e41988fad6c8b44c56544964cfe0a347b35b1e
+KEY: 933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a7
+NONCE: 2933c7b54ed4fad0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e0
+AD: 37446f5891d77df660ed82
+CT: a799c4a6590a4c48735d1da9746e5441cb11b664daada5d4d68d3a0110c4ad8d5e96d7331d5f7a0d1df9af5da4208065b6bf31affdfcd4944e8ed55b0ba7b7911be1a9052fbd93d5fbe292
+TAG: 6a6e5ced88748f87682759b554d9685280e094e083d297dc5fd474c4a2605612b2f8b1c31dea24d58c25bcacfbf03b8b09dc662d6e1120868ae9a0f1dbd2799756136c2a26a22e3a61a0216e76e94393534586e1a59c570d8bdb37d5ee6d0762e60c7171fc7953e59d74b0f2ff4a061d27a7baa8ed138c51264b356d9a42b0768bca1c1c458acdc82bd621031e2ae7790596594d2f6eda2c8d58d4b53cf6990434da8aa9e9eafec648d52233e9b92994ca5cbc071dceeed57b02e36f93f8d22551660cc4c1e425aa77dcda3bf6c98bff7905becc075e1707e37453de8f300be5aabc96c1051fa46c796a2c8367a00af3c4dccc58bb7dc8aa2e21e0886eceb898080bbc7259648f2be9da0f1b56
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (12 mod 64).
+# DIGEST: d1c7b2c04dc25fe7b742a1d659aec20e1475ee4f
+KEY: 3f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a729
+NONCE: 33c7b54ed4fad0be
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037
+AD: 446f5891d77df660ed8293
+CT: 2b8ac97f05a67490bf16bc64381e9c49e7f348212d0645056ca5405e9e0a248b6918568481ceca70e20ae4b7c1f62700a2954188793b34504fa86decc73f667e5fae944211059dfa94ef072e
+TAG: 5f91838f37198290b43fc04a186db6a05261ea9916a1dd6450604ed8a7d0bb59751f6637f593ef1a7e3aab6421b7a0cc6b5b47477d36bf439806dd8156e2bc2e229bcbaed9a3beedfa383d674d3b91922e6248d1aa8ad62361a4bdcfd3d86daeb6d775a521916ecefa2244aefbb0cfc0ede1b1c0e0059a4d69850160d2f4f662ea2b77fb074a6de69feab87bb56f27edc3a42037a041007f0a08d204cbad0a9047f7798dad51e5c04126519b53772ad4f3017f9d9fe91920aa7585a5f2d95e7a8fe5c7b22fc696be10e308f939c34e52b7bc2e71b06a56e3ffa5a0ed529eaf5a8c4b6857b1f144f51fc8bbc858c88ede7ca325d231b34e4ae0e7ac8fec3e8f6a9bbc6f8975fec1e877f0d05046c3fd7a0e15ebb3
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (13 mod 64).
+# DIGEST: 116e20ff1e79e0af464d473b1e7c187f4dd66007
+KEY: 62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933
+NONCE: c7b54ed4fad0be90
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e03744
+AD: 6f5891d77df660ed82933f
+CT: 783a362232c871213daa72d58658aee2ceb4de66198df21e227326010be056d5c4d2481ffead6c80733603b132b256d1c52d64eb8b700d614dca0adeacc0c7a05d1a64ee7b5c8163d1eae17fdd
+TAG: ba611208a3cc40e2cc638c335fd508441aaa15c612a5100c960543d2ceef9709bbb3e70904f3f2efac3112fc61bdfe7accfb5f0e9d640812a4f5b0676d95b1d5298eddc97ce3aa16ee761491e9f424af39119c9f56322b10e8575697bc93d1f6a63007ae085bd20c83fc32a5d4e59ce8840f75b8c52f6aeda4fc34f11301d64e058b39ff765e1ec9997ec51aeb43b35cba9ad4b020e7dcee79ad532b897faee018dae1231ceafa1a5fca1ff1a01f863580c9c07b13354e31b0067a2fb16477150ab6d027fe88276767ebb46b1029c7d6dcacbf418f10d932dea2ea161ff8a4f6d79e0bdbf0a67227d5c9100a45fde25e2d4e360c0c0942e9ce13b570b5ea149dfe422fea36251e226b3f7eb709ed7c7339aaff
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (14 mod 64).
+# DIGEST: c081d0d09b2c9eb39a372ef4a7b0246a0956b0f9
+KEY: be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7
+NONCE: b54ed4fad0be905d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f
+AD: 5891d77df660ed82933f62
+CT: 894d8fc70288c7b8a5d12e63ed6e6e8c74b8d9837720762ccc519a42e024ee05e8f770180e5213a7c7ceac56cab05834d49847aa1432fcfad8286e092feddd421b33212e41716b3db5358903c11e
+TAG: c00612f3ee6619c87aa5c7958da77fdac74ea2ad1af9115fd003edc7bdb36f639dc2d89668f6c2440827a1e7bdb65acd172be229f8852d4b81d1d2ee1e167ff127fed768d0a6eb822c2fd88e733a0884f06e47d5f3a7e84e7f20d8b630c8e748a03f2eb807f3d6bf67d3f93ec97f22a3bfc477143f9e34049fd9143ad5e480bf538464fa847a5302e6d9ec3710122fe6c295191906d98d69e01e81a79de0538442a76a17fea214c74bec28c01370a0aed01e1a32a629857f5d48c3275b79a25d3fe549829e5d72d9d26c2e07fe133e214e40dfba4cd19ddccb01a6887bfba26db80b40eaee435a7619415af7be271739dc339fbe4a500db56613498b34c2b1f9dfbea13aff30c84fd1380ecd821b57cb3775
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (15 mod 64).
+# DIGEST: 6f7bb1f9e2772eb909c315e653e4737cfed78a18
+KEY: 8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b5
+NONCE: 4ed4fad0be905d41
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f58
+AD: 91d77df660ed82933f62be
+CT: e5d56aea96fb40312e288074a21691ed29f17a547529d2427e8bcd5024e617411c08999a8a514adc83a14fe27c51b0f7d44f684fc60274c009274ff9af14d4b1277cc03453e02c0ceb26c796432f0d
+TAG: 07cea5df6c6594985f9af65319e2fcb1882f6d1d66fae0ab595ee72dc4a1118a7ef8ea450209809349b41664ee21afcb053e8edfa53bb1e66d9aefde4c48c6ff5b5e411c1228cbf5c1021d605311a20bd6708aa004d7da8bf72ddce1cbc9a12100969131d596cca0fe61c82208d0848ae0d098036a07600cc4b443e344b06d3162c8ebe14850239f77d178152fee009b1bd81a68bbf632082f9a62dbe60a1ba579077842c713ab4d5619b7abb15eb8fd3b1ee1506fe8df31bc90a63eeeefc0f23ab5ec83f4a1e9fa8833f15c90d6b68615ce297b466d5d67a87ac9fb10a2ffba5a91d31d1b18aaee8c00ff1a8b8df9584a33e946e85d8c6a6c8719421b75a8a56f964725abb4a4be790acbd60efde68671
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (16 mod 64).
+# DIGEST: 172f4992e692a88f49628e5d3937959be01aed2e
+KEY: c55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54e
+NONCE: d4fad0be905d4120
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891
+AD: d77df660ed82933f62be8d
+CT: 7923c66ac88a9d3a2c9d9e714d491372caea0658b4e5692a7df8da934dce8525d0974848545ce89a44a735eedb22f18b5b8f1455c0aeedea9cb8f5c0bb51addd065a83c4e825ff3993ff58cf0af7577b
+TAG: 06b8d51726fe8d46fce9a59b084c3924c4aa9575d3b3f9b9e31a098c2c0475e460a89639863652164b724927ef13d2c52faeba797d38ddcb9274dfc6478c06626ec55954ce17df075f0b089ef155daf416980039458b7979afeefe9fa3e365ca19637b05cd17987e25f20e62031c32d441a102c22efb3660e4e3c13800acbfba0e7dc99175e35338b87ebb56d09a3b4bca72774d87e9cf92ce8e66917835c765129c8946c7f42ad8acd9afc22acc44a89dbebf6f4b2a55c139312559e2aaf6115aa617ce07cb2a63c66cbaeeeb5c95ce617928f93031f6dcbd3ee30a6fcd4cd9606695b690d95fb8d126c4962f49f11910a6e9daa2227f46a249819074a06cb5ffd449bd5744f9d9c70dc14475fd4b9a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (17 mod 64).
+# DIGEST: 00133da1f7c63fd5f0eec364e9a359be02c1d3da
+KEY: 5b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4
+NONCE: fad0be905d41203f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d7
+AD: 7df660ed82933f62be8dc5
+CT: e0b671d572a26f0553cdeca68a4d023615570ed0e9414e5783691fb6d1c2bc30bb4a7590d3138972345f3a55f2f90fdc8ad46555d41968a00a6462c2bc0931a18df5480e48cfcfcc00078314cabe0e44ce
+TAG: d01f174c6f726b83162a8a0734e1b1e9e9498fa067454e3a488cee1a04703987d5ce9a219b4ba168a809a181d6a291eae84f91705fc0701166400f24775bf5816a67ea6f011829ca07ef1aec6ac3b7ba0576c26b557b00fb76e84b6e633c48b8c425678ae12c922a7af7ce0484861efccf958ed418e2658b03b5c978fe624b16428c41a2a7ee1cc07c9d730b689cf92f2041b5e68908fc93d8221821106d73363e2d53df824a82841be5bdc0668c5b8759a1e79e193dac2e55e4cc083569fa727b952a45e71840fc330977e072457de678d3f3694e429131e25efd339421094512755604e1ec84efdb52259f6e8284bb7ebdf229cd3e4f1abfd6498e3b493b21184f8a42ba31f4f22dbeacbb1d977d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (18 mod 64).
+# DIGEST: 60a6821269be6c5b985576b245f106128eb0b325
+KEY: 436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fa
+NONCE: d0be905d41203f5d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77d
+AD: f660ed82933f62be8dc55b
+CT: aa02a8b8deeb507cd2b2ee187af85b5afa85583c258df91df9cf5307316d03b5d8aad0441bacc27c4cb26c56239423f8e46746978c0edd3c21018f6b9a1c39278f71b462c6da999a6f4d9513a47cd7986c88
+TAG: 5cea96fc3da1457f7e66f324a3c634829a6382fb75efc614bf944cafda4c9cde5bf3118838487401497849d59f895d761b8b0da9f339123aeab5b237edd48d6c1ab4120da7769a7f8510bfca3d7313f0f38dc6c34fea81f60dd3e421afef2d9a61e6b0d7be96b357f1a293fe5c21d4ee858725a4c088f49a24930d846d2c0fad98002fa66a618367425cbae16fe570f3058fcfa2544f1d085ddbc6226e35c4355c916660f7f8fef4f5ab705c93b5182269adb8a4eeff4e62ee278c0588b96043f1ad24ca39a7ad458f541101e1d6cef99d742e2e4a124e4f3a57986d0192537d956231f4e49f5a87f5b7f5a4cdae6cc647b90177dc4d81232c62bad3d99036812f84b3208ed2edb8058f4973abd7
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (19 mod 64).
+# DIGEST: e2593f3b6741a9ed9fa188fc06efd057556ee624
+KEY: 6965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0
+NONCE: be905d41203f5dce
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df6
+AD: 60ed82933f62be8dc55b43
+CT: 8b397fb4fa218359120058dbd145f4bd99def7e5e0a88249783128801b3828909ea19d9f5fb0f3e15ebd624fc32525796ccf9ec01b1da3acc6dec2a9306c57db4eeeeef4830575fd8166c13c23664d4df4cbac
+TAG: fe141cebcd20919976fe53fa1a9e186db43122704ac5dcfd23abc2da394907a9da4011bf32a3948b0ae848d6d010024c6f37191f6fe5cdc46430b915a9c5cc80329ab5d32797fc97bf3ca270d8b35c14e3091c99ca3947492613d183845ea5b80619d20c38434261dab80d4068449a0880eadc55f0b43cc344a875adfd23020b6e63c3015c887ef52c72750c09f60c7bc0dc29ac7a6494bf9771c4aa931aa440ad400c1cdff8f3d1bc4173977128d1eb57731e4b69d3e6d4715dc5d2a9cfdc2afeabf3513b3e3c107a83ac48f511750f887f59b10f40e8f2d197832dbb1febb82c29627232e3793c8a72d7033c86cf99fb54dd2e3ce099d4fdb50a63b06d5f595d5bf59474cb190245a36095bd
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (20 mod 64).
+# DIGEST: 17450a437efe239e1858ac4062f34024305372be
+KEY: 65aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be
+NONCE: 905d41203f5dce99
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660
+AD: ed82933f62be8dc55b4369
+CT: 24e568a27d8bce547f628bfa545c4b7ccffce40f73b5abd6e1b60d5efca7cd6d5feda872e172f64d9193d3d2d3381efb52c05f98d3e1fb689fb05d7017654eb57346f1b3dee23b0f166e50531626582115af7cf0
+TAG: 4dae8797b02d7f1d8dc42b10f18973c094880a10207d9479aa8252df66e855a7a4f6e7286ffda82820f510e8fcae2e08349b9ab46da4d31a7b537484589ec70077fa9a68311eafbc03e3538dcc66ac967e1b992ff38afd452ecc033ad86503a0c7bcd9327d4b4e9dfb90600725cb82c4bc2363aa88d436b161003fa42ccd464456fc057a72281ae050315ebbcf8555be995dd37737da005998569caa83c0af4819df86195e6ea95a343d9f91329bd059d393827f8c1a6c9ac173e3cda42c1bc85114aa750f9d3af3a889b736c9c608c85201fed8f31a9596110c452119ed1780dd610d8d8ab30725aeb07e168016a9508a31a35de30ee16508a481f00b9342847e4793a44831d92d92ac504d5dee049440506bfb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (21 mod 64).
+# DIGEST: a35fc7d25f90dd9cbd35910d5532aca8aba88b29
+KEY: aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be90
+NONCE: 5d41203f5dce998f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed
+AD: 82933f62be8dc55b436965
+CT: 5e91bdcdc26c9100265ed7c6f029a1aa46ea6807340a161cdd07d21bf6bf7181eee02d939fd95aaf343eac9f629e01a665dbb40392e95da6d00839e3f9b412229bc48d9b289b8e91fb2705a0d3ab85aafb130e3e8d
+TAG: 6c57ffa542b745e2313b7c92ca3350ded6fbc529715a5a43615f0cd8922ce27560c2e28222b37b0cad173572ae81a0af45502b7b7194691dead0aa46643bfe9f0b3538f76ae07b540e1bcf43f781c72df95d89512a6024598e734e16cdd8f246b810d5043c34d400c77db515cda8a3c9be9012b21bf2ca6be2de9aac8ddd11fb026e7e3b4a96af04fea4407599db8e37676eed4831eb66c1a6177b70c3e14295d623ede8b119a43f4c25cab2f203788e7a64a07c59ed205080e256d28b40249adb08d116c86bd1c325aefc73e1b6197f8d5cdf71730bc83d1c1edfb92492e8452cbe98fb873d5ee5779bff94ee9531f70a62f01e96d8069ca5f7345f7e6f67235dab750addf54df5e71302e4423dec5d0d5340
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (22 mod 64).
+# DIGEST: 73eff0f03358879f900b6ebd515f0f4e5a6929e4
+KEY: be477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d
+NONCE: 41203f5dce998f8f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82
+AD: 933f62be8dc55b436965aa
+CT: 140efb950a30f6be51a219c49b6601b035efddd7a3cd304d3bd79e13515a4fbc7a2bcb086e82fb035c7ffc2358982c6dfe6b266304e51a6212635ae6f4d498293c276b53e42f62ddc2fe50272e6120ca41c001f443dc
+TAG: a397170ad51432a18accf22c04b831ac81c72d8eaea23682cf8ce6e201f454bc99cecec1a220b7fc24087d040d43d1313022f890e55e3bdd37b67f4b7d50e73df88a862ce10b8fd4383ae560e1d04da0d9505570ab151219ba8ba46e1d5ccd35b3ef4eb621be54598debb136df86307a0bdcafa1d3f6219fdd60feb80709a2b4cee6e0a642bc6a0ac6eccc95405e9c55e0782eb07e2717d784982f81555d49eeb81ba1a3e03bb98df0e79e62acf23c06945e85188dd61b270dbc1d146bfe4368dbbf33db9597837fbb9cfe9f17efe470a6a14f304e616fecd358cfdb5af11b4db71d94986fb322f692c18721d68298367fa840a0bf29643b0d48f74ced1d9958e7fd1542d17bc645b707c6cee2b8e7a00d13
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (23 mod 64).
+# DIGEST: dd6cea270655225cb4f4231f54c19eaaa146eac5
+KEY: 477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41
+NONCE: 203f5dce998f8fb2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed8293
+AD: 3f62be8dc55b436965aabe
+CT: c06d04e3216e4752d83464251209990997de6c38136a51eeff0a1a109744f99f9664ddb5a230099e8af3d6ed85e1e45d7c4f955cb4a7cc3f24997b3427581de167c2c3cd7c4664d988cf6c6abca2f6b3899434398694b5
+TAG: 26290ea8be2aceb775fc57dda96b423a9cc6b141e4d48f530ad42eb0efd03305256b52540e2b7fe82d0bd0d614d84ff97d56a3d74b87a075aef3f2887577ed2d8b09273ab21ee8244f56ac0e404d5c8e84aeb43a97dbc1c4aacd35836e049e65c9c1c8763d773649e21ba91a72434e94355a7f33c0638adb178037c1305c8b66c28424217c5f8712985e0918212b69478f1c64f2e15fd1150ee02fe508e6b4500b8a1ef796b4514b43eb8ac575b0e393469cd79648ef568b42a253f518da6b40667d65fdbfa5742854eae18127eaecc690c4f0a5aa861e02a761625dd42bfff6fa034b012837f38f75ec685a887fd36c0cf9b183b1b47a22cb7313b9441fbb2f03d4ef74073838801a465d2046fcb8da31
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (24 mod 64).
+# DIGEST: 34dd9bf0ce19eff890ecad474388779f63b0af70
+KEY: 7e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d4120
+NONCE: 3f5dce998f8fb2ea
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f
+AD: 62be8dc55b436965aabe47
+CT: f64f633af5421e2b8d343b52642ee5448527831821d39220eace1ee48eef879efe49679f13a9c7594f16511427d3b5eacc8ccdc597d72ad37f5ae1a9bda42cd690ded3eba9a6fe3bf1f36f480805351df8daf2d92fb90d18
+TAG: 6c1c5ee308c4a212efc9fbda5ce9da172fc75acf889b34506111272b1e9cac72722d0f6d6c7d04282ed902ad23e77c6f5f43e65e51fbfe45887fef73035287119f57a813d4d1bb0fa785ce394c3517dbb3ea88118c1b7947e5e211dbea161388d78acb0d089a44989d566181554e0122db86acdb36b128b30effc405fd65e685b66d322bce2edb08d92f7eef94e849bb6c43c882a912528a49e59a39056c0aee7fbbf3687218e84e9d6094582dde5c67138da65b3d821cf959e88bba7823fbb26e8e5fd95cb64cc868dbb5dad55bf21c09192cde9176cbfd08d782efa5fe6b9c683f4051a93ee345fb31260e26d14f9046abca30f2a40c7d690dc49d07cbe5381eede0421b57edf0d313c27442ba572c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (25 mod 64).
+# DIGEST: 7db8cfbd3b29f96d752346eeda3c2bb0bd070099
+KEY: 0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f
+NONCE: 5dce998f8fb2eaad
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62
+AD: be8dc55b436965aabe477e
+CT: b4f47d4cfd61b38f87abb714da89e4e23d37f155110311947ab5977c77cdd5f6605a2950374cca97219686684dbb0610a750c04f2c208572d55c72f1fc90a6e194b387744f94bae4a24e7323c0109141c2a4b3550a6c00f227
+TAG: 345e27a55a67cd68c3f26b7d7ece71ceee4523c763f8576a6763143013cee6a643306e2c35dd3d0743e9bfac035152a9a70ff7fe87b9b08e2708dac277deb2508115a9bc89a989a4f4b1f81d301154b4e243d032258c683459a7bf4358987c0b8a305e3bb2a16fee9d9eab8e4fec270734d76384319f7ea05d6f2263b43b0e65dc372bbebae760441ecd7395b0683ca08c7062faaae20cc598bdd055530f51e27029b0fddf4540e6d66008f76215fc39ca3a70a48de734c227b4e4d9ed31926125ede1d74f7d6122332666a937448895ed74e5d3949103d61dfb81e8d1b814b8051796eb8498d13f16c8a0e0818fe24e396f8b815163fd0b422f97a696458b8c9b603e714ed08742c38a0a6af3a565
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (26 mod 64).
+# DIGEST: 4abaa8453e8cfdefd918571a961d8351754ad5b4
+KEY: dd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5d
+NONCE: ce998f8fb2eaad40
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be
+AD: 8dc55b436965aabe477e0c
+CT: 2de7b7a26fa9d1b0d301f9bfcc0772b0a683ad5a1392bc38f495fd88a44a648cb4136d63ccbfc994f5147cdd88a40d813ad4cf7c95db148871433d23f296f2c0edf698329c760b76f4c5eaf2a5b620c482494de0128c9e5d2237
+TAG: efe95b7e557cc8c83b35c5df397497e25369e5063d674610696c9b0f083f44ddb22497522a3968da01a4bb3f8e626931643c0a98027be8f3e64d1f876aea2dd346936dc53eff94a1eac45719ca038cc1b83bef54585aadb335dc415c7a28c4918b21a21a32ec5fb16ed7fa7ba160f52c7ce2b323239293c2728046db15cdfc67cb666267b8471da3bf7e78794e5c77b5d49d711355b4f465b7c06f44c8597c34bf8fc5d837964775074f6dbbbd4c3addb7e7d2fd78dc531a8e8e62fa649923d8f96e4a759862b1df59f63c1a448ebdcc3c36d7fed786b777674ae77e112a623020299a8d2e40adf3fe5cb34cf9ad3717f072d637c2cca32cc49a9cd0baab294091650e334b74ed29b3d325c0d1bc
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (27 mod 64).
+# DIGEST: 0fb9d7ffcc7c9b84f34661d472ae2d4fa25d3d99
+KEY: 46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce
+NONCE: 998f8fb2eaad409a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8d
+AD: c55b436965aabe477e0cdd
+CT: e4255961e18652cf9fc499e5758eb2b446c55acda29e4715ca8350afe1b52bff24f91c290f488f6c0d89a7a0e67beba1970193b764bf4fc80ea42ec5086da2b113d739c06708d32cf568aefc9af83a8e78b25a9f8e0356e8444732
+TAG: 040155216fca12e96d110f56f859e5d181fb78bb992aa72b550ae51488e905d4a7af7b37401db261c2cb25ef493b358d26d6bef6706b6886c9c720a501c260cb7472d03769a214972f830ec5020757831a00e844dd8316f447886823c3c5307c048d63a4140744e6afa135c24ef1884f08f2c4534d8d0696219dfcc771bd856b3520b832fa619dae97e043ea4b17e520de4b357f77e572644609590be328d3dbb8454531b82694404b628ecb3206f32e2ead2a0a424203c332eece440f9831ac2979b6c86e2c49b2fb308c334bd34f016f4a6be174f86a2577d0a463688808dd42b1c867a1d73046b4e94b6686502a94348492b722698b7326da175af4962898739c6fdbb16acfd1eee2bd7f9c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (28 mod 64).
+# DIGEST: c68fec315401703e49722fe4b39cf28b14e9f50c
+KEY: be99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce99
+NONCE: 8f8fb2eaad409ae0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc5
+AD: 5b436965aabe477e0cdd46
+CT: 3ead3affa3e6e553cb4998d3f8aba6e02349ab0a588647f3518037145860a949160aa182ebe41358a57b3617effb1acf2525db768f042ef5221d32c861962b70a11c27c536a57d369a5d24e8efa23cb2018932ef77b567df36cd81ce
+TAG: ffa39d6befec6b597bff8a23c4fe8791c8309b2a694cb8400f32d8408cb8981f1e4277579e3c28c906a077e115f0eb134257bcaf7cf8e4327d7e4800ffe21bbb7c7ff9107d4f292448892802186f2b7320ba98c2b2da95cc5368f68d5bf723d7f1392ce9e212a9de44aa0d556936f707f45dd25a1abf6aff829a0ca82b67ae51a0aae206e940bc84dbbab8b3a0c62a755e9b59418202eab6806afa5b00e887e45dc95fb9ad82ffecbd5701d118429a39116bb4990cd45668785c252321a0d98e97c28916c8b4d9938d542102faade1852450b9ea8160f786182a6d9ad77b515764b16554f57b06f3e22bd1dd9bb125862db72ea46344649efd0612807f6b5c3c59638fe45a0cee01af60478f36c2ec146ba7df63
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (29 mod 64).
+# DIGEST: 15e1aa5285beab679aaedbf51a86b4aebbe3d7df
+KEY: 99371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f
+NONCE: 8fb2eaad409ae021
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b
+AD: 436965aabe477e0cdd46be
+CT: 7c5e36678f3fc8465f7770d619712f4fdf45922b20db9aa521e721ca35a02446f1f06ce15971afecb695e3e780f4972821f9fa044564fd8675f1626c5b5f8a24da4493917526ad72b631acd16b13ec9aae03ee7b5034919200ca8881ac
+TAG: 7be23184481a76434648417fa7e7afe0066c7f614cb0f5519e15170216db443ac5d840afe41ef010888b5ec1d708cc3a7948f393a3eda3974f6a542482d29c5c0c25fc6375e62dc88cf1334bd81636b0d3efbd4a724273e587c921addf86cbe0d698bcaa2f8acfb8aacae535526c28af0d332e83e7d0b77c32a82d62d5ae67235c827441bffd2efa05b6436cf20092a5332ea695104a0c5f83a8c68322e00ffe42718b9015765525d7af77602be97bc5b91d58034b1f4bcd6b8141ae6a73841a0bb99d8e81a634a42744d2256a44c1bf6a17991fc12d9a6520978656d82d03c18c73abb7587843e503ceecd7d3e2d9a2100ee513b2fc9ee78fea7f235dd9c0ae96ea15045e7749d5b5b819d1779c83463a574e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (30 mod 64).
+# DIGEST: 8cc0b1164fc844e958e055b7ae43f2f95c29e8c3
+KEY: 371eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8f
+NONCE: b2eaad409ae02116
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b43
+AD: 6965aabe477e0cdd46be99
+CT: 82892eecc52065f09b6c740654823993495b8ade7b0626a666ad6294d35b906b9e106b92fae1e767a37eb5088869cb9d01ae6b77631419357e0d966c841185b389cf76b680499e4c44f87624960e5eea44d9df0afda08ed29ba41936250a
+TAG: 44542585005f3619496ed8fb0d4a784ba3ea52cd0a9ff38e8630cc354e47dfcb7a8cd0a03d195a385e8cee049fc2de3529e7fe7e0067eb0c5f65e257141c9fc73b9f23e965ce24ea845134082827ec1028f0a64a1f6a2e31faa8030a0c0ca63b6d4cbf8d8937a40ecff26996e9e409255956dcf889108aaa23456023c5de3e8efceefb1bb40500fd7b08c760a083c596793ce63de2958ced2766005544811ee2beea90d42b6f4b05148148cece4b9b089d0b7dc0b948d385f17205135391259c697de5bfa726a135a2d32d2516d4c72c81b171ea9078cf68dbb758177e04953a1c3c669fa682fea1a1c5d23d9173e4db7d02e957144dd149f4ba2784c9acde563d54a7e4cc164eeb014461d0535c7d094ddd
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (31 mod 64).
+# DIGEST: b51001b6ff9d27bccf3103a4961280e0a1406257
+KEY: 1eb8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2
+NONCE: eaad409ae0211641
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b4369
+AD: 65aabe477e0cdd46be9937
+CT: bc181d050d6e79cd5d66a1410338e4031378d60a217bfbdaed1404453cf8a680b9200f746ddb6106a8a407aad8204a7e3b5ce8b8f34d1bc69b84fa538745bf599674c6ab008435897a765e5072449a7c79c4fbd11f0883548a88244f5b1dd7
+TAG: aaf4ba13e0df9d9f0ea057ac04f64b48a97ce398674d0503053beac9044920191d6d619f2136341cc19f47a800e803e0b696166d306c8cf969206956c0e198157c3d6f114c7217592e358c27f064c5d940deb2631a232570975fea1011e07b85539a86cf83fce7a1f4ca35635ab86b901aea3bec5595129b6a8ec633fe08ce1214c39ada3da5e6012525c740a23e1babc5ad9dcdb6cb837d78567a59bf52d8044655863e1143e5b367916a154f7dfa98fbc7545813ed2e90da0b365733090f264aa5b004ca22adaad01ab98c3de62ffa15095a20967a2c07cd3792831027839d91a8048e1c927198644be2407f0543b0259d649c15aa6d1374e95dedd203a9ea03f3104aa2fd27963b199c669a4ef9735b
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (32 mod 64).
+# DIGEST: aceed075f31ab159f6610f43ff0a6ed3a359bee1
+KEY: b8da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2ea
+NONCE: ad409ae02116417d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965
+AD: aabe477e0cdd46be99371e
+CT: 630021a2b51b2f47aeb76833fe4f3a6471d208bd943d7ebe9e97ef72004de998b82a7270ad9ece3738b1322ad5de184ef9eb67ed7d0a7f76990cceb64eff3bdac11ddef22000ec6e476de4d13b841b8bbb941ba4622e35334ff293014408c1a6
+TAG: decedbd573c17d487e3fe140a08cb446bfd23c5fa71a62009e24f83f5acdb3d8263ba693c43a0c1dac94c700926bc51bd4056944dc5187452bf927a4dfdfc04be4eba66b25d6dcf4e7e5a64b935c835a8a4fda3d43fd2f3fbbb1498a45495c1d73c6ef8463d1d22cd46d874214a806bab520ea7400ac83f009525017c9ade73d9ead4d3b52613cfc91c60acb38cf2e1c05e2c18aac0c2728135648087e7e24bc54d55f622577c34417fd6dcb9fb1be14740ea5a452e314414b86fda4a3225ddcf4e9d686a483e25f66d218ad252441013c36b69031cb7ce6589eb0f63fa694ba4984831d863135463e152c4c536361384c07782932f6601d909f548c5afc0daa3c80e8ed6a2e615a792fced1b452df67
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (33 mod 64).
+# DIGEST: 976ca4c9819e25a204a024d05fbe7420f717bc58
+KEY: da7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad
+NONCE: 409ae02116417dae
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aa
+AD: be477e0cdd46be99371eb8
+CT: fba7b6a3f55486dda6db0c08da51010c3c1158424f4ccf5bbd356d401309dbbcdbaa89ad46e5aeb5df48fbe000a728d5ac5ea57bfd1ff96327b57a4c2baf5cce0f31dc5266ff97b875f15c5d0a4c2d85b81b69ae42f6209111d4742ededd8ce84d
+TAG: 3083dbc3588403b9c01492e8d8b7cfd2b5070ef097f57d4fbbf1325a4f1e28ab44b0eea3818403b063e86345c1cc0f242bcfe1b854aaf6d9158d316d768380c35e4f191f318d16af31ed6c8b7578411ec57999238b7fd2d69ad2459e0090de55abd96c0a40b4a0e909427ea3f2c626c054570929f7aee33fb45e97daa90661f455b4f38297fef238fc5d715d7d5a846399b8cfe78d64186b1b0d884a6b89c358a4743f3271df09b52c741f83e364c8f836b4f41ccb1145dab7be582301bcac6cbbabd7c4c4311b0e21ddfc152018695be7b9d58e95b8f74fcfe98ba8298d931878dd1318280221a5b0c5df31fef128f672b89815aba99ffbd41df840ccdef16a3e8750830ec84c2f50f3374e550ad1
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (34 mod 64).
+# DIGEST: ad8cfe7556704bb1974e94f70d8743d147c5c3b4
+KEY: 7dac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad40
+NONCE: 9ae02116417dae0c
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe
+AD: 477e0cdd46be99371eb8da
+CT: a6e967aa8bfe23d4237d593e6cb2e279174b57acd9037fd150cb3a00a5524256756602c8541f6eae44e2b97245f0f63894afc812ebbf87f77be763320d0effe9974df583519582f72b57845bf20bb2f82ad5dc59b7d695a424001d0b9a1194b9ed7e
+TAG: fa2419a17ee52bf8e0671e1a7197f96134c63110c557f7b6f0a0ee57de8c64b3390e56a4c4f2c75a7d4e4222507b2790e31043a6ab18a2d71786b3334eaa37b2ac7de20610a4f4af3c6598483450383199e1256e05e2bb20df5d3b7c24156273716a122de04b6bce230ccb8fa7876d191152d82206cab40e1cff6a87d906de2660876b4abe90491ad6a10399f3c4a351d86dc9319ea803dc2df41b5a33c4e17c8654cf06eaac402a8b45f252714fd8fe060d33f05fa195fbb091e2076fe87ebedf239ce36783af321e21146ed150f06083e9578b2e022553ce43dd05e25033698219a5172d6a020bc9db1f5f2a954c994bdfe0e7ef7f48c243dce77c2274357c6bbe8c8267f8f98a384c4fc177ab
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (35 mod 64).
+# DIGEST: 1dfd9608adabb5a55e12949f1c4bfcd5a77cb703
+KEY: ac997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409a
+NONCE: e02116417dae0cef
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe47
+AD: 7e0cdd46be99371eb8da7d
+CT: a547715740d6cc64021b5e70bdc0aa8299369a2b45931a539e146aee243338dfacbe531274dd5daa12efee9e2ea90d4d963386d57804c01767abac3ab329a08ee974d9d8723f5695bec5101e6ce1d727ed919eb53bdab44db1e5f789729cdf91010292
+TAG: 107dfa1b7e55565fed6fe7ac9ce44fcf6c5038a586f9d02b2603cb02936c0b965da944a945d5b21ce2a234e6431fd442b428e118058ecae90f09778e2b914035eb700ca75cf4d6d1589c7c7e1b7e12f49a4fd3422e064c417156cf6f0782d52b71915bf697fbbfabba723e39a770e89f0d7c46399edf424c735bef679001da5a789ed6a3d253dc4f332a80aa14d745d88e015eb246cf3c5782f0ab4a3bbadb9dee73f2dbba55bdbd9e0bf3f009a3ab434156aaa02aad0422110d45a647ab90021ca7a10541363198e70521f96c2da7f85ad56de15b4c90f01aebbb76910a2a1240cb6424aef8db7ad185686cd63f5d1a419a5e4a55be8a6a5feb7a977b0bd25a23f540205a1cd98eb7cf40fd10
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (36 mod 64).
+# DIGEST: ad2b43eee27e6267d8c5c1c3d558a07dcd6b1f5f
+KEY: 997deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0
+NONCE: 2116417dae0cef45
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e
+AD: 0cdd46be99371eb8da7dac
+CT: 7ed8d60c67875030c8a20cbb5f71e22d1e5c3f93852a5bf953ae67cbb3a4d3c0b69bd9b43cf807b32dac4833e502fb377d67d2575a62e9f6dcc12c4df05c71802cfa5b6b3104d9526941bf1b48bd5e65710e15862b6c0dacc1decf5aa1980fce6cf99e0a
+TAG: 82dfffccefd195e0b64ed804149472b11158cc39b4f01f6cdc2b4b3ca53bbdbc2f2b1fc3a75bbfab6f349c809c5c775261bf88188db280c9611f9ce8aabd6d5517e56408ed5d6fde3a0d10b20af0cf684fd7b904535d124bbc3fd9a8fdd3a08c6fd7a8161bd0d1105d9da9002db95dd7eef295102cc45458b9af01dfc90d480ed40f425e657d1fd915e92b3598cee8d815b4358ceb1a7f79749071895730200ee3da95a40a2aa951478fa101aae1619bc8019dbe0059cfdd4968a719f960a11f73e76a9dba8c81017ae31d70301c24671191f13e9a84c6ba169e4609b750833a9eaf6b87312077f83e62dd6d79e1f2e7c18d3c603506875f2e6b1fbe540fe896e84ae227efe2f0193b4b9ed0c101c6dff09491f4
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (37 mod 64).
+# DIGEST: 3dcddb1e4f49633e7b7bd36f4056d16c53be7f5e
+KEY: 7deafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae021
+NONCE: 16417dae0cef457b
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0c
+AD: dd46be99371eb8da7dac99
+CT: 0bf6e04e00d7389a3f9bed220be14691df815190dc4038b802981bc5464ca4e98b94617b8ef1f05f3646d3731766e0b58f65df6c255128114c3ab1c2037da671bc995991ac70acb0045b4607e6f8ca51dc21692c22f3da6b326a248b2e0d9266b42e47b6cd
+TAG: 2cfcc48fa50220c001f814b46fcf19aa0465e49cf9935c61f3d52f1d6cce66c1a7d9a775deeff52b999a895f29ad25f2d1b7d881e7a4ce9a73b19a10a782d320ac0aaa84937fbfa74d95e0d9615cf1718a77cf8bf2e59716c65ee1667abdb850ec5a96f3144d2e35ce7e67ddd0388e90e70450b362ba5575bbe0b36b66bb889b59ee6eca1da0bf48297e32d4fcd3be55ae58c5909c1686ef666f29fe76eef53885e9e2bb6746da291569af7d2fbe1780faf03321e816980a10e89fd11eda9f8f3730a4f34890531890194610cce83a89caef779e83673538efa753f3d558b24469427daf7f1395031c998efb55a36a1a13d7c35995652e471ca22eef80221b923d39b93abeb5193f3e98683d3748167670b20e
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (38 mod 64).
+# DIGEST: 25b982a242f669c013cab1c18da425330090e3cd
+KEY: eafd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116
+NONCE: 417dae0cef457b9e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd
+AD: 46be99371eb8da7dac997d
+CT: bb14650012537fd52f03bc6ec909cccf84694ff8109e802ca28b9caa2c992a65b9d11aaa29f24d45a0f0f38249675b1d036ca598c7e7bf77aa6e841800149f16453bac19b3d40bd494ac0113a5209a8f831e4b2ea8e99c32a52496c5c61988cabd4c5396c760
+TAG: dd942f26ea4e6fe44450ce4931bf947085253ac61a85a1434386770be82c57951e8f778b5beaba709d94b0c6d71cd29b12a8f173435617c72d9d50719ffe85f81475d7e54d05e8e882e9ad174c25c532c8c17c1c20985340957bda87fb0f99bd5107267d26a7d2f9f16b3de38761645395717224f96ce23a657420d164149862903cb91bbd887f8250a4a9b7eaad088c7a094a7c1d313b7561448a1ca223516433d0e7d9d0a3d28c26e1833e6baa5c309092803a8a1a034510b5833264d4e59a7d2cef2e4c19f9a90f3f02304fd202e54a246d02dc81d90f5ec7966758423a82a53350e8d5ae767eb5de1b73bad4bc55fba1d79efaffcd2ffd2471ba8dd85da35ebc2879cc07b200e8095da4b87d1f7d9e8f
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (39 mod 64).
+# DIGEST: 9d7958e23777ff2472f5a24dea5fc19c151dd921
+KEY: fd64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae0211641
+NONCE: 7dae0cef457b9e5e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46
+AD: be99371eb8da7dac997dea
+CT: e21464474404e9d0d653d2e5214e332ee7691e12bed8f91627208c67da34033887369def4de497f2b7d39c0b0c9101bf25e7aa405a165ce0ad00f7bf311e19f6a45fdf5e13f6ea9b6007a5ebc584e0e68dba642f1d6427a6cf6f84147dfb3f3d589759a44247ef
+TAG: fa083f65f3b87f4ae6601498a4640410ab34ed18ff329ac22e14dbd511480063bee2d2fc2aa2b5d710aa22f8e2982b863f14fb815f85f8fc70da961695d2c39177d5833a07e26577708df2a984d504d139541636d87ac0aa773b8140bd90e9373b87ef9337e80fcca9afd4b533e49d8f878c41ea9a51105beac814c2b16a2cb7a47ebe228a509ed65a08392983f42aaeee6a1b4a9d0b498faf8580c4f4f681403b758692f4c32099080193b2e6aaf18590343b20fc84baedc245b8f0f9c90016738603c1fa2feda4482093d895825e1751fa4e1f767d8de6e192a155ec3e66ab85033c4b2e18387c72f58e21eccdd2fb05c4eec7d10234c6cdbb309a4f325b451ca3ac6e9303fa3339f4aecd94f8ec8d5c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (40 mod 64).
+# DIGEST: 09e9eab51bcb9faaa3bc3e473ff66b06e39653fa
+KEY: 64b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417d
+NONCE: ae0cef457b9e5e16
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be
+AD: 99371eb8da7dac997deafd
+CT: 2d2b0233e9dba69ba134610eb54a852978727d62c1b219b8b2efb9342d675f0548847e340004db6ff5342941fa2169ba06a6e197a8abc7ee7a4e1470f0041e6b1aa25ed35c3a19c84493669557b56431089110ef4ec66b1fe45654c965f4bfc7cb834bbad485bcef
+TAG: 3626aa475924187edb74cb97a36fba693e52b980825e58c0a1509bfa40cef0b41a8e660404a00d738191d10ceea7cb761e3a75734ab226693f56d68ff405ae2fc2c2aac8988d954eb65dd0e86ac7fdbb208a4e99d4b3b17f6d1e8f347c540bc00132b6c3e9e2ad17b8afd7b1fb28bb1d120167713233132db4bed535c751de37d657178f6a5ff8968b9ae74410c0ff8015313eb3af8ffb57d771a6a03984a8509eab4d1c9dd39fc675192b47e46d22fe347d2e25dac07c1f7c26b17f3ffeecef8fb301a66c71fd582f5a6cbf045a107481cabf0298184704a52bcb4ff08fb351bb699e656b1a479de60591b0bee7c875e06f55ebd010b450e1b074c9d74795bafed4b7ebd5934281ad392875d0061e68
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (41 mod 64).
+# DIGEST: 7b17b7cb19107af8fc4671420e461060e2ef3e61
+KEY: b1fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae
+NONCE: 0cef457b9e5e16dc
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99
+AD: 371eb8da7dac997deafd64
+CT: 245180810407934bb7ef6fbda3f64abd712a3959d0fa2502464c159ed70fab64a10f360f22dbaaeaf44d4bc926c1028675cd1c3a94ea951b1561c8cc449f0940c6766b67ec21f8c039f826afa423e7960bb4e2f7e71f8f660ab2bb24e2f3bdda5c070a3529d78b1cb7
+TAG: 502ba1aa764ed0da7a939f1aee2b6fddf982f99fa22b6f45cc755c8c283d91cadf163e9f22a69ebc2d4a3c61bd8f3c570f7e79068bf5e95c0e89a0644b6221d1e999ac49b95988fa9d060681950c032c48145be411149b6a5b3c3bde1b0908b63c8c8e52d1e36c50041bc59548e227f39185368b565e8aae6034c2aae006ccae61a6702d137618c0b41a8a4e5240008ca488074284c4cdf7ba323215b32bfe4ec726af4d15bf0a0ce9b474e41506824f3ed60db19aef83d83e612200532ac173f00398c8f2a5ed6e72c8d30e4cda5c05248d6fd2e5fcd095a5d1d7abc63027849c92ea911d4d5b788ff7edabd3a95fd6c1cb78eec290505ec9a1144c14963f700e28eb9da0e0c5d1eee0225bfdeeef
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (42 mod 64).
+# DIGEST: 48586ad2eac603c136911b28e2c69f101a8ef371
+KEY: fc65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0c
+NONCE: ef457b9e5e16dcc5
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be9937
+AD: 1eb8da7dac997deafd64b1
+CT: 05fde16dc64641e35c07c0026eadb56dcfd233c5dda80544e58789fcd41539edaac9d47de790b3193d881e79fd79c117502e7cfd1a48e9a35d8fa3aeeca41457c46e5d9efd1950c1a756b5fd65c18b961d33a6d1256b92a6c6f339fe3522f2d4d9c44453f5ba66d2d0b3
+TAG: fee333cd5c24b3e53d6f4022c387c560eb4ec4574c520631d6473e8d184dc0828663211c464f65694144c62dd91037e9e303e6997273e17f1d364089ce48cdb0a01c7a19c0c10c83dc41c6954b60d5d21ca71b91667e40c0022ad66d2e095b3601b71aa08d5818728c088927dbc3da13c3c2a58d36e71943a3ed59e3f0141b02fdda4d20a9bbb8f8f6b9b9dfbab00f510dbe942e1defd78704be7f00460476189dc0c2522bd70c5d399da0ddb64891284060741bfdfd576facfe51119b8b9522b20ada5421f6c64413be1e812aade8c034d5ca0ce2e8b5abd30917b7213d5c04b4bf5e235590eae64870c001ef0312d45a9217c9dcc8ce6c69484c00df028df2a62c9e0d5b341250bdb6db585c33
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (43 mod 64).
+# DIGEST: c37456cfc543ba6e5848b9b8f4ac5a58a104b521
+KEY: 65de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef
+NONCE: 457b9e5e16dcc5b6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371e
+AD: b8da7dac997deafd64b1fc
+CT: 8618242fa24c47146327575ab228f8fcd546c71db9d1183caacb5f5fb93deecbb242e8bd6faf60a39783dea659f95e5b201a0ed49abc556954fa373d1b839b4f01574c5b3505baa0f8846826aac8c12f40874761422570dd0ac01acc7d1cd3039940076d00d405ffe57913
+TAG: 271bddbbff5333b22cc39ae0b9ea9900e34e9005d6858ee9dd3bfa7a073fa7de3ecb28e6bd4abbac684a25afb2e19c488429c397711886c30a9657060ecd395da79ea077314e5b22bf7448b70f7c3a5132b75e46ce0711da9c38ebc9760a3facedcc469f7f227b0bc8674433d0d81d71d9a20f4d1a453afe62d6a0b37f324fb58d8a70cbaa7808ee4eb6ad5039e51c51698f94287cc7f476e30ba54043d7ceadc720ec13f15755eacc50f3dfdcc67b23a7135173ac1c726c7b65e939e9656871a5d30e9d2091cc8b102bd0c800332da884ed4ed7ea7ddc2d2f471e4a8389c0043214b99e8af524716bcb37cf82a8707ae13fa5fcb855bb003c99bc388f238b3bd0b51db5f1fe8e6b43a7ea299a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (44 mod 64).
+# DIGEST: fc113d192686652653a15887974eb1f9b8e32248
+KEY: de39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef45
+NONCE: 7b9e5e16dcc5b6f2
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8
+AD: da7dac997deafd64b1fc65
+CT: 3de7bd95f32d7bd6e263993e48d69eb4cd90f2995e437f1112707f96ece932b1aa317ac0b4abf88a8a90581b9118ceddb576c74c960d5e734eb157b90abdc61b90d485314ffe145a5603bc661bd9a09f4dde518b762ab6de54187baed5f23d6d27f528f66d080a1be66fa811
+TAG: 3c2759a67021bffbab4583101629b11486ce26bf8e5081371e2fc36a0a73a43968373874ffbeb4684f0ba4bbcaf4d27a344e77d898cfea20a4790f453fe15cf44586269fcb3c3101358c01ba604c29afd7cab72fbab16ddd134f986f8ce58bb9e8c282ba7603c8591cf223000230073698b40b28622cdafea8964f61e6710cded9530795ada08afcf1bba283f26b3ab408445429ff79b49a5e8bbc60e293074fe8bb5662e83c1d6a534af9604a4fc86481bd2ddb66606fc51da69e41f419fe99c2382a486fe941a684d36358ceed40e827545f9cf55cb854c02407eb04d7c9e9ea0b11c0fabc01551817e7e003f8e3b3d3db5b0b168dbfcbc98de8ad34a5a1431ee0132f95262695535ec6816cdd2a6440fb33c3
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (45 mod 64).
+# DIGEST: bb6e5b5be84ee383caac0378cb6f541726ecf61f
+KEY: 39f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b
+NONCE: 9e5e16dcc5b6f256
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da
+AD: 7dac997deafd64b1fc65de
+CT: c48489e9166fd23fab715b3e4885b6af25fb48ca99baa15e767c8064256fb9b2259688377d7be9148fc471a89c66b848ff95f492b1670075e98a0547867293094d89a2d5d73b8d54da8fa465fdcf122caddd66311bddd54d645991a4f02708eddc30c51b5b22eab8645e2119fb
+TAG: d3e3d002bb6dcf09c63e08e7c80741796d19fcf9b7350b88c5bd7f785b0c69f5cd6d78becebbc53b0b89cefcf8debc61945bd6e34c8ec5b5759314f8128169cefcff220e80f8847eb8852348e5aca843ee4088371c411bc2cacd4b1bd73e3a9855047ab87551f79097ced9341935b262939e7dc5d7a835c4a6aead77a52471a669a0b6a4c99dd5672da39ceec57d01e33365c5f9d9db6ec97f5b4e0545ed294284cfdb41b81b8449cc181caf2ff5a1749d1acc2c3f435e5d8b698186ab6a6e23126a7a880898ce3cb7ad75ab4fd4ba40c05e77304972fbbff3cbb1412b0b7ecdbc495ae719aa5e1c4d17fb057b27eb51d1a50c1a61857ef88efb5c754a945614f6d9dc3259d5932fe1bfd30eea69150d613623
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (46 mod 64).
+# DIGEST: a27799fc2e00e7abec4c5939451a834c4606cf7a
+KEY: f4f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e
+NONCE: 5e16dcc5b6f25607
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7d
+AD: ac997deafd64b1fc65de39
+CT: 4fc30349e938933fbe87c1b071bb54ea2837c2bbc4ad4a59291fe5e190d25aeba4a14adf7a8968f87be1d68d3251259bf66b5413b4b4354e2f2e0574a3055b4c70e736ea139159599ba7f7c9028671c1bc4af858bf7a691429571743ec154f0a7cced1f23b748cc93cbefc234dd8
+TAG: dcb51409755c687cfe32d594a0351affd831a978b22d1ee70468ca3c034ef15e92b06edd903f128c6a1aa34a0b0a9d799063473c8a53075854b48af38f834ddd538cdc2f15038db8bb8ed175aa5889532fdc8e6e61a4dd2a67f9912f3f8995439c7f500214d038e6e167a566963dcd4e56f51b12929d494f9f520dac3e8bc0a0b7a6c5be098881a7d9365307a45e5bb7a8cab8a3971b3f8181bed642c9c0d10cd88146978d82d86024c719ddd9868497010abe14ef8c339cc49e4e743d6f454993e71d551cba457f172b27d9406ea9fbc0413606b02ab86e2e8654e55f5e9509067632a5c07cd30f5373554cbcb2ba552f98f5c0e6a5d588ded804885e7939b964252112b28143191f068fb1a466a1f13226
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (47 mod 64).
+# DIGEST: f30eaff92a640a397f98e6803623e8d1f0c1fea6
+KEY: f03541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e
+NONCE: 16dcc5b6f25607f0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac
+AD: 997deafd64b1fc65de39f4
+CT: 94579bb637b0368834f699b42ab802904e1d026cfb7e487b2568c482b849c1a7a1cb0707ac02ad9425fd9743553c69d2ddf543264e8d0220e98410e85c9b70a0b85143f01cdb0e0f53cadf34c5c00e7e8da23f1c1302ad8bcf17b765c19b9f9b9e0f67804cb92b4d6104985caa3656
+TAG: 9e3da50eca9da0692ce30210517e1bdfc10ff6f5230421148943fabfabdb5c8c0d3670e3caa4e109a6f07dd1fd7be37814b1a1a8af65c6ded32b3023fd5b422eb4d1b421e87552b38559fbbd3a511516e4c94c6f717e8895329d98a6b7ad0057177ee64ef837f3b41cf3cedf2537659d8d9f3d6515787ede245a6cdddee4c6cb793b88c298e8a5957c18cc509f76892825e9d48915da0d9baa82e2b1f804a40a6ad9d576c8c8790ef2cbb800405adfddd8fe3f646a5c19cfdadb399538173051fe361ec536397600f847f779039086635e52f9d7f8d9396d480ceeb8f62bfea1115aae28540fed0b1954ecadd6c16ac5258b25139564dd86e3c966566043c6d871e3859151b267256c02a5ca8530473ea3
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (48 mod 64).
+# DIGEST: 7227537c0113a9f46f7d332a0b37ee5303483d00
+KEY: 3541a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16
+NONCE: dcc5b6f25607f00d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac99
+AD: 7deafd64b1fc65de39f4f0
+CT: d31d0051cc45826e4e89876c67af6b7e52e71aeed5e2c3254f81e26091ba702063718458cb798c268cb850bdf6f09581c685b496b2462649132e19d621311afbf5a6e88dd471566d937bbb2669b36f5ac015212ceef7ba61b8ace55f5860a1bc48c12709c5b08d5420f416a4ca3fbbad
+TAG: 7a5bf3d74ea3fde41ba65d954b164e675ec40200f2ff02d6b2cd26ecfbc51a31e8e7b2d681defdbf3928ade27ec4e87345c3a2955f20e7d96955a7653fbe0486d489307a75cd23ecac79133a781aed1644a69cf35ee51c0a3bb936a3cc49be699bc4d71fa8f6556412f73db40aa759ee10d2817156b7275934a7e4a8340ae578f175d7e96b068a0762a6c96ded4fce216290672f0fac667e75cc9556ee6463277085828354b9affb2a588e3129d54b35efba0616efaed3007b7e320fd8c7cb260ab9848c89c03e4332d47ecd10730cb3ebd6822aff3693b1a2095f8e364081b0c88a1591bf3785883e9cb85583dd3b05db81a9f468fd513cffb1c893c33539864c01b771a0ca8d5c7ed684bc9a555b8c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (49 mod 64).
+# DIGEST: d76570385cb65d30c3d636ff25c5efeb8d1ea08e
+KEY: 41a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dc
+NONCE: c5b6f25607f00d03
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997d
+AD: eafd64b1fc65de39f4f035
+CT: 29cd7e2276dc4170c3f73666ab4e87527758ec7324c9956629128cc2291d73e1894eddbdc234f9fdc70cd31cb4d76438e9e0f9f43c1788fada093c829aae078fbfb287609ee81e2e3b6e607245228842e001345c1624c4e40ee09042c7074cec076e2efe2dc58932dee704728ce57dda1d
+TAG: a56278ca93f23453e7705ff96cffb901b008e0a85064f6747eb0f179bc37f006f3b19ef0bc20ae87d41d87f23f83e9b942994112bc9deb76afe7634f0959f60218909eb9f87d89c5a4a465b9f71c2a79e2bd97ef266099f9f703749a828ad8c8c6792543de8b080d2ccf2ea4a44237181ce6d111ce2f1dd7658a5f32e8233d2083af5c6f77a0d865ab2f09eb8e5087abc3fcd6dabadf1951b7fc1715d64dd1791e4b2b98c45b645b15dbcefd2b556d9db387b082acbd0b1fc1cd91ba6fc672734172f620b9e5472c38c0f2f636416231253a401d76e908ced1a9a08d0cf0c154e6ea33ac7bd8b1db626dad3547e59c05a705e88a66a8c39b2313c6ff10ee4a1a4e491610d571aff4bd6ead07fcc43d
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (50 mod 64).
+# DIGEST: 170369666d1f2337b29b5f14af68d47910388e7b
+KEY: a11be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5
+NONCE: b6f25607f00d033f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997dea
+AD: fd64b1fc65de39f4f03541
+CT: f5f144041bd31817211edd73cae8b44c3a4b1d5be0b58c1e8e2d31cf0b2591de5b114eb4b7131e130c81c9dd7bcaf5d9dc62a0db2649bb62ac34c297d0bb2188511552d37fc90cdfd266ed262b5e1912c113c145ef0387852701b7f4d80b9ff970586243fc3440db58c06f2dbbc39b4d1568
+TAG: 7002ef6185526811fe8876682e2a02ae686d4a5ae9de7a4170688167a20145d4babbb6b442cb0653465550f0e01561ce93aa941c3f078a783a286b4596579deab08af3fa2e5f41b9e7f1daeb17184c4082f244bee7a73966ab7eec2c8e6d37bd03a477224422d44e56333e36bb8a407aa13dbfbb7b996eeb468ff4cd62de406e370499c9c880598503b8b996cfc24b368228f890295f919a1106cb0e32e282995744f171b8a00f1aef904ccf320d06b0d9a26d76343da893f506c9c6189165d26a439310144603af15713e485bf8292544239161069a236567630148b900946375e38fb9b37542767096136680ce3e926c862279087a89d511659f90f1683e1512487e90311ef04c83a6a0c46eab
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (51 mod 64).
+# DIGEST: 7c52593d1d37b0dc380297231c6cb7b64e04c493
+KEY: 1be112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6
+NONCE: f25607f00d033fb9
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd
+AD: 64b1fc65de39f4f03541a1
+CT: 4b735990123f86b6d35d5c64faf77b21b07ccd281649d3f70353b0515698c843c2fbc2ba7ea0700112990ca0c7c638be7f1f0e6f4a531ddfff6db4638c2f38df750ffd5ef23976fd56d79f1d882f6a5db8c107e6a76c2f74c3b72b14127504befe98541418987222f4620738e7ae67feba4480
+TAG: f15e0eebab83ce6db242365b526cc6556c3d3de2a6aa8fce72de3ec3931c2defd8da2400ad84cb489078cde12012ff2cbcd579572d9a4d05e839c14622b81a894d03c80de8c983ab7b1c28a49661d201a2b4b2f126d864e4f4d8b34305bc8b0bbf24494087b9f66e1a161d415729cf6e5894b0c2a1cef86443525d952a8ea369b61845b8db6afedd656f42c2e8213d83e37625b501c0470515390bb152ae81849b2a5fc91967b95240c65be58567bfcbdfbab19581181044ffd5c54aeaba46617dda655e8754f77efbdee94cd056b0bc9148bb40a67957a9b9e6ab46a54ba2afd488c2c52aabbf457b218bcffb119f3040a711eadc712aa5b5d194df0d32d1fcd58bebc808fb4f0113ce003f03
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (52 mod 64).
+# DIGEST: 09a1659100052d13bebb4defd7f54f975a58ae2b
+KEY: e112a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f2
+NONCE: 5607f00d033fb95f
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64
+AD: b1fc65de39f4f03541a11b
+CT: e405c8e15d95c848b303d4ecd4cb639414b88bb8fc0eaaf852b8ba40e0606371b0d7dab91e2421ef13a30d2fc692de8be33097724813b3a1c4506e7bfb763b829be71348921cf9e3bcba87c353ce81bb084a1c2f42725c2a87d26df143e18ae23189e10e2a6e60551f1d09e30042f63bef6b6e0c
+TAG: 4b4b1760eca2bce482c294c5862412b47f1b88e2320f68778adb653a35e17f5641bacfebfc604cb3487d9ce6a9b5061814ee2e4892b3bf51e6f5484c07a4f5175713fd214774192ebbb9224ee02d6ac2992922e4fb4543a6595ea80a9618d7a112aa2e4ab44a494b593a19deb25e49b32fa46b175abea83f6531c3c74b278ad4665c6e7b7a6f6fa7637072257d13d4bb051be67d61f37c62beec329848d3c5a716a385d3a22cac950ba3327d64b70ab95cc89791f37f4cf480e9ffe3297b7c42282f98f0df3faa971cecdffe549fdbd998cd6f0144180b6479336b4c6c1f52cef17c9b0a10bea8a03659f3b19333e731456cf50f9162254912d82e495c28c763c985dddf7d64d9597516497fb43622971d6b3f04
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (53 mod 64).
+# DIGEST: 230c3353ccbd95e4f0acbbb0073053a0186f833d
+KEY: 12a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f256
+NONCE: 07f00d033fb95fb0
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1
+AD: fc65de39f4f03541a11be1
+CT: de0509be5c03f3a780141456aa62bdda440a9caa1bb485cacf56a26b0706640235cd57e6f0875bd528860b6b6217d01def0eb0fa530448032aa42ee4f853301b85515931cf0829afca22494c87c90cdf76bf520db1e425f7366c45689c520bbd0d3ae022212ccddbcbdacdaacaa2512c5d5c3448fe
+TAG: aacec8473ebff95d9907cf57d2a3f95019bd670dd90cb238b8eebeb05d5d5564f1ab927b37123e53f9a0df3a5897b021fa45ea80d1fa3ac366fde6c533bd14e49f4e979d1901bc611a8599c7dbe9630eff1dd9a6eca68a4b0d76c8a9c4ed7f1a56cf8ee1dce0f171c6c7ebb6399a5bf64c6c82b42b26b7dc27a838fc5924df1dc95b8e7e8199e5381bb3624287880c92e24340a5140ec42bbea9b824568896316c78a1e0f568e430eea0577b798246d2a096962949d62536ce9c27daf62529c10495095c7dcfc4530b8d7c4769810203a7f743ff41629dece1a8315ff5da9656a1894a1a49ea0a7a559761459875792de2dccf7baaeb69697e1bc83e3537149024e09ec4eddd2523cbb3d13d8a042d75f95ee8
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (54 mod 64).
+# DIGEST: 701e141608e71005d32dd1e29cd068aea736c9dd
+KEY: a72933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607
+NONCE: f00d033fb95fb09e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc
+AD: 65de39f4f03541a11be112
+CT: 3e94752703e605b1e18ade7f560525381b41b75c871add14d3190286f19267b75f44135e3c1cac10fd59c29c136b9f105dc503721e831f10bba87ac8ed1844892e1b0e4895a778b7f1be7f5cb76a04358ee28471c1b55f28e571e297d6b6eeb4634fd3c7593dceb363211a890fb44f61279ea663e1de
+TAG: 800badb3dd87e39ca3c17e9f2de759fab456bc6588dd96a440b59651b316be2083c46bdd670ddefeefde4fbb32028cc9210c67cc0435138b8e0148947012bd5815a06b8367f6967bc9ae319b0cfeca8cfc9e3906a12c25f55d279a127f95106bd435d63f6bab294479760bec3cf53202086b9888e2545604b1a2ace8b7840b59e3748c21e6baa48377287afb8e7221bcf0c85908dcde760fd8c289383141901abad9f61f69f38560096accef2d838e3c8277cb7895a323a6e28ff4e81175a2f0661c1b2ababe0ff21e0d03650557dd4e70b2c54c7b73f74e5c4b03f7e2e44fcf0014677c8024272529c2ba028cec909c14e80cd5d9e87ba5aeb73019c84954a1d056cfc59190aed89d741c9351dacc3a698c
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (55 mod 64).
+# DIGEST: 9aaf96b472ea76fd9ff4adf56dab5fe0400d18d6
+KEY: 2933c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f0
+NONCE: 0d033fb95fb09e4d
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65
+AD: de39f4f03541a11be112a7
+CT: 0d7cbbb8753fd2843d599d72bb2c05103eb7deb39a5407b711392fa1a4c45802eadf5fc25a746286ca9aa180134b1ca402e3d5199abbb46374748513bb6746efb19edce3ec5462d1519e8b1c9fc912df4ee7e94bb0b40061090db6ccb9280561f86d52566d7172b23e1571ed1bc2d648e6d5ce5eccc91b
+TAG: e1f9d58d0d0b915727a4c6c978f36a0b45c5bf9aa092bd84a855b09637fde207142d6c6427df3341d96e4e089677d1df815249c623e836eb3d64532e8a6861f06fe0c9a12f9b62b4f249076bc1e72712c6eb5c3386cc13eca38ab8af540e210d3ae3282eb8eaec0396397845d53a44f6ad352fbcea9688039c85c4e16d5ec2d85d5a3e11194258d4d819df6f02a1067155d79348a3e8f6ff0bae991fd012b9b07a7ff34474b4c22af7b4663b9b629919b1819e9fca96b805b5f1ebe11fc955c298e9b1ff91d883dceda10133752db7b72414ca7b38ecbebbe30189c5a2fb29eb84ae42f5162a90c7c45b82a26283cd5dd4051588019c14f946b62f892558439a758fe0e5ad41b929f06565ed4c038fa2eb
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (56 mod 64).
+# DIGEST: ac6871d354eac507556770d8b6bf10b5240273ed
+KEY: 33c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d
+NONCE: 033fb95fb09e4d00
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de
+AD: 39f4f03541a11be112a729
+CT: d93d6d42642cb56dd5a1e3b8d5913ef595a8d71fe4683afab5f8f6e3f1f87d08af1efa5257e2427a9e34041dde5deaaf6f0f808debb26b0f4f32860669879324369aadc41982a2abaea1c1c04146144d028b40be77e4f07ab6d5903f6d88aa7716748c3b158e5b2b387b0116a8a8ab1fa852c210b5cef20d
+TAG: 5ec2d60d0ace1a7de20afd27c436d478a1ab8f00e1ea78278742b1e3c1f44587070c5b3254ae7638322398f2562344e11efdc8ff68bcd5baf89e44189d8e8d5492819c3791e7be2d460b09ef92dbd696edb298b70d9acc8fea33ac85ee339e0c58c8ee78a5721c3fca9b6fc7696654f93fe64780a5b5aa7ad2fe4f4a715a6d09e8e46870056edc41641ec1fd8638308c0dac426cf5555281418179d3347d79cbcfd507bcced4e9ec25e27c191ad4e82f0e3386104ee5517ed7c8950e9a290f9c1705856edfc37786ff076e83d4eabc42299ed776c2a9319a2ecb94d8aea3a7195d354d7fa8b72a22a044f2150e6fcc7d4ac5adb23bf909e79773de782186b55374c2a8e39c3f38a7ac423812ff6cc138
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (57 mod 64).
+# DIGEST: 050258d6ad6bec54f8bc48c7ba2d669d6416c11e
+KEY: c7b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d03
+NONCE: 3fb95fb09e4d00d6
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39
+AD: f4f03541a11be112a72933
+CT: f6c220150aa1ab97883bcf382dbf137dfe3475efdcae422f889e095d386dcd0128a8079e245cc320b8d37bc2441bf1d65677f615d6e1b057537e14d000cad962b0ee4b89fa24a9ee064bcf49eb04bdfc5992f314bb700112c88a8b286d29e9978a0639ede9a54bb3600bc0bd999ee5e06bb34308b079d670c1
+TAG: f432253e6b7f7bcd0d6e57d9f550e90d5438ec1ba7976e324de42bc8134a31d46ba731af045f9c51dfb54357d9b711a7df76ecd0c14c8eb6a4013d1be08f13f3fafd69c9e8070eeaa4f5bc32d99609c9ff031f380ea82426021f14996c8869e2f507536be48809a69ee8406ba74af4278f0a26d11a874d38f2034ee8862a30aa68355bd3eda7ee0b641397528e33b473a36d93dd8b921bcf4b6a3a831af782f56bf1ad1be1d75492a45a83cf0d7795de267e3d6b7ebbc69a852ef64239db4c50f6523a8ada2a6698a1f7e3ee4693d16c2ffa36a19b8b7437242d43ae9196f03d8f1e97ec950648f4ff35922b371be5bdefa5c035a3516f556883195db970d4dd30959a1cf694be1dd0bce2c773dc88
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (58 mod 64).
+# DIGEST: 70060f86c76e53512933c09deb5872eb23efad67
+KEY: b54ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033f
+NONCE: b95fb09e4d00d617
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4
+AD: f03541a11be112a72933c7
+CT: 421320a96a896967e82ce4e44ae903e234918bebe6e20176513c90983efb1eaf6768b44c49ce8f1f34210b7ac7d7874f37ab4f7f67bdeb6b46f1261f661f5dde53617f9cbba64c86e9ae14da95fb7466b06545e233417d0bd3caa448ac63a433140c939e4752410fd073dfde195d11d17861623834b64a3dda55
+TAG: b3d1c7a40a6efa20814d40b4ad3be4475cb1e33d773f28761dc92abb8fa071206c242b1d8708883c7b0dd380f5d850efe9c5c09577581492c123252b65a9c05c9cb474b2572ae77a619171a9c683c5ad919ae5f640382bfde9db318c4bb1ccdad251775472f8a380a6ff2769dbaa7af4134f964c3983d0ed222f2773bd34ea243a97e713efde86ee4cb9b7539ac8a648c61e1f553a74dc23903a9b47e2c2d82b484134c58fbeefc57f2fb0da54b8ef6cce1c8a5b4e878003e3a45ac1215ec30d9d6be6af230dda4ba55f1d2033af5f97f910af7997f4f8af16ccedf12707c00a1559d12845399fa06ec8dcd7f9e43eacdef1a8383e2e8b6b1cf57db924a6f109507033ba2c860ebf2dbdc47d71fe
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (59 mod 64).
+# DIGEST: 58286fe273bf572a76a2725933dd969777c303c1
+KEY: 4ed4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb9
+NONCE: 5fb09e4d00d6172e
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f0
+AD: 3541a11be112a72933c7b5
+CT: d426f1f4e5e9f77c9ce41b9e3078d1138d28428a0c81cace18a5c10c83ec1d9e6ded56404f7cebab2aec5f8c0849246c28c08ecc495202ba4e640117be1489c0c4e8c9b1dfd014e801423c3142c567e06d41378b18741b0e1f73c1663297da3a2391cdae02640328d528b03d536b8ab97d019e8e68fdc59903f98b
+TAG: 5dd4e5ca278c5b63d9fc7046f0e3f30742cbdce371d5dadb24dbe8b4237e7d1fc32ecc160415fe1a9e8654e2c8df0085bb8a8a761614218aa9c5987a6dac2d6bca48f26412173ff1b9687beb988242b622494b7ef8ab70b3922f7cd9b40628a7a6f42a494232bd90ab26862a2e89b49cfea034b26a9763e9f34c463175b6f838a4acaae95cef8af2edab85aeccf7a6c625166751d4219f44ae7112222f53ae89d87ed696c84c73c0001c6f0a377320b675a5a203623359a559ad7774ed9cea77c9ff706bce4f6ea9c837ccfc7c15138c563e019909e68088bbf6fb5344e955bfb99eeac2ab58d1a8581e0788699af2a77c7c7f8cda6141c2b844d9396e75eb810cd2cb014035eea7eae9c54751
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (60 mod 64).
+# DIGEST: ae701e5c8672dfaf728bf0f43f5e5247ea9ac13a
+KEY: d4fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95f
+NONCE: b09e4d00d6172e78
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f035
+AD: 41a11be112a72933c7b54e
+CT: 7349da70e2f5ae86dd50aa94b568004abd84586d29d2ad5bd94f79ad4b63e402212a762ef5ff90e8cdbe1bf152b2162e6ae565e6737ef744a1d67bea09361a92fd29c1eb9eb802dd71279e0269042bf048c791628bba25c15650324ecce12c8a39b31885b915c3417c7612b9549dab0b0db7c99a4767e5add635e0fa
+TAG: 69c6ef3f04b8f79ef911e9636f6b01ce97ca3c71d31d9bb732f01f502102490ed003c7639c631bec7dfe5e69ade48eb82769b3ffd8feb85066849733716784f25a2dad8c2bcd8c1fef23055b090cad74d4794a2346adfe00c64997a940d08954daf7737daf17d71ea4f0eb09069e712ed70aeed0af037aee6fb494115abc548527bc695e2547811cc5e9a5618960994a86e4ce2b55f68eb1b85bdd35675f22911473b9c713b4c4ff3c021fee2d4ed0a305481161fcde8bfb3c69a083e33201d630d1b2c32692f43e3f1abd6d573211314028891fc842a00ba11f87c02d6f0c36b948f2f1519ea8c3d78ac97338f418e50a85d7af21114b099cd42cc09114f48371a6342913dc617253c43780da57ca95ceb5c1dc
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (61 mod 64).
+# DIGEST: 4f498d0aa9205160827626ef80c163275eca1f78
+KEY: fad0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb0
+NONCE: 9e4d00d6172e780a
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541
+AD: a11be112a72933c7b54ed4
+CT: ed719f396a0c720c91486127e58916f010692f6018646fda04b0321e70f3d5736ee3827743f541857fc2bb3c41497f03563540655a7ac43f69e62d876a31ebc3c14e24a432814aa4a448c44ac4b02624494f703bb171f6878236bbdf27be2f9fb651cd855564976b0e875e4ccfb42930422db234008ef6a25723c944f8
+TAG: e17447e2588894570bcd7913bb8141042b7dbccff24195f1e50c8795f7f3a03b1b1ed26b49f8f5cbfb0c2e493790d816fa33530265c256ef4675c2f0c5f1feedf3b384fa0f4419c33c60d840eeaa561745bd4bfbfeaebaf0218ae5f02bef51f5aecef98dd46f2d4c75ded4dac17ecdb0e6c615cd6758ed728f9f8bf3ff601c26091e83310b670f3d21495afe55b440f8aa2ed8a9a717b9f0191b173728443c2635bb4761158cc3d8691540ad7413213e7ba9bfc088ba9271e292e716041a2b6b05505519f4dafa07216204a037059048401ba3c7e7e0187ad0ce4c53b60547daa7623a9d4e61d62c4c8474ce13042f0ded541de3aafedba24fd579f78a328586f254643b6cdd1fa448d41a94f3d918a99559cf
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (62 mod 64).
+# DIGEST: 8c043825b2a3764e8a0cc35a011696fb3ed03c2b
+KEY: d0be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e
+NONCE: 4d00d6172e780ab8
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a1
+AD: 1be112a72933c7b54ed4fa
+CT: d988f45c0ab83dc3674eeefdceeb7eb10b18efa791a39599404ea479d7c84579268013592599cf7f9e099d2283b841199d823529507fe8c30b7a66ed2c3e46e21116bfe53af3dbc978a1b556ee3dc464af5529ed974a8199cf7a4e4674aece3ffb8209d17d72ca7f7d25898d462b1436fe63fb0cce18794defe53dff51e4
+TAG: bec26441d062334a5454cc9f5a4f7c9afc1b333261ef7e731fdea9fbf53b100ef548ec9f17569310252ef812f416c44f70bcf50b0e79ae04030a16647db49c4df74f5b7a48f643d52eea0a3e6300d97aab984fd084f989c14f7a0a014c0bc6938a85dd29c6f71e2670141fe7426e12c06c09d5c86429a763965354a822872a3e08e89be61e6b033ecc514210316affa8fdeed9909d2c4e91810c2ddb9504dd9e17a5f26afab33a089884616c9955cf287f68ae43b8bc1f28e60bc910c117535a1ad845d1151e5e06507ea30d98f36037d8c0c497f3263a0ab503baac0b6d2a944271f4a07c76d51361b80c11a4d83bebaca1ac2920d6467202207e530f3380ad44c329288bed2aed8784e452b16f16d8b00a
+TAG_LEN: 20
+NO_SEAL: 01
+
+# Test with maximal padding (63 mod 64).
+# DIGEST: f3a432271c9be858725fd024071c4f479ca9a971
+KEY: be905d41203f5dce998f8fb2eaad409ae02116417dae0cef457b9e5e16dcc5b6f25607f00d033fb95fb09e4d
+NONCE: 00d6172e780ab8b7
+IN: 936a91d0b5d2c0267218cb7090c6171386d641b87797b684e0fb56f97c3961d8afa22993a340b9b3c589c7481df3f4183aa23fd8d7efd88503f78b8ed1c8e9ba2fd6773e0d0c302a5f47e037446f5891d77df660ed82933f62be8dc55b436965aabe477e0cdd46be99371eb8da7dac997deafd64b1fc65de39f4f03541a11b
+AD: e112a72933c7b54ed4fad0
+CT: 7e8981283025150c549a20da52e5f63f59c885d13777f072714e47c01f15b3ec9125a7253e487f6a368b9c1e92005f4ae90140545c3c92d7be4cfa5e68b49f848f58664a7ea39c11c277f9b69bd0f70336def9668bcaa507d517cb2e390fa003917c4a35f303511a6eb79ca64c8059fa50d9ce9581fd1efd0c48b3bb39e282
+TAG: 17a8e2521babf39bc5896910696c7bb8f9bdd9435020f07a934b4889d7aad15224dd9ddd8b1c0281a54febea957d5e40186e91f41c207d6ee0267f8283adb7e4770930cd3b4f2fd81094fa1f8149e652b36176b72d34abd507af31b3ce8d28d652dd42555fba0b8126ab23649e6a247be5411fa5bdf27fd84427eca7e26babac3e9503f14f328445ec83f50e2ada2b4da59e347460e8513bad65e1762d8e9aaade5db0f7bf44e76334d2e15d6a7354f4478b504f05c4db1af8d33af589cc9e97f14032aa7e9d92101bc37f54e6adaa564111c9179984f286afdee74c90cb3d44ef4409fca335f10fa7642b9d90dc07447525e83a0fda15985ef904cac53e1101ad5043533f3d2c8a656de9b6b81931e286
 TAG_LEN: 20
 NO_SEAL: 01

@@ -100,7 +100,7 @@ type testCase struct {
 type options struct {
 	// extraPadding causes an extra block of padding to be added.
 	extraPadding bool
-	// maximalPadding causes 256 bytes of padding to be added.
+	// maximalPadding causes the maximum allowed amount of padding to be added.
 	maximalPadding bool
 	// wrongPadding causes one of the padding bytes to be wrong.
 	wrongPadding bool
@@ -176,7 +176,7 @@ func makeTestCase(length int, options options) (*testCase, error) {
 	} else {
 		sealed = append(sealed, digest...)
 	}
-	paddingLen := cbc.BlockSize() - (len(sealed) % cbc.BlockSize())
+	paddingLen := cbc.BlockSize() - len(sealed)%cbc.BlockSize()
 	if options.noPadding {
 		if paddingLen != cbc.BlockSize() {
 			return nil, fmt.Errorf("invalid length for noPadding")
@@ -188,10 +188,10 @@ func makeTestCase(length int, options options) (*testCase, error) {
 			if options.extraPadding {
 				paddingLen += cbc.BlockSize()
 			} else {
-				if paddingLen != cbc.BlockSize() {
-					return nil, fmt.Errorf("invalid length for maximalPadding")
+				if 256%cbc.BlockSize() != 0 {
+					panic("256 is not a whole number of blocks")
 				}
-				paddingLen = 256
+				paddingLen = 256 - len(sealed)%cbc.BlockSize()
 			}
 			noSeal = true
 		}
@@ -290,8 +290,16 @@ func main() {
 	fmt.Printf("# Test with no padding.\n")
 	addTestCase(64-hash.Size(), options{noPadding: true})

-	fmt.Printf("# Test with maximal padding.\n")
-	addTestCase(64-hash.Size(), options{maximalPadding: true})
+	// Test with maximal padding at all rotations modulo the hash's block
+	// size. Our smallest hash (SHA-1 at 64-byte blocks) exceeds our largest
+	// block cipher (AES at 16-byte blocks), so this is also covers all
+	// block cipher rotations. This is to ensure full coverage of the
+	// kVarianceBlocks value in the constant-time logic.
+	hashBlockSize := hash.New().BlockSize()
+	for i := 0; i < hashBlockSize; i++ {
+		fmt.Printf("# Test with maximal padding (%d mod %d).\n", i, hashBlockSize)
+		addTestCase(hashBlockSize+i, options{maximalPadding: true})
+	}

 	fmt.Printf("# Test if the unpadded input is too short for a MAC, but not publicly so.\n")
 	addTestCase(0, options{omitMAC: true, maximalPadding: true})
@@ -0,0 +1,416 @@
+# Test vectors generated from libsodium with this code:
+#
+# #include <stdio.h>
+# #include <sodium.h>
+# #include <stdlib.h>
+#
+# void hexdump(const uint8_t *in, size_t in_len) {
+#   for (size_t i = 0; i < in_len; i++) {
+#     printf("%02x", in[i]);
+#   }
+#   printf("\n");
+# }
+#
+# int main() {
+#   uint8_t nonce[24];
+#   uint8_t key[32];
+#   uint8_t m[64], c[64];
+#   uint8_t ad[16], tag[16];
+#
+#   for (size_t ad_len = 0; ad_len < sizeof(ad); ad_len += 4) {
+#     for (size_t m_len = 0; m_len < sizeof(m); m_len += 5) {
+#       randombytes(nonce, sizeof(nonce));
+#       randombytes(key, sizeof(key));
+#       randombytes(m, m_len);
+#       randombytes(ad, ad_len);
+#
+#       unsigned long long tag_len = sizeof(tag);
+#
+#       if (crypto_aead_xchacha20poly1305_ietf_encrypt_detached(
+#               c, tag, &tag_len, m, m_len, ad, ad_len, NULL, nonce, key)) {
+#         abort();
+#       }
+#
+#       printf("KEY: ");
+#       hexdump(key, sizeof(key));
+#       printf("NONCE: ");
+#       hexdump(nonce, sizeof(nonce));
+#       printf("IN: ");
+#       hexdump(m, m_len);
+#       printf("AD: ");
+#       hexdump(ad, ad_len);
+#       printf("CT: ");
+#       hexdump(c, m_len);
+#       printf("TAG: ");
+#       hexdump(tag, sizeof(tag));
+#       printf("\n");
+#     }
+#   }
+#
+#   return 0;
+# }
+
+KEY: 1f4774fbe6324700d62dd6a104e7b3ca7160cfd958413f2afdb96695475f007e
+NONCE: 029174e5102710975a8a4a936075eb3e0f470d436884d250
+IN:
+AD:
+CT:
+TAG: f55cf0949af356f977479f1f187d7291
+
+KEY: eb27969c7abf9aff79348e1e77f1fcba7508ceb29a7471961b017aef9ceaf1c2
+NONCE: 990009311eab3459c1bee84b5b860bb5bdf93c7bec8767e2
+IN: e7ec3d4b9f
+AD:
+CT: 66bd484861
+TAG: 07e31b4dd0f51f0819a0641c86380f32
+
+KEY: 4b6d89dbd7d019c0e1683d4c2a497305c778e2089ddb0f383f2c7fa2a5a52153
+NONCE: 97525eb02a8d347fcf38c81b1be5c3ba59406241cf251ba6
+IN: 074db54ef9fbc680b41a
+AD:
+CT: 1221898afd6f516f770f
+TAG: 75e7182e7d715f5a32ee6733fd324539
+
+KEY: 766997b1dc6c3c73b1f50e8c28c0fcb90f206258e685aff320f2d4884506c8f4
+NONCE: 30e7a9454892ef304776b6dc3d2c2f767ed97041b331c173
+IN: b8250c93ac6cf28902137b4522cc67
+AD:
+CT: e2a13eeff8831a35d9336cb3b5c5d9
+TAG: 62fdf67735cad0172f9b88603b5f3c13
+
+KEY: 6585031b5649fcabd9d4971d4ac5646fc7dca22f991dfa7dac39647001004e20
+NONCE: 705ee25d03fec430e24c9c6ccaa633f5b86dd43682778278
+IN: 9a4ca0633886a742e0241f132e8f90794c34dfd4
+AD:
+CT: 0a8e6fd4cd1640be77c4c87dde4ae6222c887ed7
+TAG: edc4fbc91dfa07021e74ae0d9d1c98dc
+
+KEY: dfc6f7c86a10a319ebcb6362997e585f55b67f3434f47dc4039c2d67973e3077
+NONCE: 6097f30fd75229d928454c7d59a2d2c58bfddcb14c16438e
+IN: 74c946a7f0733377e852a23087506a28dccef86e101a4359c0
+AD:
+CT: 6e8ea0bb4c2f1323841d8e236816c61c3295866b75cefb5c25
+TAG: f16c0e9487ca7de5e7cb2a1b8bb370fc
+
+KEY: 59b8d488773767c4804d918709cfec6c69a193371145bb94f183899851aaadac
+NONCE: ad5bdf8f190ca2d2cc02a75bb62aa22274cb3c98fe2d25f2
+IN: 066b9ed10f16d3dc132b409aae02d8cac209dd9b4fb789c4d34725ab2a1f
+AD:
+CT: 2bbd4542489006df66ad1462a932524642b139ddcbf86b6b480e9e6d976c
+TAG: ca4835419ba029bc57010a8cc8bca80c
+
+KEY: 8c0cb4633cf8dc6b4b9552d1035f85517cb1ba4c36bcbc43338a8c6c7d15ce20
+NONCE: 8418b9655a0376fadefa3cdf8805815c4f7b56f467a74a95
+IN: 50c205a9c5d4088ba8e59a96fcd837f5170669854547678288199f1078ff2a81f0b19a
+AD:
+CT: 8b55a12df1a85dd3fb19c34ab047a85849d15a30225bb5360bad1f0a8f5f2bd49f5898
+TAG: bce13201df6e4a7e6d896262e45d969d
+
+KEY: b45386a75a5772e34bd193e1946f69ebfb90c37ae4581d39c9669d75e4584f50
+NONCE: 9fb763d0926585b5f726af9b8e3babdb331e9aa97f8d99ed
+IN: 64df0e341145d9e4a0d090153591a74893bc36cb9dae1e9570d8fee62e907cf004f9d8a360343483
+AD:
+CT: 3146d8a5c898edd832ec9d126e93b3a433ec97dc47dce0e1985bda88c88c6aeca46fc7d9a68e30ab
+TAG: 44fdb0d69abd8068442cb2ea6df8b2f2
+
+KEY: f2efbd358dd353639a162be39a957d27c0175d5ab72aeba4a266aeda434e4a58
+NONCE: 65a6f7ebe48de78beb183b518589a0afacf71b40a949fa59
+IN: f7473947996e6682a3b9c720f03cfaf26bbcdaf76c83342d2ad922435e227a5d1eacbd9bd6ea1727ec19fb0e42
+AD:
+CT: 778a0fb701b9d671ccfaf1454e8928158ede9bb4395119356a8133036840c1bcbb8fe5e19922fbbcf8b18596e7
+TAG: 9d195a89fdd29ca271405d3330f996f9
+
+KEY: 9dd674fb4a30a7bb85fc78050479ab0e2c3cc9f9f5b8689a7a67413aca304b21
+NONCE: ad9e8fe15940694725f232e88f79cda7c82fe1b8aae58ba4
+IN: 7272bb6609cbd1399a0b89f6ea255165f99330aeb170ac88fccdd8e226df0952407e35718fb5edc9e987faabb271cc69f7e7
+AD:
+CT: 846901650cb38974463a18c367676e1579ebdaf3e96b57224e842f5d5f678f3270b9a15f01241795662befb3db0768800e25
+TAG: 900004db3613acbeb33d65d74dd437d7
+
+KEY: 280cbe7380a0d8bb4d8dd4476012f2eeb388a37b8b71067969abb99f6a888007
+NONCE: 2e1854617c67002599e6b077a812c326deb22fe29d093cbb
+IN: d0901ec3d31ece2832685ff577f383bdff26c31341ea254acee7c5929a5df74fea2aa964524dc680b2f55fbd4fea900e956c304cc4ac3c
+AD:
+CT: 546370726cc63068d3520d67f4f57f65d03b9ecec21c2a8c7b1133089ad28b07025a7181bddeb4a49f514fac1a44f64ee3af33d778fb98
+TAG: 39084e33e42a1b05f58da65ba487d138
+
+KEY: 887564f75afa78f595cdadcea7340d20f5c5a2df169d0ad14b15fe32ce337004
+NONCE: 54c11df13d1f444da80b0964caeb59474b17b23a650a33f5
+IN: f0f008eece79ecb24b715dff8a3456dfe253924b99f98f2f1b18564cced50925fca860d1c2d4785bdf4a964c76c3079efa6b37c4ba2cacc534fb590c
+AD:
+CT: 32bb077268568d569b39e8ccdeeeb447ef424eaa2ffab565209a19b16a25952f897e5405bb0d67d8c9005d1c0b32687164d17fa4d0f412b80414c025
+TAG: 0bac7c0f8dce12917fbd4ed1738ac0cc
+
+KEY: 21c6aa88eb1a320d251f71a4b312ca75347040990d869a1dd2a1982c30fda2c7
+NONCE: 7dead2f1a3d9d45a9124a40efe8994300976991a4417ef4d
+IN:
+AD: e1bf7de4
+CT:
+TAG: 341e9d0687006f981bced2f985f953e6
+
+KEY: 0c97b9a65ffcd80b8f7c20c3904d0d6dd8809a7f97d7f46d39a12c198a85da5d
+NONCE: 1f2c1dbc5f52fc9c8f9ca7695515d01d15904b86f703fba3
+IN: ecaf65b66d
+AD: bd8a6f18
+CT: 8d1b2b0e38
+TAG: 27a7c7ac8bda627085414f0f31206a07
+
+KEY: 4ab5e3595f39c4379a924e5f8ebcf3279075c08d18daff01d9ddfa40e03faf12
+NONCE: 94e6ddc294f5f1531924ec018823343ebcc220a88ea5ee33
+IN: c91b73abe5316c3effc6
+AD: c576f6ea
+CT: abe960fbc64b339c53b1
+TAG: 7ebae48a2ff10117069324f04619ad6f
+
+KEY: a1e6146c71c2ea22300e9063455f621e15bd5bf1a3762e17f845e1aba5dd5a9c
+NONCE: 82ddb6929abff8a9ad03dfb86c0bb3e7c092d45ebfa60a1b
+IN: f011f32ccc2955158c117f53cf7b12
+AD: 5d14bc05
+CT: 44592321c665f51e9ffea052df1fea
+TAG: d556798b97f9b647729801419424affc
+
+KEY: 7a1af30362c27fd55b8c24b7fca324d350decee1d1f8fae56b66253a9dd127dd
+NONCE: 61201d6247992002e24e1a893180d4f0c19a3ae4cc74bf0c
+IN: 5c7150b6a4daa362e62f82f676fdc4c4b558df64
+AD: 00c49210
+CT: 27d9e2730b6809c08efbd4b0d24639c7b67486f3
+TAG: 5889fdee25379960038778e36b2cedb2
+
+KEY: 0b3fd9073e545ac44a7967263ead139c9547f7a54f06228fd3c8609fa2620784
+NONCE: 6450e1097d6f9ea76eb42e8e65972d501041c3a58baf8770
+IN: d679ae442b0351e5bff9906b099d45aab4f6aea5306a7a794f
+AD: 318d292b
+CT: a3f9ee45316d7b0f948a26145ee4fd0552bc6dc25e577e777a
+TAG: 0068a401a194b8417ec0e198baa81830
+
+KEY: 047c7d378fe80c02ee48df6f679a859253aed534fdcdd87023eb3d2f93fcafe3
+NONCE: ed240b0ff6f8ac585b3ea1ab2dab8080fc2f6401b010c5d0
+IN: 7288afb4e0fa5c58602090a75c10d84b5f5f1c0e03498519afe457251aa7
+AD: e4310302
+CT: 87906b14ca3e32ab01523b31ae0bb74590ce9e1df0811e743a2c7a93415a
+TAG: 3a0abeab93792b1ffe768d316da74741
+
+KEY: 1ad4e42acc5dfd07eb0a2456e9103cd0e150a36c667eb2f2b73c0d1ac1089ce3
+NONCE: 48efb52387284c5d38b4940c75f0c39a3f81f60bfebb48cb
+IN: da7edb5b3193b4484f09efa85fcf85600968ecdc537d3829a469c866ee67b0df677866
+AD: 446be8e3
+CT: b76457ca99e95b6539b12f1d6bdac55a6d5c6469b1ff274459363ec05241f7e6e5d3ce
+TAG: 06880ee508ce929da5a81f8b9de0031c
+
+KEY: 702a554c1b703d4dd69ad51234293ab787a01e15bdb3ce88bf89e18c01a67164
+NONCE: ea535d9c371241b9850b8b4a596b63db79eea60bd2cd9fbb
+IN: a97156e9b39d05c00b811552d22088d7ee090a117a7f08adac574820d592021f16207720d49fb5fd
+AD: ba5790e3
+CT: 8d0b2b04479c33287096f0c6276a73f6c037edc1a2b28f8d3b2b8e6d4c5f9dc5113309dd3ecb15e6
+TAG: 3cf303305e12924d29c223976699fb73
+
+KEY: 1bb7303fefa4d8d344bb9a215901b2314324bf1f3aeb9df5d1c1532c3a55ebf1
+NONCE: a304551e5f0dc98995ddfee6215a9995023a3696debfd302
+IN: 6cf6819ce3e7ed9d4f85f4a5699701dbcaf3161adc210c0b7825ddfd83d6d7c685db62f68b3801ccc8a786066d
+AD: 901c5feb
+CT: bc5ef09c111f76e54f897e6fce4aee1d25b6ed934f641ed5262d0c5eed45f610a6aea3b58b7771e34256d43a16
+TAG: b83f73f7995ba1b243dbf48ddfeb8e3a
+
+KEY: 24b294f6cbac10d87158d1c6aca83b337d596132afac7633f69a3b3e58823f11
+NONCE: 805772ff619cc6fcc5ec0e9965435d6f74a2290c055ec754
+IN: 65e8581286868caabcec1a9814db00b805edc660b94ee3babc6ce19a3ca868bd322105484d59b4ce02ced4071bc16642a1f2
+AD: 7ae1c561
+CT: fe1d463b1466e8e411f0b0700f90760472ee5141f3e5afef43fd729f1623dca75cd4d00576765b335f8b2b77b00527599cb3
+TAG: 111d8540fd5ec04b9ba16ed810133026
+
+KEY: 38e63e8b6402ac3f6d1641a1e3b74d2074be0fe41129975a3ff62b74ca52af05
+NONCE: 228d671b036710cbdaa72e9bf1d9ed6982b0bb3428a69fd6
+IN: 20a8d18878924d09aac32853c10e73dbd741134b7050ae6999839f2dbc727cb0052b5497c4bbd2a89e716278f15c81b871953614a49693
+AD: e9e6ac73
+CT: 80e0fe8eb26e5df229c6d939c944d440a37aa3cabf76eab5b9a420095513021ea4241ab367f6f44a20817b14631549ae6c96aa963970e1
+TAG: 1e80fbafcc7168e0494fce4cd76d692c
+
+KEY: 4325dd8406fdb8431a81f1b5db3603995256de36121019724cca2190c87a6e83
+NONCE: dcbf3077b36d5d678d668fd2d0c99284c780b55c4658ea75
+IN: 4f599ad04f79be9add10fdc649b8be53e1062ea5e9c2bed22265dc6fb30d5ab4fd4425b38ff14d8e68013405bec1eff8c9ef3069902e492aac73dcd9
+AD: 6fa0d757
+CT: 7decbdc7043495c59ecc64e720436bb0708b586a46f8745f74391477f5a2520905dfcebc3765a330999013d309dfaa997bf70bab6a0b8f4f2a2a3cdf
+TAG: 051ec4ecce208d9be0cd17f434e13be3
+
+KEY: 2d3d9ed4bc9eb9668733bafbb73e88be2cd17021c3a23be69b981d9f0df71df1
+NONCE: 84cae69639240c82b58895997511f145e474ebe1b008f391
+IN:
+AD: 64db597c26a4c3da
+CT:
+TAG: 2a22c4a962d46a719014ab7b0ffaf6d3
+
+KEY: 09ec4e79a02db53b19b54dd2d3592afc92c74ef57d1e0f51f3726a6631b1b73f
+NONCE: 2907ced16e0777fedb1e2de30df11b3fd712af41dd714a4b
+IN: b6e50cd4ea
+AD: b5488e9b7f339b7b
+CT: 0163e75330
+TAG: e29401c6d756adcc516580ae656852aa
+
+KEY: 9d5ac25a417b8a57b85332979e8a7cbad23617bb27772bbccc2acb0acae7b755
+NONCE: ff152421688dd6af7fef87817b508493a32d97a06fbda4f3
+IN: 92f4b9bc809be77e6a0d
+AD: 892b793f7a6e0727
+CT: bcc594f59de8ee8c22c6
+TAG: 1a8275816c0d32a1b6cfd41fa3889558
+
+KEY: eccf80c5f744d2ecc932f95ade0d9fe9327e19795023db1846d68d04720a2401
+NONCE: abc050fad8876589633b222d6a0f2e0bf709f73610aa23ee
+IN: 45a380e438405314510c166bac6840
+AD: c32c9a1ce6852046
+CT: 9fa452dc9ca04c16ff7bde9925e246
+TAG: 3d5e826162fa78de3fc043af26044a08
+
+KEY: b1912d6bc3cff47f0c3beccff85d7cd915b70ab88d0d3a8a59e994e1b0da8ac8
+NONCE: d8756090a42eea14ff25be890e66bfe4949fad498776ea20
+IN: e2f85df2ebcfa6045bd521abfe8af37fc88a0be1
+AD: 4576bb59b78032c8
+CT: 5eb6324aa48e0a4f72f5cb0a4917faf93af4209c
+TAG: 774f8077f039588495045fee07950e14
+
+KEY: 85162b111c9f3163f57c2cbc311a1e9aeed9dd6136b5784bc9c0b5052f8bffbd
+NONCE: 23cdb8b546bb8a5a746b24446f0ab4199f0543d915ff51f1
+IN: dc81000077d5743beef09ac91663885d984212bbccf3dbe6f3
+AD: 3084f3e9c4d0a15f
+CT: 692d17ae0b524ec6edc0cf49b69ac90c99bed44691f7ae63b7
+TAG: efe72ff84b3bccb4d83a27ddc574bc21
+
+KEY: b05ca358d8ca79f51283d83e2673bfb741c379ba271a773b8dd9c6a108e758d3
+NONCE: 9a53ad79f535c6e9da011463063c896f2ec7645e6e3548fc
+IN: 44e793742c774020e7349c996418042dc0dc30ee2bfd2654008c8929a436
+AD: 71ab5948c5e0f4c6
+CT: c5eddb7aeaa175b5f3dab68cf746f2acaf56fc62b29804629e25e2d63879
+TAG: bec3b7a8b8dad22ff3d14d26273294d2
+
+KEY: abb5136a01354c765a96e832df58bec3b088bd19dc4d6bd6674f2f02007ebdaa
+NONCE: 71267ac9f4fe5caa1d52cd85948a170a778f0141d54dbffe
+IN: afb526fe41c4e2a767ce77c4145b9d054268f5f3b279237dec97f8bc46f9d158868b86
+AD: 047baa2b04748b62
+CT: 0032d4c1e65da2266539464c5d3c2b1618454a6af0e7f1e3cfc87845c75f2f4ae8b03f
+TAG: b526a95a33f17ab61f2cdfc1e2dd486a
+
+KEY: bb826ed38008a0d7fb34c0c1a1a1149d2cad16b691d5129cc83f5eff2b3e5748
+NONCE: 4e02fe0915d81e9d5a62e5b3551b9db882e3873c0aaa230d
+IN: 20270d291a8d9791b0f5e35a64387bb4237bad61169841d7e1667c994ad49869c7d5580ffa752a2d
+AD: db852a275081e29b
+CT: d740012efb7e1bb986ce2c535134a45f658b92163c109bdecf1ce5b836879fe9e006a56be1fac8d7
+TAG: 21e931042e7df80695262198a06286c9
+
+KEY: 938d2c59f6f3e2e7316726537932372e05e8c1b5577aae0ee870bf712ff001ab
+NONCE: fb4d71cf7eb2f70df9759a64c76a36b75203f88bf64f4edb
+IN: 8910415d674a93c54c8f5e4aa88e59648d9a0a5039a66837d58ab14f0665a5f6d9af9b839f9033d0fe8bc58f19
+AD: a3fca278a63bf944
+CT: 1905c6987a702980b7f87f1ed2d3ae073abe1401b23434f3db43b5c37c979c2068ce9a92afedcdc218003848ea
+TAG: 1bd712f64777381f68be5ccc73f364a3
+
+KEY: dd0521842f498d23236692a22db0eb2f0f14fef57577e5fb194503e206b0973d
+NONCE: 519e0eee8f86c75c7a364e0905a5d10d82073e11b91083a5
+IN: 61ff13acb99c5a7fd1921ec787c8de23c1a712ff002b08cecc644a78c47341eab78e7680380c93c7d53d5e56ef050d6ff192
+AD: bb5c4e5ae8f7e461
+CT: 9bfdb0fd195fa5d37da3416b3b1e8f67bd2a456eb0317c02aabf9aac9d833a19bda299e6388e7b7119be235761477a34d49e
+TAG: 0f0c03b8423583cb8305a74f622fa1f9
+
+KEY: 189bd84be3fb02723539b29cf76d41507c8b85b7217777ee1fb8f84a24aa7fee
+NONCE: ef1bf39f22ba2edf86853505c24fafdf62c1a067963c63ba
+IN: d5f96e240b5dd77b9fb2bf11c154fcbff312a791c3eb0717684e4fd84bf943e788050b47e76c427f42f3e5344b2636091603ba3b1d7a91
+AD: 93368a8e0900c7b6
+CT: c55a8b7f587bee4f97514582c5115582abffd6312914d76c2568be6836f62ba098789ed897c9a7508a5dc214bf8c218664f29941ccdfd6
+TAG: 78f87352dcb1143038c95dc6e7352cfd
+
+KEY: 23a2dbfcd02d265805169fa86e6927c7d49c9a24d2707884e18955e32dafc542
+NONCE: 305c7851f46f23ea8d832d5ed09d266714fd14f82ba0f69c
+IN: 224de94a938d49cad46144e657e548bd86690a1b57b81558095eace59df1c552600dea389aaa609304fbc1eadf2241f2118c8bdf04522e1898efe1d4
+AD: 0075b20502bd29b2
+CT: 8e10c59369bbb0d72958100b05788498f59588795e075b8bce21d92d320206348b04010ced9b8cd3d651e825488915ce4a6e4f1af2f4d2f77b955376
+TAG: c39f0595ae8112dea6ef96df1c12458b
+
+KEY: 264e3c3f47bdf795cdde57d9a30be5a4da8b18463c0e3e05df28b7bf4e56410b
+NONCE: 3ee09b6e205c261bf48ac53a9ba0afa460a5d5c0f2d80be8
+IN:
+AD: 8eeec09d8972cb8ab0069554
+CT:
+TAG: 245a034d84edab9fa6f0decb6b984766
+
+KEY: d8ba98a272b5f91797b04b114311c3b92b7f2e3bb72edb7f78ed311b9f8ea2ad
+NONCE: 481de9a06eee76a501e3c2b9d7423d90596193ad9d8a6564
+IN: 9ee1a3134d
+AD: 928653701f6d6c8429b08c0d
+CT: 459a07898f
+TAG: 9188ec8d8e3bd91dcfda48fcc76773f7
+
+KEY: ac9afd627a745df682bb003517056f07876eb94d2f8c610c61b6ac0d34ec4ec0
+NONCE: eaae7b8704530db1e8c3dcc968a00604a333c7c27ba51b16
+IN: f7c3f6ee2e9c03394dc8
+AD: 796620b367d5f041821baf69
+CT: d4a69005790cc91d8d34
+TAG: e4c83def113afcf83a1ea8cb204a0eae
+
+KEY: ea1a07c1fd60a5421f1fb6c43b4318090e290c97aa3bfa037e6fc5ee00fd47d4
+NONCE: 37327805cce92b38a669affbca1de92e068727fcf6fbb09a
+IN: 7002ca765b91913ee719e7521ef5ac
+AD: 64e7c48fc3041eac0734737f
+CT: 9d8857a8c52a9ab3bf44b024b191b6
+TAG: d072c31714a7d0fe1596fd443a96e715
+
+KEY: b3beb34fe0229fc8f49b354e941025bde6a788f25017a60e8a49591ed5d7e7da
+NONCE: dd0e9fec76de1f6efb022b12164f7e9248b8e8c01d14ac02
+IN: acf360d7529a42be1f132f74745a940da9e823f2
+AD: 1489ca8d852f0a8547dbe8bc
+CT: 2e8718372d6e8167213cf112dc41c80377244f5a
+TAG: e4f31e8f84b9356999dc60989009e698
+
+KEY: 9357cecd10bab8d2e42ed88c0386204827c3b76e9e51150d09fd4e3b4e0e1e6f
+NONCE: 81f2106a5379e0ed861cf76b3cf95afb17515478b5cbcae9
+IN: ee51a0f25d091288b5e2b91ad11d491329e48b35a18a3a8685
+AD: b80cb677f4b409cd1537363b
+CT: f681f19fa8de1fdea3538001a46f30fa6333b76d6439337e68
+TAG: afad5e6d282d9df6d8119c32237b3e60
+
+KEY: 9f868600fbf81e40398b7dfb201fcae35d34bba10908860b0b2bf8b942b4e8fa
+NONCE: 2ddcc13c97185614095d437900b8c0a9170e0a4a50e46ba5
+IN: 133fa3ac176fee6df67472752e41c6834f13300c0064ff5b190f903b7ac7
+AD: 0d61321fbee8bb1f3f5cb454
+CT: b93abb311ec0bf018dc300c7d511b42ade72780373186e231820b44f22f0
+TAG: f8bd2f649a337783ff911e37966037bd
+
+KEY: 05affcdfce0a28539924370db8d80a78b835254778ec41acbff52bfab092fa33
+NONCE: 3edaeb185f7273b1a7cccba54f84c5f7d6583433b49d3694
+IN: 7657581faad266cc1037962a380c8aa5306f88000427d0a05397696b503790ad2643c6
+AD: d7c213e9e6f4a40f3e5b662c
+CT: 5eb19080aadc89f2329da4f5c41dc60568651c424c1b05d827f2bfb8dbff42c5a08224
+TAG: 2da20087b5674f0b967d1baa664bbd82
+
+KEY: 645ed60ec74ddfe1f02694792db4436c262d20405d8645cd9755d64876219799
+NONCE: d83665b44c1fdf567299f2b8501e9c0e7ae2dda0bb8f2c82
+IN: ceee69d32ad4667a00909964d9611bf34fd98be41ad7f0feaaaff8169060d64cf310c13bcb9394cf
+AD: 57379f8f44191ec9cf3b1a07
+CT: 4496a0666f0f895ebce224b448a04502f2ae7b354d868b7c54295bf051162e82c530c767d1ffd2cc
+TAG: 1ffc56da4fb961ffdfabe66d82ec8f29
+
+KEY: 06624c9a75bb7dbe224a3f23791281f53c40b407a14161a3f82f34924623dc02
+NONCE: e647b8b4739bf542a81d72d695e1cd6ba348fa593987ac47
+IN: 2658763f8d70e8c3303582d66ba3d736ce9d407e9507f6c6627e382d0144da157d73d0aee10ef034083cdd9013
+AD: 75536443a6c2189a57d553bb
+CT: 305cab5c2f9a6edccac307d6965febe3c86f2a1e31ac8c74e88924a10c2a29106bce980c803b7886985bba8ec5
+TAG: 8c12bb58c84175b9f601b704d0f8a25c
+
+KEY: 63aeb46083100bbcc430f4f09bcc34410df9cfd5883d629e4af8645ffabb89c2
+NONCE: b09830874dc549195a5d6da93b9dcc12aa1ec8af201c96bd
+IN: 1b3c9050e0a062f5a5cff7bec8706864cf8648142ec5cb1f9867ace384e9b2bba33aab8dc83e83b2d2fac70cd5189f2b5ab5
+AD: 7dcc05b0940198bd5c68cdf1
+CT: d8b22e5d381de08a50b163c00dbbca6c07d61c80199cebd52234c7bd4f7ed0a90d47ef05617cdb8e3f782875ae629c0f0ad6
+TAG: 194077f0e6d415bf7307d171e8484a9c
+
+KEY: 4826c1bf8b48088fece4008922173c500ff45790f945b1027f36110da4fecc92
+NONCE: 3a78fc7397944d762303b0a75974ac92a60e250bf112600a
+IN: d26e3a2b92120ff8056bb992660cc8a2364792589c16a518b8d232b8184aed05ba8d4fd0b2ad2b928cd873e11905a21ffece5f1e63c974
+AD: 904d2cd3e50f7bfb9352f142
+CT: 21f4cf679662fad36f57945fc0c0753c3791261eb58d643278dfe1f14bfb585c5a01370ba96f18dc3f6b6945a2c6997330b24f12f5219a
+TAG: 95397c54428f9d069c511b5c82e0151c
+
+KEY: ec526c03d8a08e8a63751112428a76399c399e8b83d98c9247c73164805ac8fe
+NONCE: 2cc1a6ae89c2a091415fa2964b44a0e5da629d40d77b77f1
+IN: 567377f5b6df5442e70bc9a31bc450bd4febfcf89d7ca611353c7e612d8b7e36e859f6365ec7e5e99e9e0e882532666dd7203d06f6e25439ed871237
+AD: 35575b56716868b66cd21e24
+CT: 6b738274fe974438f1f5fca8ef1ee7df664f1e72bc54ccd3fb58c4a3df67ef9a73261df41ffe9c52aeafc8be4f6524baf9efb1558d4a57defec7bee3
+TAG: 92599d4b14a795e8c375ec2a8960b4dc
+
@@ -133,6 +133,7 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, size_t md_size, const uint8_t *in,
  assert(orig_len >= in_len);
  assert(in_len >= md_size);
  assert(md_size <= EVP_MAX_MD_SIZE);
+  assert(md_size > 0);

  // scan_start contains the number of bytes that we can ignore because
  // the MAC's position can only vary by 255 bytes.
@@ -329,9 +330,18 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
  // padding value.
  //
  // TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
-  // required to be minimal. Therefore we say that the final six blocks
-  // can vary based on the padding.
-  static const size_t kVarianceBlocks = 6;
+  // required to be minimal. Therefore we say that the final |kVarianceBlocks|
+  // blocks can vary based on the padding and on the hash used. This value
+  // must be derived from public information.
+  const size_t kVarianceBlocks =
+     ( 255 + 1 + // maximum padding bytes + padding length
+       md_size + // length of hash's output
+       md_block_size - 1 // ceiling
+     ) / md_block_size
+     + 1; // the 0x80 marker and the encoded message length could or not
+          // require an extra block; since the exact value depends on the
+          // message length; thus, one extra block is always added to run
+          // in constant time.

  // From now on we're dealing with the MAC, which conceptually has 13
  // bytes of `header' before the start of the data.
@@ -1,9 +0,0 @@
-include_directories(../../include)
-
-add_library(
-  cmac
-
-  OBJECT
-
-  cmac.c
-)
@@ -148,7 +148,7 @@ TEST(CMACTest, Wycheproof) {
        // Some test vectors intentionally give the wrong key size. Our API
        // requires the caller pick the sized CBC primitive, so these tests
        // aren't useful for us.
-        EXPECT_EQ(WycheproofResult::kInvalid, result);
+        EXPECT_FALSE(result.IsValid());
        return;
    }

@@ -164,7 +164,7 @@ TEST(CMACTest, Wycheproof) {
    // Truncate the tag, if requested.
    out_len = std::min(out_len, tag_len);

-    if (result == WycheproofResult::kValid) {
+    if (result.IsValid()) {
      EXPECT_EQ(Bytes(tag), Bytes(out, out_len));

      // Test the streaming API as well.
@@ -1,9 +0,0 @@
-include_directories(../../include)
-
-add_library(
-  conf
-
-  OBJECT
-
-  conf.c
-)
@@ -62,6 +62,7 @@
 #include <openssl/bio.h>
 #include <openssl/buf.h>
 #include <openssl/err.h>
+#include <openssl/lhash.h>
 #include <openssl/mem.h>

 #include "conf_def.h"
@@ -69,6 +70,12 @@
 #include "../internal.h"


+DEFINE_LHASH_OF(CONF_VALUE)
+
+struct conf_st {
+  LHASH_OF(CONF_VALUE) *data;
+};
+
 // The maximum length we can grow a value to after variable expansion. 64k
 // should be more than enough for all reasonable uses.
 #define MAX_CONF_VALUE_LENGTH 65536
@@ -153,3 +153,19 @@ TEST(ConstantTimeTest, MemCmp) {
    }
  }
 }
+
+TEST(ConstantTimeTest, ValueBarrier) {
+  for (int i = 0; i < 10; i++) {
+    crypto_word_t word;
+    RAND_bytes(reinterpret_cast<uint8_t *>(&word), sizeof(word));
+    EXPECT_EQ(word, value_barrier_w(word));
+
+    uint32_t u32;
+    RAND_bytes(reinterpret_cast<uint8_t *>(&u32), sizeof(u32));
+    EXPECT_EQ(u32, value_barrier_u32(u32));
+
+    uint64_t u64;
+    RAND_bytes(reinterpret_cast<uint8_t *>(&u64), sizeof(u64));
+    EXPECT_EQ(u64, value_barrier_u64(u64));
+  }
+}
@@ -15,32 +15,19 @@
 #include <openssl/cpu.h>

 #if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP)
-
 #include <errno.h>
 #include <fcntl.h>
-#include <string.h>
 #include <sys/types.h>
 #include <unistd.h>

 #include <openssl/arm_arch.h>
-#include <openssl/buf.h>
 #include <openssl/mem.h>

-#include "internal.h"
-
+#include "cpu-arm-linux.h"

 #define AT_HWCAP 16
 #define AT_HWCAP2 26

-#define HWCAP_NEON (1 << 12)
-
-// See /usr/include/asm/hwcap.h on an ARM installation for the source of
-// these values.
-#define HWCAP2_AES (1 << 0)
-#define HWCAP2_PMULL (1 << 1)
-#define HWCAP2_SHA1 (1 << 2)
-#define HWCAP2_SHA2 (1 << 3)
-
 // |getauxval| is not available on Android until API level 20. Link it as a weak
 // symbol and use other methods as fallback.
 unsigned long getauxval(unsigned long type) __attribute__((weak));
@@ -154,148 +141,18 @@ static unsigned long getauxval_proc(unsigned long type) {
  return 0;
 }

-typedef struct {
-  const char *data;
-  size_t len;
-} STRING_PIECE;
-
-static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
-  size_t b_len = strlen(b);
-  return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
-}
-
-// STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
-// sets |*out_left| and |*out_right| to |in| split before and after it. It
-// returns one if |sep| was found and zero otherwise.
-static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
-                              const STRING_PIECE *in, char sep) {
-  const char *p = OPENSSL_memchr(in->data, sep, in->len);
-  if (p == NULL) {
-    return 0;
-  }
-  // |out_left| or |out_right| may alias |in|, so make a copy.
-  STRING_PIECE in_copy = *in;
-  out_left->data = in_copy.data;
-  out_left->len = p - in_copy.data;
-  out_right->data = in_copy.data + out_left->len + 1;
-  out_right->len = in_copy.len - out_left->len - 1;
-  return 1;
-}
-
-// STRING_PIECE_trim removes leading and trailing whitespace from |s|.
-static void STRING_PIECE_trim(STRING_PIECE *s) {
-  while (s->len != 0 && (s->data[0] == ' ' || s->data[0] == '\t')) {
-    s->data++;
-    s->len--;
-  }
-  while (s->len != 0 &&
-         (s->data[s->len - 1] == ' ' || s->data[s->len - 1] == '\t')) {
-    s->len--;
-  }
-}
-
-// extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from
-// |in|.  If found, it sets |*out| to the value and returns one. Otherwise, it
-// returns zero.
-static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in,
-                                 const char *field) {
-  // Process |in| one line at a time.
-  STRING_PIECE remaining = *in, line;
-  while (STRING_PIECE_split(&line, &remaining, &remaining, '\n')) {
-    STRING_PIECE key, value;
-    if (!STRING_PIECE_split(&key, &value, &line, ':')) {
-      continue;
-    }
-    STRING_PIECE_trim(&key);
-    if (STRING_PIECE_equals(&key, field)) {
-      STRING_PIECE_trim(&value);
-      *out = value;
-      return 1;
-    }
-  }
-
-  return 0;
-}
-
-static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field,
-                                const char *value) {
-  STRING_PIECE extracted;
-  return extract_cpuinfo_field(&extracted, cpuinfo, field) &&
-         STRING_PIECE_equals(&extracted, value);
-}
-
-// has_list_item treats |list| as a space-separated list of items and returns
-// one if |item| is contained in |list| and zero otherwise.
-static int has_list_item(const STRING_PIECE *list, const char *item) {
-  STRING_PIECE remaining = *list, feature;
-  while (STRING_PIECE_split(&feature, &remaining, &remaining, ' ')) {
-    if (STRING_PIECE_equals(&feature, item)) {
-      return 1;
-    }
-  }
-  return 0;
-}
-
-static unsigned long get_hwcap_cpuinfo(const STRING_PIECE *cpuinfo) {
-  if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) {
-    // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
-    // available on ARMv8. Linux omits required features, so reading the
-    // "Features" line does not work. (For simplicity, use strict equality. We
-    // assume everything running on future ARM architectures will have a
-    // working |getauxval|.)
-    return HWCAP_NEON;
-  }
-
-  STRING_PIECE features;
-  if (extract_cpuinfo_field(&features, cpuinfo, "Features") &&
-      has_list_item(&features, "neon")) {
-    return HWCAP_NEON;
-  }
-  return 0;
-}
-
-static unsigned long get_hwcap2_cpuinfo(const STRING_PIECE *cpuinfo) {
-  STRING_PIECE features;
-  if (!extract_cpuinfo_field(&features, cpuinfo, "Features")) {
-    return 0;
-  }
-
-  unsigned long ret = 0;
-  if (has_list_item(&features, "aes")) {
-    ret |= HWCAP2_AES;
-  }
-  if (has_list_item(&features, "pmull")) {
-    ret |= HWCAP2_PMULL;
-  }
-  if (has_list_item(&features, "sha1")) {
-    ret |= HWCAP2_SHA1;
-  }
-  if (has_list_item(&features, "sha2")) {
-    ret |= HWCAP2_SHA2;
-  }
-  return ret;
-}
-
-// has_broken_neon returns one if |in| matches a CPU known to have a broken
-// NEON unit. See https://crbug.com/341598.
-static int has_broken_neon(const STRING_PIECE *cpuinfo) {
-  return cpuinfo_field_equals(cpuinfo, "CPU implementer", "0x51") &&
-         cpuinfo_field_equals(cpuinfo, "CPU architecture", "7") &&
-         cpuinfo_field_equals(cpuinfo, "CPU variant", "0x1") &&
-         cpuinfo_field_equals(cpuinfo, "CPU part", "0x04d") &&
-         cpuinfo_field_equals(cpuinfo, "CPU revision", "0");
-}
-
 extern uint32_t OPENSSL_armcap_P;

 static int g_has_broken_neon, g_needs_hwcap2_workaround;

 void OPENSSL_cpuid_setup(void) {
-  char *cpuinfo_data;
-  size_t cpuinfo_len;
-  if (!read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo")) {
-    return;
-  }
+  // We ignore the return value of |read_file| and proceed with an empty
+  // /proc/cpuinfo on error. If |getauxval| works, we will still detect
+  // capabilities. There may be a false positive due to
+  // |crypto_cpuinfo_has_broken_neon|, but this is now rare.
+  char *cpuinfo_data = NULL;
+  size_t cpuinfo_len = 0;
+  read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo");
  STRING_PIECE cpuinfo;
  cpuinfo.data = cpuinfo_data;
  cpuinfo.len = cpuinfo_len;
@@ -315,11 +172,11 @@ void OPENSSL_cpuid_setup(void) {
    hwcap = getauxval_proc(AT_HWCAP);
  }
  if (hwcap == 0) {
-    hwcap = get_hwcap_cpuinfo(&cpuinfo);
+    hwcap = crypto_get_arm_hwcap_from_cpuinfo(&cpuinfo);
  }

  // Clear NEON support if known broken.
-  g_has_broken_neon = has_broken_neon(&cpuinfo);
+  g_has_broken_neon = crypto_cpuinfo_has_broken_neon(&cpuinfo);
  if (g_has_broken_neon) {
    hwcap &= ~HWCAP_NEON;
  }
@@ -335,7 +192,7 @@ void OPENSSL_cpuid_setup(void) {
      hwcap2 = getauxval(AT_HWCAP2);
    }
    if (hwcap2 == 0) {
-      hwcap2 = get_hwcap2_cpuinfo(&cpuinfo);
+      hwcap2 = crypto_get_arm_hwcap2_from_cpuinfo(&cpuinfo);
      g_needs_hwcap2_workaround = hwcap2 != 0;
    }

@@ -0,0 +1,201 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H
+#define OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H
+
+#include <openssl/base.h>
+
+#include <string.h>
+
+#include "internal.h"
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+// The cpuinfo parser lives in a header file so it may be accessible from
+// cross-platform fuzzers without adding code to those platforms normally.
+
+#define HWCAP_NEON (1 << 12)
+
+// See /usr/include/asm/hwcap.h on an ARM installation for the source of
+// these values.
+#define HWCAP2_AES (1 << 0)
+#define HWCAP2_PMULL (1 << 1)
+#define HWCAP2_SHA1 (1 << 2)
+#define HWCAP2_SHA2 (1 << 3)
+
+typedef struct {
+  const char *data;
+  size_t len;
+} STRING_PIECE;
+
+static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
+  size_t b_len = strlen(b);
+  return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
+}
+
+// STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
+// sets |*out_left| and |*out_right| to |in| split before and after it. It
+// returns one if |sep| was found and zero otherwise.
+static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
+                              const STRING_PIECE *in, char sep) {
+  const char *p = (const char *)OPENSSL_memchr(in->data, sep, in->len);
+  if (p == NULL) {
+    return 0;
+  }
+  // |out_left| or |out_right| may alias |in|, so make a copy.
+  STRING_PIECE in_copy = *in;
+  out_left->data = in_copy.data;
+  out_left->len = p - in_copy.data;
+  out_right->data = in_copy.data + out_left->len + 1;
+  out_right->len = in_copy.len - out_left->len - 1;
+  return 1;
+}
+
+// STRING_PIECE_get_delimited reads a |sep|-delimited entry from |s|, writing it
+// to |out| and updating |s| to point beyond it. It returns one on success and
+// zero if |s| is empty. If |s| is has no copies of |sep| and is non-empty, it
+// reads the entire string to |out|.
+static int STRING_PIECE_get_delimited(STRING_PIECE *s, STRING_PIECE *out, char sep) {
+  if (s->len == 0) {
+    return 0;
+  }
+  if (!STRING_PIECE_split(out, s, s, sep)) {
+    // |s| had no instances of |sep|. Return the entire string.
+    *out = *s;
+    s->data += s->len;
+    s->len = 0;
+  }
+  return 1;
+}
+
+// STRING_PIECE_trim removes leading and trailing whitespace from |s|.
+static void STRING_PIECE_trim(STRING_PIECE *s) {
+  while (s->len != 0 && (s->data[0] == ' ' || s->data[0] == '\t')) {
+    s->data++;
+    s->len--;
+  }
+  while (s->len != 0 &&
+         (s->data[s->len - 1] == ' ' || s->data[s->len - 1] == '\t')) {
+    s->len--;
+  }
+}
+
+// extract_cpuinfo_field extracts a /proc/cpuinfo field named |field| from
+// |in|. If found, it sets |*out| to the value and returns one. Otherwise, it
+// returns zero.
+static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in,
+                                 const char *field) {
+  // Process |in| one line at a time.
+  STRING_PIECE remaining = *in, line;
+  while (STRING_PIECE_get_delimited(&remaining, &line, '\n')) {
+    STRING_PIECE key, value;
+    if (!STRING_PIECE_split(&key, &value, &line, ':')) {
+      continue;
+    }
+    STRING_PIECE_trim(&key);
+    if (STRING_PIECE_equals(&key, field)) {
+      STRING_PIECE_trim(&value);
+      *out = value;
+      return 1;
+    }
+  }
+
+  return 0;
+}
+
+static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field,
+                                const char *value) {
+  STRING_PIECE extracted;
+  return extract_cpuinfo_field(&extracted, cpuinfo, field) &&
+         STRING_PIECE_equals(&extracted, value);
+}
+
+// has_list_item treats |list| as a space-separated list of items and returns
+// one if |item| is contained in |list| and zero otherwise.
+static int has_list_item(const STRING_PIECE *list, const char *item) {
+  STRING_PIECE remaining = *list, feature;
+  while (STRING_PIECE_get_delimited(&remaining, &feature, ' ')) {
+    if (STRING_PIECE_equals(&feature, item)) {
+      return 1;
+    }
+  }
+  return 0;
+}
+
+// crypto_get_arm_hwcap_from_cpuinfo returns an equivalent ARM |AT_HWCAP| value
+// from |cpuinfo|.
+static unsigned long crypto_get_arm_hwcap_from_cpuinfo(
+    const STRING_PIECE *cpuinfo) {
+  if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) {
+    // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
+    // available on ARMv8. Linux omits required features, so reading the
+    // "Features" line does not work. (For simplicity, use strict equality. We
+    // assume everything running on future ARM architectures will have a
+    // working |getauxval|.)
+    return HWCAP_NEON;
+  }
+
+  STRING_PIECE features;
+  if (extract_cpuinfo_field(&features, cpuinfo, "Features") &&
+      has_list_item(&features, "neon")) {
+    return HWCAP_NEON;
+  }
+  return 0;
+}
+
+// crypto_get_arm_hwcap2_from_cpuinfo returns an equivalent ARM |AT_HWCAP2|
+// value from |cpuinfo|.
+static unsigned long crypto_get_arm_hwcap2_from_cpuinfo(
+    const STRING_PIECE *cpuinfo) {
+  STRING_PIECE features;
+  if (!extract_cpuinfo_field(&features, cpuinfo, "Features")) {
+    return 0;
+  }
+
+  unsigned long ret = 0;
+  if (has_list_item(&features, "aes")) {
+    ret |= HWCAP2_AES;
+  }
+  if (has_list_item(&features, "pmull")) {
+    ret |= HWCAP2_PMULL;
+  }
+  if (has_list_item(&features, "sha1")) {
+    ret |= HWCAP2_SHA1;
+  }
+  if (has_list_item(&features, "sha2")) {
+    ret |= HWCAP2_SHA2;
+  }
+  return ret;
+}
+
+// crypto_cpuinfo_has_broken_neon returns one if |cpuinfo| matches a CPU known
+// to have broken NEON unit and zero otherwise. See https://crbug.com/341598.
+static int crypto_cpuinfo_has_broken_neon(const STRING_PIECE *cpuinfo) {
+  return cpuinfo_field_equals(cpuinfo, "CPU implementer", "0x51") &&
+         cpuinfo_field_equals(cpuinfo, "CPU architecture", "7") &&
+         cpuinfo_field_equals(cpuinfo, "CPU variant", "0x1") &&
+         cpuinfo_field_equals(cpuinfo, "CPU part", "0x04d") &&
+         cpuinfo_field_equals(cpuinfo, "CPU revision", "0");
+}
+
+
+#if defined(__cplusplus)
+}  // extern C
+#endif
+
+#endif  // OPENSSL_HEADER_CRYPTO_CPU_ARM_LINUX_H
@@ -0,0 +1,239 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "cpu-arm-linux.h"
+
+#include <string.h>
+
+#include <gtest/gtest.h>
+
+
+TEST(ARMLinuxTest, CPUInfo) {
+  struct CPUInfoTest {
+    const char *cpuinfo;
+    unsigned long hwcap;
+    unsigned long hwcap2;
+    bool broken_neon;
+  } kTests[] = {
+      // https://crbug.com/341598#c33
+      {
+          "Processor: ARMv7 Processory rev 0 (v71)\n"
+          "processor: 0\n"
+          "BogoMIPS: 13.50\n"
+          "\n"
+          "Processor: 1\n"
+          "BogoMIPS: 13.50\n"
+          "\n"
+          "Features: swp half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 "
+          "idiva idivt\n"
+          "CPU implementer : 0x51\n"
+          "CPU architecture: 7\n"
+          "CPU variant: 0x1\n"
+          "CPU part: 0x04d\n"
+          "CPU revision: 0\n"
+          "\n"
+          "Hardware: SAMSUNG M2\n"
+          "Revision: 0010\n"
+          "Serial: 00001e030000354e\n",
+          HWCAP_NEON,
+          0,
+          true,
+      },
+      // https://crbug.com/341598#c39
+      {
+          "Processor       : ARMv7 Processor rev 0 (v7l)\n"
+          "processor       : 0\n"
+          "BogoMIPS        : 13.53\n"
+          "\n"
+          "Features        : swp half thumb fastmult vfp edsp neon vfpv3 tls "
+          "vfpv4\n"
+          "CPU implementer : 0x51\n"
+          "CPU architecture: 7\n"
+          "CPU variant     : 0x1\n"
+          "CPU part        : 0x04d\n"
+          "CPU revision    : 0\n"
+          "\n"
+          "Hardware        : SAMSUNG M2_ATT\n"
+          "Revision        : 0010\n"
+          "Serial          : 0000df0c00004d4c\n",
+          HWCAP_NEON,
+          0,
+          true,
+      },
+      // Nexus 4 from https://crbug.com/341598#c43
+      {
+          "Processor       : ARMv7 Processor rev 2 (v7l)\n"
+          "processor       : 0\n"
+          "BogoMIPS        : 13.53\n"
+          "\n"
+          "processor       : 1\n"
+          "BogoMIPS        : 13.53\n"
+          "\n"
+          "processor       : 2\n"
+          "BogoMIPS        : 13.53\n"
+          "\n"
+          "processor       : 3\n"
+          "BogoMIPS        : 13.53\n"
+          "\n"
+          "Features        : swp half thumb fastmult vfp edsp neon vfpv3 tls "
+          "vfpv4 \n"
+          "CPU implementer : 0x51\n"
+          "CPU architecture: 7\n"
+          "CPU variant     : 0x0\n"
+          "CPU part        : 0x06f\n"
+          "CPU revision    : 2\n"
+          "\n"
+          "Hardware        : QCT APQ8064 MAKO\n"
+          "Revision        : 000b\n"
+          "Serial          : 0000000000000000\n",
+          HWCAP_NEON,
+          0,
+          false,
+      },
+      // Razr M from https://crbug.com/341598#c43
+      {
+          "Processor       : ARMv7 Processor rev 4 (v7l)\n"
+          "processor       : 0\n"
+          "BogoMIPS        : 13.53\n"
+          "\n"
+          "Features        : swp half thumb fastmult vfp edsp neon vfpv3 tls "
+          "vfpv4\n"
+          "CPU implementer : 0x51\n"
+          "CPU architecture: 7\n"
+          "CPU variant     : 0x1\n"
+          "CPU part        : 0x04d\n"
+          "CPU revision    : 4\n"
+          "\n"
+          "Hardware        : msm8960dt\n"
+          "Revision        : 82a0\n"
+          "Serial          : 0001000201fe37a5\n",
+          HWCAP_NEON,
+          0,
+          false,
+      },
+      // Pixel 2 (truncated slightly)
+      {
+          "Processor       : AArch64 Processor rev 1 (aarch64)\n"
+          "processor       : 0\n"
+          "BogoMIPS        : 38.00\n"
+          "Features        : fp asimd evtstrm aes pmull sha1 sha2 crc32\n"
+          "CPU implementer : 0x51\n"
+          "CPU architecture: 8\n"
+          "CPU variant     : 0xa\n"
+          "CPU part        : 0x801\n"
+          "CPU revision    : 4\n"
+          "\n"
+          "processor       : 1\n"
+          "BogoMIPS        : 38.00\n"
+          "Features        : fp asimd evtstrm aes pmull sha1 sha2 crc32\n"
+          "CPU implementer : 0x51\n"
+          "CPU architecture: 8\n"
+          "CPU variant     : 0xa\n"
+          "CPU part        : 0x801\n"
+          "CPU revision    : 4\n"
+          "\n"
+          "processor       : 2\n"
+          "BogoMIPS        : 38.00\n"
+          "Features        : fp asimd evtstrm aes pmull sha1 sha2 crc32\n"
+          "CPU implementer : 0x51\n"
+          "CPU architecture: 8\n"
+          "CPU variant     : 0xa\n"
+          "CPU part        : 0x801\n"
+          "CPU revision    : 4\n"
+          "\n"
+          "processor       : 3\n"
+          "BogoMIPS        : 38.00\n"
+          "Features        : fp asimd evtstrm aes pmull sha1 sha2 crc32\n"
+          "CPU implementer : 0x51\n"
+          "CPU architecture: 8\n"
+          "CPU variant     : 0xa\n"
+          "CPU part        : 0x801\n"
+          "CPU revision    : 4\n"
+          // (Extra processors omitted.)
+          "\n"
+          "Hardware        : Qualcomm Technologies, Inc MSM8998\n",
+          HWCAP_NEON,  // CPU architecture 8 implies NEON.
+          HWCAP2_AES | HWCAP2_PMULL | HWCAP2_SHA1 | HWCAP2_SHA2,
+          false,
+      },
+      // Nexus 4 from
+      // Garbage should be tolerated.
+      {
+          "Blah blah blah this is definitely an ARM CPU",
+          0,
+          0,
+          false,
+      },
+      // A hypothetical ARMv8 CPU without crc32 (and thus no trailing space
+      // after the last crypto entry).
+      {
+          "Features        : aes pmull sha1 sha2\n"
+          "CPU architecture: 8\n",
+          HWCAP_NEON,
+          HWCAP2_AES | HWCAP2_PMULL | HWCAP2_SHA1 | HWCAP2_SHA2,
+          false,
+      },
+      // Various combinations of ARMv8 flags.
+      {
+          "Features        : aes sha1 sha2\n"
+          "CPU architecture: 8\n",
+          HWCAP_NEON,
+          HWCAP2_AES | HWCAP2_SHA1 | HWCAP2_SHA2,
+          false,
+      },
+      {
+          "Features        : pmull sha2\n"
+          "CPU architecture: 8\n",
+          HWCAP_NEON,
+          HWCAP2_PMULL | HWCAP2_SHA2,
+          false,
+      },
+      {
+          "Features        : aes aes   aes not_aes aes aes \n"
+          "CPU architecture: 8\n",
+          HWCAP_NEON,
+          HWCAP2_AES,
+          false,
+      },
+      {
+          "Features        : \n"
+          "CPU architecture: 8\n",
+          HWCAP_NEON,
+          0,
+          false,
+      },
+      {
+          "Features        : nothing\n"
+          "CPU architecture: 8\n",
+          HWCAP_NEON,
+          0,
+          false,
+      },
+      // If opening /proc/cpuinfo fails, we process the empty string.
+      {
+          "",
+          0,
+          0,
+          false,
+      },
+  };
+
+  for (const auto &t : kTests) {
+    SCOPED_TRACE(t.cpuinfo);
+    STRING_PIECE sp = {t.cpuinfo, strlen(t.cpuinfo)};
+    EXPECT_EQ(t.hwcap, crypto_get_arm_hwcap_from_cpuinfo(&sp));
+    EXPECT_EQ(t.hwcap2, crypto_get_arm_hwcap2_from_cpuinfo(&sp));
+    EXPECT_EQ(t.broken_neon ? 1 : 0, crypto_cpuinfo_has_broken_neon(&sp));
+  }
+}
@@ -54,10 +54,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.] */

-#if !defined(__STDC_FORMAT_MACROS)
-#define __STDC_FORMAT_MACROS
-#endif
-
 #include <openssl/cpu.h>


@@ -127,15 +123,28 @@ static uint64_t OPENSSL_xgetbv(uint32_t xcr) {
 // and |out[1]|. See the comment in |OPENSSL_cpuid_setup| about this.
 static void handle_cpu_env(uint32_t *out, const char *in) {
  const int invert = in[0] == '~';
-  uint64_t v;
+  const int or = in[0] == '|';
+  const int skip_first_byte = invert || or;
+  const int hex = in[skip_first_byte] == '0' && in[skip_first_byte+1] == 'x';

-  if (!sscanf(in + invert, "%" PRIu64, &v)) {
+  int sscanf_result;
+  uint64_t v;
+  if (hex) {
+    sscanf_result = sscanf(in + invert + 2, "%" PRIx64, &v);
+  } else {
+    sscanf_result = sscanf(in + invert, "%" PRIu64, &v);
+  }
+
+  if (!sscanf_result) {
    return;
  }

  if (invert) {
    out[0] &= ~v;
    out[1] &= ~(v >> 32);
+  } else if (or) {
+    out[0] |= v;
+    out[1] |= (v >> 32);
  } else {
    out[0] = v;
    out[1] = v >> 32;
@@ -156,20 +165,6 @@ void OPENSSL_cpuid_setup(void) {
               edx == 0x69746e65 /* enti */ &&
               ecx == 0x444d4163 /* cAMD */;

-  int has_amd_xop = 0;
-  if (is_amd) {
-    // AMD-specific logic.
-    // See http://developer.amd.com/wordpress/media/2012/10/254811.pdf
-    OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 0x80000000);
-    uint32_t num_extended_ids = eax;
-    if (num_extended_ids >= 0x80000001) {
-      OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 0x80000001);
-      if (ecx & (1u << 11)) {
-        has_amd_xop = 1;
-      }
-    }
-  }
-
  uint32_t extended_features[2] = {0};
  if (num_ids >= 7) {
    OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 7);
@@ -177,30 +172,36 @@ void OPENSSL_cpuid_setup(void) {
    extended_features[1] = ecx;
  }

-  // Determine the number of cores sharing an L1 data cache to adjust the
-  // hyper-threading bit.
-  uint32_t cores_per_cache = 0;
-  if (is_amd) {
-    // AMD CPUs never share an L1 data cache between threads but do set the HTT
-    // bit on multi-core CPUs.
-    cores_per_cache = 1;
-  } else if (num_ids >= 4) {
-    // TODO(davidben): The Intel manual says this CPUID leaf enumerates all
-    // caches using ECX and doesn't say which is first. Does this matter?
-    OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 4);
-    cores_per_cache = 1 + ((eax >> 14) & 0xfff);
-  }
-
  OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 1);

-  // Adjust the hyper-threading bit.
-  if (edx & (1u << 28)) {
-    uint32_t num_logical_cores = (ebx >> 16) & 0xff;
-    if (cores_per_cache == 1 || num_logical_cores <= 1) {
-      edx &= ~(1u << 28);
+  if (is_amd) {
+    // See https://www.amd.com/system/files/TechDocs/25481.pdf, page 10.
+    const uint32_t base_family = (eax >> 8) & 15;
+    const uint32_t base_model = (eax >> 4) & 15;
+
+    uint32_t family = base_family;
+    uint32_t model = base_model;
+    if (base_family == 0xf) {
+      const uint32_t ext_family = (eax >> 20) & 255;
+      family += ext_family;
+      const uint32_t ext_model = (eax >> 16) & 15;
+      model |= ext_model << 4;
+    }
+
+    if (family < 0x17 || (family == 0x17 && 0x70 <= model && model <= 0x7f)) {
+      // Disable RDRAND on AMD families before 0x17 (Zen) due to reported
+      // failures after suspend.
+      // https://bugzilla.redhat.com/show_bug.cgi?id=1150286
+      // Also disable for family 0x17, models 0x70–0x7f, due to possible RDRAND
+      // failures there too.
+      ecx &= ~(1u << 30);
    }
  }

+  // Force the hyper-threading bit so that the more conservative path is always
+  // chosen.
+  edx |= 1u << 28;
+
  // Reserved bit #20 was historically repurposed to control the in-memory
  // representation of RC4 state. Always set it to zero.
  edx &= ~(1u << 20);
@@ -220,12 +221,9 @@ void OPENSSL_cpuid_setup(void) {
    edx &= ~(1u << 30);
  }

-  // The SDBG bit is repurposed to denote AMD XOP support.
-  if (has_amd_xop) {
-    ecx |= (1u << 11);
-  } else {
-    ecx &= ~(1u << 11);
-  }
+  // The SDBG bit is repurposed to denote AMD XOP support. Don't ever use AMD
+  // XOP code paths.
+  ecx &= ~(1u << 11);

  uint64_t xcr0 = 0;
  if (ecx & (1u << 27)) {
@@ -271,10 +269,14 @@ void OPENSSL_cpuid_setup(void) {

  // OPENSSL_ia32cap can contain zero, one or two values, separated with a ':'.
  // Each value is a 64-bit, unsigned value which may start with "0x" to
-  // indicate a hex value. Prior to the 64-bit value, a '~' may be given.
+  // indicate a hex value. Prior to the 64-bit value, a '~' or '|' may be given.
  //
-  // If '~' isn't present, then the value is taken as the result of the CPUID.
-  // Otherwise the value is inverted and ANDed with the probed CPUID result.
+  // If the '~' prefix is present:
+  //   the value is inverted and ANDed with the probed CPUID result
+  // If the '|' prefix is present:
+  //   the value is ORed with the probed CPUID result
+  // Otherwise:
+  //   the value is taken as the result of the CPUID
  //
  // The first value determines OPENSSL_ia32cap_P[0] and [1]. The second [2]
  // and [3].
@@ -16,6 +16,8 @@

 #include <openssl/cpu.h>

+#include "fipsmodule/rand/fork_detect.h"
+#include "fipsmodule/rand/internal.h"
 #include "internal.h"


@@ -36,8 +38,8 @@
 #define BORINGSSL_NO_STATIC_INITIALIZER
 #endif

-#endif  /* !OPENSSL_NO_ASM && (OPENSSL_X86 || OPENSSL_X86_64 ||
-                               OPENSSL_ARM || OPENSSL_AARCH64) */
+#endif  // !NO_ASM && !STATIC_ARMCAP &&
+        // (X86 || X86_64 || ARM || AARCH64 || PPC64LE)


 // Our assembly does not use the GOT to reference symbols, which means
@@ -60,8 +62,7 @@
 // that tests the capability values will still skip the constructor but, so
 // far, the init constructor function only sets the capability variables.

-#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
-
+#if defined(BORINGSSL_DISPATCH_TEST)
 // This value must be explicitly initialised to zero in order to work around a
 // bug in libtool or the linker on OS X.
 //
@@ -69,6 +70,12 @@
 // archive, linking on OS X will fail to resolve common symbols. By
 // initialising it to zero, it becomes a "data symbol", which isn't so
 // affected.
+HIDDEN uint8_t BORINGSSL_function_hit[7] = {0};
+#endif
+
+#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
+
+// This value must be explicitly initialized to zero. See similar comment above.
 HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0};

 #elif defined(OPENSSL_PPC64LE)
@@ -82,7 +89,8 @@ HIDDEN unsigned long OPENSSL_ppc64le_hwcap2 = 0;
 #if defined(OPENSSL_STATIC_ARMCAP)

 HIDDEN uint32_t OPENSSL_armcap_P =
-#if defined(OPENSSL_STATIC_ARMCAP_NEON) || defined(__ARM_NEON__)
+#if defined(OPENSSL_STATIC_ARMCAP_NEON) || \
+    (defined(__ARM_NEON__) || defined(__ARM_NEON))
    ARMV7_NEON |
 #endif
 #if defined(OPENSSL_STATIC_ARMCAP_AES) || defined(__ARM_FEATURE_CRYPTO)
@@ -101,6 +109,10 @@ HIDDEN uint32_t OPENSSL_armcap_P =

 #else
 HIDDEN uint32_t OPENSSL_armcap_P = 0;
+
+uint32_t *OPENSSL_get_armcap_pointer_for_test(void) {
+  return &OPENSSL_armcap_P;
+}
 #endif

 #endif
@@ -164,6 +176,15 @@ int CRYPTO_has_asm(void) {
 #endif
 }

+void CRYPTO_pre_sandbox_init(void) {
+  // Read from /proc/cpuinfo if needed.
+  CRYPTO_library_init();
+  // Open /dev/urandom if needed.
+  CRYPTO_init_sysrand();
+  // Set up MADV_WIPEONFORK state if needed.
+  CRYPTO_get_fork_generation();
+}
+
 const char *SSLeay_version(int which) { return OpenSSL_version(which); }

 const char *OpenSSL_version(int which) {
@@ -201,3 +222,5 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
  CRYPTO_library_init();
  return 1;
 }
+
+void OPENSSL_cleanup(void) {}
@@ -1,19 +0,0 @@
-include_directories(../../include)
-
-if (${ARCH} STREQUAL "arm")
-  set(
-    CURVE25519_ARCH_SOURCES
-
-    asm/x25519-asm-arm.S
-  )
-endif()
-
-add_library(
-  curve25519
-
-  OBJECT
-
-  spake25519.c
-
-  ${CURVE25519_ARCH_SOURCES}
-)
@@ -17,8 +17,18 @@
 * domain licensed but the standard ISC license is included above to keep
 * licensing simple. */

+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
+#define OPENSSL_NO_ASM
+#endif
+#endif
+
 #if !defined(OPENSSL_NO_ASM) && defined(__arm__) && !defined(__APPLE__)

+#if defined(BORINGSSL_PREFIX)
+#include <boringssl_prefix_symbols_asm.h>
+#endif
+
 .fpu neon
 .text
 .align 4
@@ -2120,3 +2130,7 @@ vpop {q4,q5,q6,q7}
 bx lr

 #endif  /* !OPENSSL_NO_ASM && __arm__ && !__APPLE__ */
+
+#if defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
@@ -1,24 +1,16 @@
-// The MIT License (MIT)
-//
-// Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS file).
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-// SOFTWARE.
+/* Copyright (c) 2020, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 // This file is generated from
 //    ./make_curve25519_tables.py > curve25519_tables.h
@@ -0,0 +1,146 @@
+/* Copyright (c) 2020, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CURVE25519_INTERNAL_H
+#define OPENSSL_HEADER_CURVE25519_INTERNAL_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include <openssl/base.h>
+
+#include "../internal.h"
+
+
+#if defined(OPENSSL_ARM) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_APPLE)
+#define BORINGSSL_X25519_NEON
+
+// x25519_NEON is defined in asm/x25519-arm.S.
+void x25519_NEON(uint8_t out[32], const uint8_t scalar[32],
+                 const uint8_t point[32]);
+#endif
+
+#if defined(BORINGSSL_HAS_UINT128)
+#define BORINGSSL_CURVE25519_64BIT
+#endif
+
+#if defined(BORINGSSL_CURVE25519_64BIT)
+// fe means field element. Here the field is \Z/(2^255-19). An element t,
+// entries t[0]...t[4], represents the integer t[0]+2^51 t[1]+2^102 t[2]+2^153
+// t[3]+2^204 t[4].
+// fe limbs are bounded by 1.125*2^51.
+// Multiplication and carrying produce fe from fe_loose.
+typedef struct fe { uint64_t v[5]; } fe;
+
+// fe_loose limbs are bounded by 3.375*2^51.
+// Addition and subtraction produce fe_loose from (fe, fe).
+typedef struct fe_loose { uint64_t v[5]; } fe_loose;
+#else
+// fe means field element. Here the field is \Z/(2^255-19). An element t,
+// entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+// t[3]+2^102 t[4]+...+2^230 t[9].
+// fe limbs are bounded by 1.125*2^26,1.125*2^25,1.125*2^26,1.125*2^25,etc.
+// Multiplication and carrying produce fe from fe_loose.
+typedef struct fe { uint32_t v[10]; } fe;
+
+// fe_loose limbs are bounded by 3.375*2^26,3.375*2^25,3.375*2^26,3.375*2^25,etc.
+// Addition and subtraction produce fe_loose from (fe, fe).
+typedef struct fe_loose { uint32_t v[10]; } fe_loose;
+#endif
+
+// ge means group element.
+//
+// Here the group is the set of pairs (x,y) of field elements (see fe.h)
+// satisfying -x^2 + y^2 = 1 + d x^2y^2
+// where d = -121665/121666.
+//
+// Representations:
+//   ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+//   ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+//   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+//   ge_precomp (Duif): (y+x,y-x,2dxy)
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+} ge_p2;
+
+typedef struct {
+  fe X;
+  fe Y;
+  fe Z;
+  fe T;
+} ge_p3;
+
+typedef struct {
+  fe_loose X;
+  fe_loose Y;
+  fe_loose Z;
+  fe_loose T;
+} ge_p1p1;
+
+typedef struct {
+  fe_loose yplusx;
+  fe_loose yminusx;
+  fe_loose xy2d;
+} ge_precomp;
+
+typedef struct {
+  fe_loose YplusX;
+  fe_loose YminusX;
+  fe_loose Z;
+  fe_loose T2d;
+} ge_cached;
+
+void x25519_ge_tobytes(uint8_t s[32], const ge_p2 *h);
+int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s);
+void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p);
+void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
+void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);
+void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
+void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q);
+void x25519_ge_scalarmult_small_precomp(
+    ge_p3 *h, const uint8_t a[32], const uint8_t precomp_table[15 * 2 * 32]);
+void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]);
+void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A);
+void x25519_sc_reduce(uint8_t s[64]);
+
+enum spake2_state_t {
+  spake2_state_init = 0,
+  spake2_state_msg_generated,
+  spake2_state_key_generated,
+};
+
+struct spake2_ctx_st {
+  uint8_t private_key[32];
+  uint8_t my_msg[32];
+  uint8_t password_scalar[32];
+  uint8_t password_hash[64];
+  uint8_t *my_name;
+  size_t my_name_len;
+  uint8_t *their_name;
+  size_t their_name_len;
+  enum spake2_role_t my_role;
+  enum spake2_state_t state;
+  char disable_password_scalar_hack;
+};
+
+
+#if defined(__cplusplus)
+}  // extern C
+#endif
+
+#endif  // OPENSSL_HEADER_CURVE25519_INTERNAL_H
@@ -0,0 +1,222 @@
+#!/usr/bin/env python
+# coding=utf-8
+# Copyright (c) 2020, Google Inc.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+import StringIO
+import subprocess
+
+# Base field Z_p
+p = 2**255 - 19
+
+def modp_inv(x):
+    return pow(x, p-2, p)
+
+# Square root of -1
+modp_sqrt_m1 = pow(2, (p-1) // 4, p)
+
+# Compute corresponding x-coordinate, with low bit corresponding to
+# sign, or return None on failure
+def recover_x(y, sign):
+    if y >= p:
+        return None
+    x2 = (y*y-1) * modp_inv(d*y*y+1)
+    if x2 == 0:
+        if sign:
+            return None
+        else:
+            return 0
+
+    # Compute square root of x2
+    x = pow(x2, (p+3) // 8, p)
+    if (x*x - x2) % p != 0:
+        x = x * modp_sqrt_m1 % p
+    if (x*x - x2) % p != 0:
+        return None
+
+    if (x & 1) != sign:
+        x = p - x
+    return x
+
+# Curve constant
+d = -121665 * modp_inv(121666) % p
+
+# Base point
+g_y = 4 * modp_inv(5) % p
+g_x = recover_x(g_y, 0)
+
+# Points are represented as affine tuples (x, y).
+
+def point_add(P, Q):
+    x1, y1 = P
+    x2, y2 = Q
+    x3 = ((x1*y2 + y1*x2) * modp_inv(1 + d*x1*x2*y1*y2)) % p
+    y3 = ((y1*y2 + x1*x2) * modp_inv(1 - d*x1*x2*y1*y2)) % p
+    return (x3, y3)
+
+# Computes Q = s * P
+def point_mul(s, P):
+    Q = (0, 1)  # Neutral element
+    while s > 0:
+        if s & 1:
+            Q = point_add(Q, P)
+        P = point_add(P, P)
+        s >>= 1
+    return Q
+
+def to_bytes(x):
+    ret = bytearray(32)
+    for i in range(len(ret)):
+        ret[i] = x % 256
+        x >>= 8
+    assert x == 0
+    return ret
+
+def to_ge_precomp(P):
+    # typedef struct {
+    #   fe_loose yplusx;
+    #   fe_loose yminusx;
+    #   fe_loose xy2d;
+    # } ge_precomp;
+    x, y = P
+    return ((y + x) % p, (y - x) % p, (x * y * 2 * d) % p)
+
+def to_base_25_5(x):
+    limbs = (26, 25, 26, 25, 26, 25, 26, 25, 26, 25)
+    ret = []
+    for l in limbs:
+        ret.append(x & ((1<<l) - 1))
+        x >>= l
+    assert x == 0
+    return ret
+
+def to_base_51(x):
+    ret = []
+    for _ in range(5):
+        ret.append(x & ((1<<51) - 1))
+        x >>= 51
+    assert x == 0
+    return ret
+
+def to_literal(x):
+    ret = "{{\n#if defined(BORINGSSL_CURVE25519_64BIT)\n"
+    ret += ", ".join(map(str, to_base_51(x)))
+    ret += "\n#else\n"
+    ret += ", ".join(map(str, to_base_25_5(x)))
+    ret += "\n#endif\n}}"
+    return ret
+
+def main():
+    d2 = (2 * d) % p
+
+    small_precomp = bytearray()
+    for i in range(1, 16):
+        s = (i&1) | ((i&2) << (64-1)) | ((i&4) << (128-2)) | ((i&8) << (192-3))
+        P = point_mul(s, (g_x, g_y))
+        small_precomp += to_bytes(P[0])
+        small_precomp += to_bytes(P[1])
+
+    large_precomp = []
+    for i in range(32):
+        large_precomp.append([])
+        for j in range(8):
+            P = point_mul((j + 1) << (i * 8), (g_x, g_y))
+            large_precomp[-1].append(to_ge_precomp(P))
+
+    bi_precomp = []
+    for i in range(8):
+        P = point_mul(2*i + 1, (g_x, g_y))
+        bi_precomp.append(to_ge_precomp(P))
+
+
+    buf = StringIO.StringIO()
+    buf.write("""/* Copyright (c) 2020, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// This file is generated from
+//    ./make_curve25519_tables.py > curve25519_tables.h
+
+
+static const fe d = """)
+    buf.write(to_literal(d))
+    buf.write(""";
+
+static const fe sqrtm1 = """)
+    buf.write(to_literal(modp_sqrt_m1))
+    buf.write(""";
+
+static const fe d2 = """)
+    buf.write(to_literal(d2))
+    buf.write(""";
+
+#if defined(OPENSSL_SMALL)
+
+// This block of code replaces the standard base-point table with a much smaller
+// one. The standard table is 30,720 bytes while this one is just 960.
+//
+// This table contains 15 pairs of group elements, (x, y), where each field
+// element is serialised with |fe_tobytes|. If |i| is the index of the group
+// element then consider i+1 as a four-bit number: (i₀, i₁, i₂, i₃) (where i₀
+// is the most significant bit). The value of the group element is then:
+// (i₀×2^192 + i₁×2^128 + i₂×2^64 + i₃)G, where G is the generator.
+static const uint8_t k25519SmallPrecomp[15 * 2 * 32] = {""")
+    for i, b in enumerate(small_precomp):
+        buf.write("0x%02x, " % b)
+    buf.write("""
+};
+
+#else
+
+// k25519Precomp[i][j] = (j+1)*256^i*B
+static const ge_precomp k25519Precomp[32][8] = {
+""")
+    for child in large_precomp:
+        buf.write("{\n")
+        for val in child:
+            buf.write("{\n")
+            for term in val:
+                buf.write(to_literal(term) + ",\n")
+            buf.write("},\n")
+        buf.write("},\n")
+    buf.write("""};
+
+#endif  // OPENSSL_SMALL
+
+// Bi[i] = (2*i+1)*B
+static const ge_precomp Bi[8] = {
+""")
+    for val in bi_precomp:
+        buf.write("{\n")
+        for term in val:
+                buf.write(to_literal(term) + ",\n")
+        buf.write("},\n")
+    buf.write("""};
+""")
+
+    proc = subprocess.Popen(["clang-format"], stdin=subprocess.PIPE)
+    proc.communicate(buf.getvalue())
+
+if __name__ == "__main__":
+    main()
@@ -23,7 +23,7 @@
 #include <openssl/sha.h>

 #include "../internal.h"
-#include "../../third_party/fiat/internal.h"
+#include "./internal.h"


 // The following precomputation tables are for the following
@@ -23,7 +23,7 @@
 #include <gtest/gtest.h>

 #include "../internal.h"
-#include "../../third_party/fiat/internal.h"
+#include "./internal.h"


 // TODO(agl): add tests with fixed vectors once SPAKE2 is nailed down.
@@ -23,6 +23,7 @@
 #include "../internal.h"
 #include "../test/file_test.h"
 #include "../test/test_util.h"
+#include "../test/wycheproof_util.h"


 TEST(X25519Test, TestVector) {
@@ -132,11 +133,8 @@ TEST(X25519Test, Wycheproof) {
      t->IgnoreInstruction("curve");
      t->IgnoreAttribute("curve");

-      // Our implementation tolerates the Wycheproof "acceptable"
-      // inputs. Wycheproof's valid vs. acceptable criteria does not match our
-      // X25519 return value, so we test only the overall output.
-      t->IgnoreAttribute("result");
-
+      WycheproofResult result;
+      ASSERT_TRUE(GetWycheproofResult(t, &result));
      std::vector<uint8_t> priv, pub, shared;
      ASSERT_TRUE(t->GetBytes(&priv, "private"));
      ASSERT_TRUE(t->GetBytes(&pub, "public"));
@@ -144,7 +142,8 @@ TEST(X25519Test, Wycheproof) {
      ASSERT_EQ(32u, priv.size());
      ASSERT_EQ(32u, pub.size());
      uint8_t secret[32];
-      X25519(secret, priv.data(), pub.data());
+      int ret = X25519(secret, priv.data(), pub.data());
+      EXPECT_EQ(ret, result.IsValid({"NonCanonicalPublic", "Twist"}) ? 1 : 0);
      EXPECT_EQ(Bytes(secret), Bytes(shared));
  });
 }
--- a/Show More
+++ b/Show More