From matt at openssl.org Tue May 1 12:45:12 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 12:45:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525178712.991042.2714.nullmailer@dev.openssl.org> The branch master has been updated via 6ec5fce25e81b44c37b37db1cde37670d6bbc678 (commit) from d1ae34e92d1ae11a9b650e85790a907e5939cdf6 (commit) - Log ----------------------------------------------------------------- commit 6ec5fce25e81b44c37b37db1cde37670d6bbc678 Author: Matt Caswell Date: Tue May 1 13:34:30 2018 +0100 Update copyright year Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6145) ----------------------------------------------------------------------- Summary of changes: crypto/armv4cpuid.pl | 2 +- crypto/asn1/p5_scrypt.c | 2 +- crypto/async/async.c | 2 +- crypto/ec/asm/ecp_nistz256-armv4.pl | 2 +- crypto/ec/ec_mult.c | 2 +- crypto/include/internal/async.h | 2 +- crypto/include/internal/err_int.h | 2 +- crypto/lhash/lhash.c | 2 +- crypto/modes/asm/ghashv8-armx.pl | 2 +- crypto/pem/pem_pkey.c | 2 +- crypto/pkcs12/p12_utl.c | 2 +- crypto/poly1305/asm/poly1305-armv4.pl | 2 +- crypto/sha/asm/keccak1600-x86_64.pl | 2 +- crypto/x509/by_dir.c | 2 +- crypto/x509/by_file.c | 2 +- crypto/x509/x509_vfy.c | 2 +- crypto/x509/x509_vpm.c | 2 +- crypto/x509/x_crl.c | 2 +- crypto/x509/x_name.c | 2 +- crypto/x509/x_pubkey.c | 2 +- crypto/x509/x_x509.c | 2 +- crypto/x509v3/pcy_cache.c | 2 +- crypto/x509v3/pcy_data.c | 2 +- crypto/x509v3/pcy_node.c | 2 +- crypto/x509v3/pcy_tree.c | 2 +- crypto/x509v3/v3_cpols.c | 2 +- doc/man3/SSL_CTX_set_info_callback.pod | 2 +- doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 2 +- doc/man3/SSL_get_session.pod | 2 +- doc/man3/SSL_get_version.pod | 2 +- engines/e_capi.c | 2 +- ms/uplink-x86.pl | 2 +- ssl/record/rec_layer_d1.c | 2 +- test/run_tests.pl | 2 +- test/verify_extra_test.c | 2 +- 35 files changed, 35 insertions(+), 35 deletions(-) diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl index 9e46149..ab007c1 100644 --- a/crypto/armv4cpuid.pl +++ b/crypto/armv4cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index 1daaa6f..21d74da 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/async/async.c b/crypto/async/async.c index 7c6cf5b..1d83e45 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl index 7bb268d..84dcb6e 100755 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 0779e4f..4f6689a 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/include/internal/async.h b/crypto/include/internal/async.h index 747e0b8..dc8e937 100644 --- a/crypto/include/internal/async.h +++ b/crypto/include/internal/async.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/include/internal/err_int.h b/crypto/include/internal/err_int.h index 4a7e43a..44ac944 100644 --- a/crypto/include/internal/err_int.h +++ b/crypto/include/internal/err_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 116274b..dca5007 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index ac9d5a2..47e8820 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 8c4797c..8730a78 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index 7a8023b..43b9e3a 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl index 699021f..5cdb6be 100755 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ b/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/asm/keccak1600-x86_64.pl b/crypto/sha/asm/keccak1600-x86_64.pl index e24b575..d3f4c10 100755 --- a/crypto/sha/asm/keccak1600-x86_64.pl +++ b/crypto/sha/asm/keccak1600-x86_64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index c883458..ae9670c 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index bd39ecb..78d7fbd 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index fd8ecfa..447f5e0 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index fa51990..67e9996 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 5098b5f..c0099e0 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index a30b5e1..aec3459 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 8616297..d050b0b 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index cf71180..4c04f12 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 0f506ac..7873a42 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index 7b75a6d..bd3bb0e 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c index f739373..db4d71f 100644 --- a/crypto/x509v3/pcy_node.c +++ b/crypto/x509v3/pcy_node.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 9e1d640..9a1e208 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 518a0f2..7a47fd3 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index 85187cf..f01ca66 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -160,7 +160,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 7782ea7..9b448db 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -190,7 +190,7 @@ L, =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod index 7ed6353..7c04570 100644 --- a/doc/man3/SSL_get_session.pod +++ b/doc/man3/SSL_get_session.pod @@ -100,7 +100,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod index c649c29..9b49242 100644 --- a/doc/man3/SSL_get_version.pod +++ b/doc/man3/SSL_get_version.pod @@ -97,7 +97,7 @@ SSL_is_dtls() was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_capi.c b/engines/e_capi.c index 1a12350..a765892 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ms/uplink-x86.pl b/ms/uplink-x86.pl index c298bdc..e79cff7 100755 --- a/ms/uplink-x86.pl +++ b/ms/uplink-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index e3e168d..97943d4 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/run_tests.pl b/test/run_tests.pl index 56b5ad1..881feae 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 5d46542..d9d1498 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy From matt at openssl.org Tue May 1 13:03:08 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:03:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525179788.607879.6843.nullmailer@dev.openssl.org> The branch master has been updated via 8a0c91d3bdf34957b022ea170ea3fa6cdde0ab85 (commit) via a910a9e98f08c48c4ea24651a29872e71748f969 (commit) from 6ec5fce25e81b44c37b37db1cde37670d6bbc678 (commit) - Log ----------------------------------------------------------------- commit 8a0c91d3bdf34957b022ea170ea3fa6cdde0ab85 Author: Matt Caswell Date: Tue May 1 13:55:46 2018 +0100 Prepare for 1.1.1-pre7-dev Reviewed-by: Rich Salz commit a910a9e98f08c48c4ea24651a29872e71748f969 Author: Matt Caswell Date: Tue May 1 13:46:05 2018 +0100 Prepare for 1.1.1-pre6 release Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: README | 2 +- include/openssl/opensslv.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 7484255..1942f7b 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1-pre6-dev + OpenSSL 1.1.1-pre7-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index fc1e2b5..c970c18 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101006L -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre6-dev xx XXX xxxx" +# define OPENSSL_VERSION_NUMBER 0x10101007L +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre7-dev xx XXX xxxx" /*- * The macros below are to be used for shared library (.so, .dll, ...) From matt at openssl.org Tue May 1 13:04:00 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:04:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_1-pre6 create Message-ID: <1525179840.177230.7785.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_1_1-pre6 has been created at 8405ab9edd7fec6449888a80b8b9a96aabc04521 (tag) tagging a910a9e98f08c48c4ea24651a29872e71748f969 (commit) replaces OpenSSL_1_1_1-pre5 tagged by Matt Caswell on Tue May 1 13:46:05 2018 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.1.1-pre6 release tag -----BEGIN PGP SIGNATURE----- iQEuBAABCAAYBQJa6GGNERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRN38I AJqznQ+Pq3qlasLDoCDwha/FAZnFl4Gl3Epv33w6zPlipWVYvwFT54yYgluTtnuJ QfiKpdBynD4v9x/yNyAQOcY6uOSFDoF7BKgA5yQLN+wWXwOhB+xBiD/mbn4Dr1Sd 1jd0RF93dgO1eHYLdUwKt6XuixjmdCbSrpHjvoOXd/4J4DwZtMb36T+XmbMPZwW4 OsAra3uzrhWiIQSVYUIGRbQy4fCwQ+R/x1n1mMC1qMkdXe8Omz2sNlH3sVYTLYy/ G6/yH17f76aeGJ6zgTivz3YsuggsqGh+DXcMc81lC/20lmXMFdS7GdJtqE3qqE0k 1Vi1GhGEXsH5ayqnUa571zA= =JtRW -----END PGP SIGNATURE----- A. Schulze (1): correct spelling errors detected by Debian lintian Alois Mahdal (1): Reflect special `DEFAULT` behavior in ciphers(1) Andy Polyakov (20): apps/s_socket.c: print only dynamically allocated port in do_server. TLSProxy/Message.pm: refine end-of-conversation detection logic. TLSProxy/Proxy.pm: refine NewSessionTicket detection. TLSProxy/Record.pm: add is_fatal_alert method. recipes/70-test_ssl{cbcpadding,extension,records}: make it work w/fragmentation. TLSProxy/Proxy.pm: preclude output intermix. apps/s_socket.c: fix memory sanitizer problem in ACCEPT printout. .travis.yml: switch to newer osx image. sha/asm/keccak1600-armv8.pl: halve the size of hw-assisted subroutine. Configure: add $target{keccak1600_asm_src}. sha/asm/keccak1600-x86_64.pl: make it work on Windows. 00-base-templates.conf: wire keccak1600-x86_64 module. 00-base-templates.conf: wire keccak1600-armv8 module. 00-base-templates.conf: wire keccak1600-s390x module. 00-base-templates.conf: wire keccak1600-ppc64 module. sha/asm/keccak1600-armv4.pl: adapt for multi-platform. 00-base-templates.conf: wire keccak1600-armv4 module. ARM assembly pack: make it work with older assembler. Configurations/10-main.conf: force no-engine on ios targets. Configurations/unix-Makefile.tmpl: harmonize with no-engine. Beat Bolli (1): Clarify the configuration module in config.pod Bernd Edlinger (8): Add a config option to disable automatic config loading Clear buffer in PEM_write_bio Ensure the thread keys are always allocated in the same order Fix building linux-armv4 with --strict-warnings Wait max. 60 seconds for s_client to connect Fix memleaks in async api Fix drbg thread cleanup and error handling Don't cleanup uninitialized thread local slots Billy Brumley (4): Elliptic curve scalar multiplication with timing attack defenses ladder description: why it works Remove superfluous NULL checks. Add Andy's BN_FLG comment. fix: BN_swap mishandles flags Davide Galassi (1): BIGNUM signed add/sub routines refactory Dr. Matthias St. Pierre (8): DRBG: fix coverity issues p5_scrypt.c: fix error check of RAND_bytes() call SSL_CTX_set_tlsext_ticket_key_cb.pod: fix error check of RAND_bytes() call openssl/ssl.h: restore some renamed public SSL_CTRL defines openssl/err.h: remove duplicate OSSL_STOREerr() a_strex.c: improve documentation of 'tag2nbyte' lookup table x509/by_dir.c: Remove dead code Fix mixed indentation (and other whitespace issues) FdaSilvaYY (3): Style: ssl.h X509: add more error codes on malloc or sk_TYP_push failure Add missing error code when alloc-return-null Kurt Roeckx (4): Document supported digest functions Add support for getrandom() or equivalent system calls and use them by default Fix usage of ossl_assert() Use the config file from the source not the host for the tests Matt Caswell (34): Ignore the status_request extension in a resumption handshake Call the info callback on all handshake done events Make sure info callback knows about all handshake start events Add a test for the info callback Update the info callback documentation for TLSv1.3 Update fingerprints.txt Fix assertion failure in SSL_set_bio() Extend the SSL_set_bio() tests Check the return from EVP_PKEY_get0_DH() Fix a memory leak in an error path Update EVP_DigestSignInit() docs Correct an ommission in the EVP_DigestSignInit docs Fix no-ec Fix ocsp app exit code Don't crash if there are no trusted certs Add a test for a NULL X509_STORE in X509_STORE_CTX_init Make sure SSL_in_init() returns 0 at SSL_CB_HANDSHAKE_DONE Test the state of SSL_in_init() from the info_callback Fix SSL_pending() for DTLS Add a test for SSL_pending() Improve backwards compat with 1.0.2 for ECDHParameters Remove some logically dead code Document when a session gets removed from cache Allow TLSv1.3 EC certs to use compressed points Don't build AFALG on android In a reneg use the same client_version we used last time Add a test to verify the ClientHello version is the same in a reneg Fix the MAX_CURVELIST definition Fix documentation for the -showcerts s_client option Fix typo in the definition of tls13_ciphers Update the *use_certificate* docs Update version docs Update copyright year Prepare for 1.1.1-pre6 release Nicola Tuveri (5): Address code style comments Pass through Move up check for EC_R_INCOMPATIBLE_OBJECTS and for the point at infinity case [SM2_sign] fix double free and return value [SM2_sign] add minimal EVP_PKEY functionality testing Peter Wu (4): Add support for logging TLS 1.3 exporter secret Add test for CLIENT_EARLY_TRAFFIC_SECRET key logging Add support for logging early exporter secret test: Remove redundant SSL_CTX_set_max_early_data Rahul Chaudhry (1): poly1305/asm/poly1305-armv4.pl: remove unintentional relocation. Rich Salz (2): Add missing malloc-return-null instance Fix last(?) batch of malloc-NULL places Richard Levitte (18): Prepare for 1.1.1-pre6-dev Don't distribute team internal config targets Enable all implemented digests Fix late opening of output file Fix openssl ca, to correctly make output file binary when using -spkac test/recipes/15-test_out_option.t: refine tests Revert "Check on VMS as well" Revert "Add VMS version of app_dirname()" Revert "Check directory is able to create files for various -out option" Better check of return values from app_isdir and app_access apps/opt.c: Remove the access checks of input and output files ms/uplink-x86.pl: close the file handle that was opened openssl rehash: exit 0 on warnings, same as c_rehash PEM_def_callback(): don't loop because of too short password given PEM_def_callback(): use same parameter names as for pem_password_cb Use get_last_sys_error() instead of get_last_rtl_error() 15-test_out_option: Refactor and don't test directory write on VMS apps/s_server.c: Avoid unused variable due to 'no-dtls' Viktor Dukhovni (1): Add missing index_index() when reloading OCSP responder ----------------------------------------------------------------------- From matt at openssl.org Tue May 1 13:04:51 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:04:51 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1525179891.101034.8782.nullmailer@dev.openssl.org> The branch master has been updated via 52717d01f543385642f385407e52b1eb35283f21 (commit) from 7d8bb2e70f7b294ba633eb550626fe2ae11c9055 (commit) - Log ----------------------------------------------------------------- commit 52717d01f543385642f385407e52b1eb35283f21 Author: Matt Caswell Date: Tue May 1 13:30:50 2018 +0100 Update newsflash for new release ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 00f1aff..202f95c 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and test it 16-Apr-2018: OpenSSL 1747 Validation not moved to historical 16-Apr-2018: Security Advisory: one low severity fix From matt at openssl.org Tue May 1 13:17:21 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:17:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525180641.927706.12458.nullmailer@dev.openssl.org> The branch master has been updated via ecd4b8fe852612bb902b8dee7ca09648fa730253 (commit) from 8a0c91d3bdf34957b022ea170ea3fa6cdde0ab85 (commit) - Log ----------------------------------------------------------------- commit ecd4b8fe852612bb902b8dee7ca09648fa730253 Author: Matt Caswell Date: Mon Apr 30 12:05:42 2018 +0100 Fix some errors and missing info in the CMS docs Fixes #5063 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6134) ----------------------------------------------------------------------- Summary of changes: doc/man1/cms.pod | 16 ++++++++-------- doc/man3/CMS_encrypt.pod | 5 ++--- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod index 7bd1b0d..d63efa6 100644 --- a/doc/man1/cms.pod +++ b/doc/man1/cms.pod @@ -394,6 +394,9 @@ When encrypting a message this option may be used multiple times to specify each recipient. This form B be used if customised parameters are required (for example to specify RSA-OAEP). +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +option. + =item B<-keyid> Use subject key identifier to identify certificates instead of issuer name and @@ -718,19 +721,16 @@ No revocation checking is done on the signer's certificate. =head1 HISTORY The use of multiple B<-signer> options and the B<-resign> command were first -added in OpenSSL 1.0.0 - -The B option was first added in OpenSSL 1.1.0 +added in OpenSSL 1.0.0. -The use of B<-recip> to specify the recipient when encrypting mail was first -added to OpenSSL 1.1.0 +The B option was first added in OpenSSL 1.0.2. -Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. +Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added -to OpenSSL 1.1.0. +to OpenSSL 1.0.2. -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The -no_alt_chains options was first added to OpenSSL 1.0.2b. =head1 COPYRIGHT diff --git a/doc/man3/CMS_encrypt.pod b/doc/man3/CMS_encrypt.pod index 8d72110..3e77758 100644 --- a/doc/man3/CMS_encrypt.pod +++ b/doc/man3/CMS_encrypt.pod @@ -19,9 +19,8 @@ B is the symmetric cipher to use. B is an optional set of flags. =head1 NOTES -Only certificates carrying RSA keys are supported so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not -have to be signed using the RSA algorithm. +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +function. EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. From matt at openssl.org Tue May 1 13:18:55 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:18:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525180735.192582.13710.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via bbb88edeb6e2654cf0fabb88a31f23bee9632b03 (commit) from 9737a38f34b49487223625a77860e957095cae13 (commit) - Log ----------------------------------------------------------------- commit bbb88edeb6e2654cf0fabb88a31f23bee9632b03 Author: Matt Caswell Date: Mon Apr 30 12:05:42 2018 +0100 Fix some errors and missing info in the CMS docs Fixes #5063 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6135) ----------------------------------------------------------------------- Summary of changes: doc/apps/cms.pod | 16 ++++++++-------- doc/crypto/CMS_encrypt.pod | 5 ++--- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 96acd31..f7dd374 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -393,6 +393,9 @@ When encrypting a message this option may be used multiple times to specify each recipient. This form B be used if customised parameters are required (for example to specify RSA-OAEP). +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +option. + =item B<-keyid> use subject key identifier to identify certificates instead of issuer name and @@ -712,19 +715,16 @@ No revocation checking is done on the signer's certificate. =head1 HISTORY The use of multiple B<-signer> options and the B<-resign> command were first -added in OpenSSL 1.0.0 - -The B option was first added in OpenSSL 1.1.0 +added in OpenSSL 1.0.0. -The use of B<-recip> to specify the recipient when encrypting mail was first -added to OpenSSL 1.1.0 +The B option was first added in OpenSSL 1.0.2 -Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. +Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added -to OpenSSL 1.1.0. +to OpenSSL 1.0.2. -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The -no_alt_chains options was first added to OpenSSL 1.0.2b. =head1 COPYRIGHT diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod index 0ed4262..f4e0a12 100644 --- a/doc/crypto/CMS_encrypt.pod +++ b/doc/crypto/CMS_encrypt.pod @@ -18,9 +18,8 @@ B is the symmetric cipher to use. B is an optional set of flags. =head1 NOTES -Only certificates carrying RSA keys are supported so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not -have to be signed using the RSA algorithm. +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +function. EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. From matt at openssl.org Tue May 1 13:21:07 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:21:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525180867.623845.15052.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via b9f0d1832ce9224d437d5c0b537b4e4004adafb7 (commit) from 85032506d6ac917130db3dfb7ecb76f4bfaa137e (commit) - Log ----------------------------------------------------------------- commit b9f0d1832ce9224d437d5c0b537b4e4004adafb7 Author: Matt Caswell Date: Mon Apr 30 12:05:42 2018 +0100 Fix some errors and missing info in the CMS docs Fixes #5063 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6136) ----------------------------------------------------------------------- Summary of changes: doc/apps/cms.pod | 14 +++++++------- doc/crypto/CMS_encrypt.pod | 5 ++--- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 4a7783d..dd6ae6e 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -335,6 +335,9 @@ When encrypting a message this option may be used multiple times to specify each recipient. This form B be used if customised parameters are required (for example to specify RSA-OAEP). +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +option. + =item B<-keyid> use subject key identifier to identify certificates instead of issuer name and @@ -648,17 +651,14 @@ No revocation checking is done on the signer's certificate. =head1 HISTORY The use of multiple B<-signer> options and the B<-resign> command were first -added in OpenSSL 1.0.0 - -The B option was first added in OpenSSL 1.1.0 +added in OpenSSL 1.0.0. -The use of B<-recip> to specify the recipient when encrypting mail was first -added to OpenSSL 1.1.0 +The B option was first added in OpenSSL 1.0.2. -Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. +Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added -to OpenSSL 1.1.0. +to OpenSSL 1.0.2. The -no_alt_chains options was first added to OpenSSL 1.0.2b. diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod index 1ee5b27..88e44d4 100644 --- a/doc/crypto/CMS_encrypt.pod +++ b/doc/crypto/CMS_encrypt.pod @@ -18,9 +18,8 @@ B is the symmetric cipher to use. B is an optional set of flags. =head1 NOTES -Only certificates carrying RSA keys are supported so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not -have to be signed using the RSA algorithm. +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +function. EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. From matt at openssl.org Tue May 1 13:23:54 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:23:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525181034.884689.16270.nullmailer@dev.openssl.org> The branch master has been updated via 3a070e255f412dcc8cb4b6d7ebcdd2c4ab0927b1 (commit) from ecd4b8fe852612bb902b8dee7ca09648fa730253 (commit) - Log ----------------------------------------------------------------- commit 3a070e255f412dcc8cb4b6d7ebcdd2c4ab0927b1 Author: Matt Caswell Date: Mon Apr 30 15:05:45 2018 +0100 Clarify BN_mod_exp docs Specifically this is not supported with an even modulus and BN_FLG_CONSTTIME. Fixes #5082 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6137) ----------------------------------------------------------------------- Summary of changes: doc/man3/BN_add.pod | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod index 98f2970..88a0117 100644 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -92,7 +92,9 @@ BN_exp() raises I to the I

-th power and places the result in I BN_mul(). BN_mod_exp() computes I to the I

-th power modulo I (C). This function uses less time and space than BN_exp(). +m>). This function uses less time and space than BN_exp(). Do not call this +function when B is even and any of the parameters have the +B flag set. BN_gcd() computes the greatest common divisor of I and I and places the result in I. I may be the same B as I or From no-reply at appveyor.com Tue May 1 13:24:50 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 May 2018 13:24:50 +0000 Subject: [openssl-commits] Build failed: openssl master.17704 Message-ID: <20180501132450.1.6DBD02FCCCF875E8@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Tue May 1 13:25:55 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:25:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525181155.700815.17638.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 966b3df182b9c8644c154f1c3e686027d37acb05 (commit) from bbb88edeb6e2654cf0fabb88a31f23bee9632b03 (commit) - Log ----------------------------------------------------------------- commit 966b3df182b9c8644c154f1c3e686027d37acb05 Author: Matt Caswell Date: Mon Apr 30 15:05:45 2018 +0100 Clarify BN_mod_exp docs Specifically this is not supported with an even modulus and BN_FLG_CONSTTIME. Fixes #5082 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6138) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_add.pod | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod index db3b0d4..418a6d7 100644 --- a/doc/crypto/BN_add.pod +++ b/doc/crypto/BN_add.pod @@ -92,7 +92,9 @@ BN_exp() raises I to the I

-th power and places the result in I BN_mul(). BN_mod_exp() computes I to the I

-th power modulo I (C). This function uses less time and space than BN_exp(). +m>). This function uses less time and space than BN_exp(). Do not call this +function when B is even and any of the parameters have the +B flag set. BN_gcd() computes the greatest common divisor of I and I and places the result in I. I may be the same B as I or From matt at openssl.org Tue May 1 13:26:18 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 13:26:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525181178.718407.18587.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via a96022b3c4d159d1b14f54bd6811fd97a52df636 (commit) from b9f0d1832ce9224d437d5c0b537b4e4004adafb7 (commit) - Log ----------------------------------------------------------------- commit a96022b3c4d159d1b14f54bd6811fd97a52df636 Author: Matt Caswell Date: Mon Apr 30 15:05:45 2018 +0100 Clarify BN_mod_exp docs Specifically this is not supported with an even modulus and BN_FLG_CONSTTIME. Fixes #5082 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6138) (cherry picked from commit 966b3df182b9c8644c154f1c3e686027d37acb05) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_add.pod | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod index 88c7a79..02e5486 100644 --- a/doc/crypto/BN_add.pod +++ b/doc/crypto/BN_add.pod @@ -91,7 +91,9 @@ BN_exp() raises I to the I

-th power and places the result in I BN_mul(). BN_mod_exp() computes I to the I

-th power modulo I (C). This function uses less time and space than BN_exp(). +m>). This function uses less time and space than BN_exp(). Do not call this +function when B is even and any of the parameters have the +B flag set. BN_gcd() computes the greatest common divisor of I and I and places the result in I. I may be the same B as I or From matt at openssl.org Tue May 1 14:07:39 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 14:07:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525183659.558712.28099.nullmailer@dev.openssl.org> The branch master has been updated via 5b748dea5dc6161d4a66d7804c580ec14e545ff7 (commit) from 3a070e255f412dcc8cb4b6d7ebcdd2c4ab0927b1 (commit) - Log ----------------------------------------------------------------- commit 5b748dea5dc6161d4a66d7804c580ec14e545ff7 Author: Matt Caswell Date: Mon Apr 30 15:59:51 2018 +0100 Add getter for X509_VERIFY_PARAM_get_hostflags Fixes #5061 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6139) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vpm.c | 5 +++++ doc/man3/X509_VERIFY_PARAM_set_flags.pod | 12 +++++++++++- include/openssl/x509_vfy.h | 1 + util/libcrypto.num | 1 + 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 67e9996..e860afd 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -393,6 +393,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, param->hostflags = flags; } +unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param) +{ + return param->hostflags; +} + char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) { return param->peername; diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 825f760..d317fa8 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -11,7 +11,9 @@ X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, -X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, +X509_VERIFY_PARAM_set_hostflags, +X509_VERIFY_PARAM_get_hostflags, +X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters @@ -54,6 +56,7 @@ X509_VERIFY_PARAM_set1_ip_asc const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); + unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); @@ -139,6 +142,9 @@ calling L, hostname checks are out of scope with the DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE support is added to OpenSSL. +X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a +call to X509_VERIFY_PARAM_set_hostflags(). + X509_VERIFY_PARAM_add1_host() adds B as an additional reference identifier that can match the peer's certificate. Any previous names set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host() @@ -186,6 +192,8 @@ failure. X509_VERIFY_PARAM_get_flags() returns the current verification flags. +X509_VERIFY_PARAM_get_hostflags() returns any current host flags. + X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags. X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return @@ -349,6 +357,8 @@ The B flag was added in OpenSSL 1.1.0 The flag B was deprecated in OpenSSL 1.1.0, and has no effect. +X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i. + =head1 COPYRIGHT Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 1414781..cede60e 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -479,6 +479,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, diff --git a/util/libcrypto.num b/util/libcrypto.num index e87c4b7..6e7f635 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4527,3 +4527,4 @@ SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION:SM2 conf_ssl_name_find 4469 1_1_0i EXIST::FUNCTION: conf_ssl_get_cmd 4470 1_1_0i EXIST::FUNCTION: conf_ssl_get 4471 1_1_0i EXIST::FUNCTION: +X509_VERIFY_PARAM_get_hostflags 4472 1_1_0i EXIST::FUNCTION: From matt at openssl.org Tue May 1 14:09:27 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 May 2018 14:09:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525183767.172994.29552.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 14e55560cf9ee85f0b7816ba2b41ff1755b68e15 (commit) from 966b3df182b9c8644c154f1c3e686027d37acb05 (commit) - Log ----------------------------------------------------------------- commit 14e55560cf9ee85f0b7816ba2b41ff1755b68e15 Author: Matt Caswell Date: Mon Apr 30 15:59:51 2018 +0100 Add getter for X509_VERIFY_PARAM_get_hostflags Fixes #5061 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6140) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vpm.c | 5 +++++ doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 12 +++++++++++- include/openssl/x509_vfy.h | 1 + util/libcrypto.num | 1 + 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index b506722..04a5164 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -412,6 +412,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, param->hostflags = flags; } +unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param) +{ + return param->hostflags; +} + char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) { return param->peername; diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 5263fac..df149f4 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -11,7 +11,9 @@ X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, -X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, +X509_VERIFY_PARAM_set_hostflags, +X509_VERIFY_PARAM_get_hostflags, +X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters @@ -54,6 +56,7 @@ X509_VERIFY_PARAM_set1_ip_asc const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); + unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); @@ -139,6 +142,9 @@ calling L, hostname checks are out of scope with the DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE support is added to OpenSSL. +X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a +call to X509_VERIFY_PARAM_set_hostflags(). + X509_VERIFY_PARAM_add1_host() adds B as an additional reference identifier that can match the peer's certificate. Any previous names set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host() @@ -186,6 +192,8 @@ failure. X509_VERIFY_PARAM_get_flags() returns the current verification flags. +X509_VERIFY_PARAM_get_hostflags() returns any current host flags. + X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags. X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return @@ -347,6 +355,8 @@ The B flag was added in OpenSSL 1.1.0 The legacy B flag is deprecated as of OpenSSL 1.1.0, and has no effect. +X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i. + =head1 COPYRIGHT Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 1aa0a33..aaaf7b5 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -475,6 +475,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); +unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, diff --git a/util/libcrypto.num b/util/libcrypto.num index 461bd8a..49ba8d7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4237,3 +4237,4 @@ X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: conf_ssl_name_find 4469 1_1_0i EXIST::FUNCTION: conf_ssl_get_cmd 4470 1_1_0i EXIST::FUNCTION: conf_ssl_get 4471 1_1_0i EXIST::FUNCTION: +X509_VERIFY_PARAM_get_hostflags 4472 1_1_0i EXIST::FUNCTION: From bernd.edlinger at hotmail.de Tue May 1 15:34:28 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 01 May 2018 15:34:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525188868.666388.13163.nullmailer@dev.openssl.org> The branch master has been updated via 0e5c1a66f7911352a4db3bda2293b91858b9f33c (commit) from 5b748dea5dc6161d4a66d7804c580ec14e545ff7 (commit) - Log ----------------------------------------------------------------- commit 0e5c1a66f7911352a4db3bda2293b91858b9f33c Author: Bernd Edlinger Date: Sat Apr 28 20:35:54 2018 +0200 Improve error handling in rand_init function Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6124) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_lib.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 5ae51a1..8a657c5 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -310,19 +310,31 @@ void rand_fork() DEFINE_RUN_ONCE_STATIC(do_rand_init) { - int ret = 1; - #ifndef OPENSSL_NO_ENGINE rand_engine_lock = CRYPTO_THREAD_lock_new(); - ret &= rand_engine_lock != NULL; + if (rand_engine_lock == NULL) + return 0; #endif + rand_meth_lock = CRYPTO_THREAD_lock_new(); - ret &= rand_meth_lock != NULL; + if (rand_meth_lock == NULL) + goto err1; rand_nonce_lock = CRYPTO_THREAD_lock_new(); - ret &= rand_meth_lock != NULL; + if (rand_nonce_lock == NULL) + goto err2; - return ret; + return 1; + +err2: + CRYPTO_THREAD_lock_free(rand_meth_lock); + rand_meth_lock = NULL; +err1: +#ifndef OPENSSL_NO_ENGINE + CRYPTO_THREAD_lock_free(rand_engine_lock); + rand_engine_lock = NULL; +#endif + return 0; } void rand_cleanup_int(void) @@ -334,9 +346,12 @@ void rand_cleanup_int(void) RAND_set_rand_method(NULL); #ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); + rand_engine_lock = NULL; #endif CRYPTO_THREAD_lock_free(rand_meth_lock); + rand_meth_lock = NULL; CRYPTO_THREAD_lock_free(rand_nonce_lock); + rand_nonce_lock = NULL; } /* From kaduk at mit.edu Tue May 1 16:32:16 2018 From: kaduk at mit.edu (kaduk at mit.edu) Date: Tue, 01 May 2018 16:32:16 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525192336.690708.24202.nullmailer@dev.openssl.org> The branch master has been updated via c4fa1f7fc016919a5b3d4ea2aa66c77e0cc40c9d (commit) from 0e5c1a66f7911352a4db3bda2293b91858b9f33c (commit) - Log ----------------------------------------------------------------- commit c4fa1f7fc016919a5b3d4ea2aa66c77e0cc40c9d Author: Benjamin Kaduk Date: Mon Apr 16 07:32:02 2018 -0500 Fix regression with session cache use by clients Commit d316cdcf6d8d6934663278145fe0a8191e14a8c5 introduced some extra checks into the session-cache update procedure, intended to prevent the caching of sessions whose resumption would lead to a handshake failure, since if the server is authenticating the client, there needs to be an application-set "session id context" to match up to the authentication context. While that change is effective for its stated purpose, there was also some collatoral damage introduced along with the fix -- clients that set SSL_VERIFY_PEER are not expected to set an sid_ctx, and so their usage of session caching was erroneously denied. Fix the scope of the original commit by limiting it to only acting when the SSL is a server SSL. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5967) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1e24f84..2a57831 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3336,12 +3336,13 @@ void ssl_update_cache(SSL *s, int mode) /* * If sid_ctx_length is 0 there is no specific application context * associated with this session, so when we try to resume it and - * SSL_VERIFY_PEER is requested, we have no indication that this is - * actually a session for the proper application context, and the - * *handshake* will fail, not just the resumption attempt. - * Do not cache these sessions that are not resumable. + * SSL_VERIFY_PEER is requested to verify the client identity, we have no + * indication that this is actually a session for the proper application + * context, and the *handshake* will fail, not just the resumption attempt. + * Do not cache (on the server) these sessions that are not resumable + * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set). */ - if (s->session->sid_ctx_length == 0 + if (s->server && s->session->sid_ctx_length == 0 && (s->verify_mode & SSL_VERIFY_PEER) != 0) return; From kaduk at mit.edu Tue May 1 16:40:52 2018 From: kaduk at mit.edu (kaduk at mit.edu) Date: Tue, 01 May 2018 16:40:52 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525192852.473458.27047.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via bf87bf45f181fa130af27739f5c38aba88f88cfd (commit) from 14e55560cf9ee85f0b7816ba2b41ff1755b68e15 (commit) - Log ----------------------------------------------------------------- commit bf87bf45f181fa130af27739f5c38aba88f88cfd Author: Benjamin Kaduk Date: Mon Apr 16 07:32:02 2018 -0500 Fix regression with session cache use by clients Commit d316cdcf6d8d6934663278145fe0a8191e14a8c5 introduced some extra checks into the session-cache update procedure, intended to prevent the caching of sessions whose resumption would lead to a handshake failure, since if the server is authenticating the client, there needs to be an application-set "session id context" to match up to the authentication context. While that change is effective for its stated purpose, there was also some collatoral damage introduced along with the fix -- clients that set SSL_VERIFY_PEER are not expected to set an sid_ctx, and so their usage of session caching was erroneously denied. Fix the scope of the original commit by limiting it to only acting when the SSL is a server SSL. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5967) (cherry picked from commit c4fa1f7fc016919a5b3d4ea2aa66c77e0cc40c9d) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a1a514f..543a46c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3035,12 +3035,13 @@ void ssl_update_cache(SSL *s, int mode) /* * If sid_ctx_length is 0 there is no specific application context * associated with this session, so when we try to resume it and - * SSL_VERIFY_PEER is requested, we have no indication that this is - * actually a session for the proper application context, and the - * *handshake* will fail, not just the resumption attempt. - * Do not cache these sessions that are not resumable. + * SSL_VERIFY_PEER is requested to verify the client identity, we have no + * indication that this is actually a session for the proper application + * context, and the *handshake* will fail, not just the resumption attempt. + * Do not cache (on the server) these sessions that are not resumable + * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set). */ - if (s->session->sid_ctx_length == 0 + if (s->server && s->session->sid_ctx_length == 0 && (s->verify_mode & SSL_VERIFY_PEER) != 0) return; From levitte at openssl.org Wed May 2 06:38:44 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 May 2018 06:38:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525243124.557390.11914.nullmailer@dev.openssl.org> The branch master has been updated via aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1 (commit) from c4fa1f7fc016919a5b3d4ea2aa66c77e0cc40c9d (commit) - Log ----------------------------------------------------------------- commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1 Author: Pavel Kopyl Date: Fri Nov 3 18:18:59 2017 +0300 Fix memory leaks in CA related functions. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/4700) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 5 ++++- apps/verify.c | 1 + crypto/conf/conf_api.c | 4 +++- crypto/engine/eng_lib.c | 6 ++++-- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index ea774ad..afc5e34 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -934,10 +934,13 @@ end_of_options: if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto end; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto end; } } diff --git a/apps/verify.c b/apps/verify.c index 5ad6ef4..38377a5 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -225,6 +225,7 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { + X509_STORE_CTX_free(csc); printf("error %s: X.509 store context initialization failed\n", (file == NULL) ? "stdin" : file); goto end; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index ade5483..9606b7f 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -204,12 +204,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) v->value = (char *)sk; vv = lh_CONF_VALUE_insert(conf->data, v); - if (vv != NULL) + if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0) goto err; return v; err: sk_CONF_VALUE_free(sk); + if (v != NULL) + OPENSSL_free(v->section); OPENSSL_free(v); return NULL; } diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 95736ed..9028319 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -154,8 +154,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) + OPENSSL_free(item); + } } /* The API function that performs all cleanup */ From matt at openssl.org Wed May 2 07:50:38 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 May 2018 07:50:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525247438.358833.23027.nullmailer@dev.openssl.org> The branch master has been updated via 6299c7a4020294582d9424cb8aaf439d2ff0da94 (commit) from aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1 (commit) - Log ----------------------------------------------------------------- commit 6299c7a4020294582d9424cb8aaf439d2ff0da94 Author: Matt Caswell Date: Tue May 1 11:46:58 2018 +0100 Add a note about Nagle's algorithm on the SSL_connect man page Fixes #4237 Reviewed-by: Rich Salz Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/6143) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_connect.pod | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/doc/man3/SSL_connect.pod b/doc/man3/SSL_connect.pod index 1f054d6..5c9eff8 100644 --- a/doc/man3/SSL_connect.pod +++ b/doc/man3/SSL_connect.pod @@ -35,6 +35,21 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing TCP data if a TCP packet has already been sent for which no +corresponding ACK has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an ACK has +been received for the final handshake message. + +The B socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function BIO_set_tcp_ndelay() can be used to turn on or off the B +option. + =head1 RETURN VALUES The following return values can occur: From levitte at openssl.org Wed May 2 08:18:39 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 May 2018 08:18:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525249119.516645.29417.nullmailer@dev.openssl.org> The branch master has been updated via 6ebb49f3f9c9333611192561979bb799fa1eb76d (commit) from 6299c7a4020294582d9424cb8aaf439d2ff0da94 (commit) - Log ----------------------------------------------------------------- commit 6ebb49f3f9c9333611192561979bb799fa1eb76d Author: Richard Levitte Date: Wed May 2 06:24:20 2018 +0200 Change rand_pool_bytes_needed to handle less entropy than 1 per 8 bits rand_pool_bytes_needed() was constructed in such a way that the smallest acceptable entropy factor was 1 entropy bits per 8 bits of data. At the same time, we have a DRBG_MINMAX_FACTOR that allows weaker source, as small as 1 bit of entropy per 128 bits of data. The conclusion is that rand_pool_bytes_needed() needs to change to support weaker entropy sources. We therefore change the input of entropy per byte to be an entropy factor instead. This entropy factor expresses how many bits of data it takes (on average) to get 1 bit of entropy. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6150) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/rand_int.h | 3 ++- crypto/rand/rand_lib.c | 20 ++++++++++---------- crypto/rand/rand_unix.c | 10 +++++----- crypto/rand/rand_vms.c | 13 ++++++++----- crypto/rand/rand_win.c | 6 +++--- 5 files changed, 28 insertions(+), 24 deletions(-) diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index cf82e4a..daec926 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -63,7 +63,8 @@ size_t rand_pool_length(RAND_POOL *pool); size_t rand_pool_entropy_available(RAND_POOL *pool); size_t rand_pool_entropy_needed(RAND_POOL *pool); -size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte); +/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */ +size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor); size_t rand_pool_bytes_remaining(RAND_POOL *pool); int rand_pool_add(RAND_POOL *pool, diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 8a657c5..050c9d2 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -87,7 +87,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) size_t bytes_needed; unsigned char *buffer; - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); if (bytes_needed > 0) { buffer = rand_pool_add_begin(pool, bytes_needed); @@ -158,7 +158,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, } if (drbg->parent) { - size_t bytes_needed = rand_pool_bytes_needed(pool, 8); + size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { @@ -488,11 +488,11 @@ unsigned char *rand_pool_detach(RAND_POOL *pool) /* - * If every byte of the input contains |entropy_per_bytes| bits of entropy, - * how many bytes does one need to obtain at least |bits| bits of entropy? + * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one + * need to obtain at least |bits| bits of entropy? */ -#define ENTROPY_TO_BYTES(bits, entropy_per_bytes) \ - (((bits) + ((entropy_per_bytes) - 1))/(entropy_per_bytes)) +#define ENTROPY_TO_BYTES(bits, entropy_factor) \ + (((bits) * (entropy_factor) + 7) / 8) /* @@ -529,21 +529,21 @@ size_t rand_pool_entropy_needed(RAND_POOL *pool) /* * Returns the number of bytes needed to fill the pool, assuming - * the input has 'entropy_per_byte' entropy bits per byte. + * the input has 1 / |entropy_factor| entropy bits per data bit. * In case of an error, 0 is returned. */ -size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte) +size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor) { size_t bytes_needed; size_t entropy_needed = rand_pool_entropy_needed(pool); - if (entropy_per_byte < 1 || entropy_per_byte > 8) { + if (entropy_factor < 1) { RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE); return 0; } - bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_per_byte); + bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor); if (bytes_needed > pool->max_len - pool->len) { /* not enough space left */ diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 9b6971c..1f0084d 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -124,7 +124,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) extern void s$sleep2(long long *_duration, short int *_code); # endif - bytes_needed = rand_pool_bytes_needed(pool, 2 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/); for (i = 0; i < bytes_needed; i++) { /* @@ -278,7 +278,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) unsigned char *buffer; # ifdef OPENSSL_RAND_SEED_GETRANDOM - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; @@ -300,7 +300,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif # ifdef OPENSSL_RAND_SEED_DEVRANDOM - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); if (bytes_needed > 0) { static const char *paths[] = { DEVRANDOM, NULL }; FILE *fp; @@ -323,7 +323,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) if (entropy_available > 0) return entropy_available; - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); } } # endif @@ -341,7 +341,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif # ifdef OPENSSL_RAND_SEED_EGD - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); if (bytes_needed > 0) { static const char *paths[] = { DEVRANDOM_EGD, NULL }; int i; diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index c50b4b2..5561abc 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -58,10 +58,12 @@ static struct items_data_st { }; /* - * We assume there we get about 4 bits of entropy per byte from the items - * above, with a bit of scrambling added rand_pool_acquire_entropy() + * This number expresses how many bits of data contain 1 bit of entropy. + * + * For the moment, we assume about 0.5 entropy bits per data bit, or 1 + * bit of entropy per 2 data bits. */ -#define ENTROPY_BITS_PER_BYTE 4 +#define ENTROPY_FACTOR 2 size_t rand_pool_acquire_entropy(RAND_POOL *pool) { @@ -83,7 +85,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) size_t i, j ; size_t tmp_length = 0; size_t total_length = 0; - size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_BITS_PER_BYTE); + size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_FACTOR); size_t bytes_remaining = rand_pool_bytes_remaining(pool); /* Setup itemlist for GETJPI */ @@ -149,8 +151,9 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) if (total_length > bytes_remaining) total_length = bytes_remaining; + /* We give the pessimistic value for the amount of entropy */ rand_pool_add(pool, (PTR_T)data_buffer, total_length, - total_length * ENTROPY_BITS_PER_BYTE); + total_length / ENTROPY_FACTOR); return rand_pool_entropy_available(pool); } diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 1d44204..f2059eb 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -62,7 +62,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif # ifdef USE_BCRYPTGENRANDOM - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; @@ -76,7 +76,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) if (entropy_available > 0) return entropy_available; # else - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; @@ -95,7 +95,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) if (entropy_available > 0) return entropy_available; - bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { size_t bytes = 0; From no-reply at appveyor.com Wed May 2 13:17:53 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 May 2018 13:17:53 +0000 Subject: [openssl-commits] Build failed: openssl master.17746 Message-ID: <20180502131753.1.E6C9BCA0F1AC1E4C@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed May 2 13:29:44 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 May 2018 13:29:44 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.17747 Message-ID: <20180502132944.1.B7B187A81E955CA3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed May 2 14:16:23 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 May 2018 14:16:23 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.17748 Message-ID: <20180502141623.1.A3985811AAA700F5@appveyor.com> An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Wed May 2 18:37:03 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 02 May 2018 18:37:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525286223.285653.21975.nullmailer@dev.openssl.org> The branch master has been updated via c6718437709108b4bcb784d774fb3df124df48e5 (commit) from 6ebb49f3f9c9333611192561979bb799fa1eb76d (commit) - Log ----------------------------------------------------------------- commit c6718437709108b4bcb784d774fb3df124df48e5 Author: Dr. Matthias St. Pierre Date: Thu Apr 26 20:36:41 2018 +0200 a_strex.c: prevent out of bound read in do_buf() which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*(). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6105) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_strex.c | 25 +++++++++++++++++++++++-- crypto/asn1/asn1_err.c | 1 + crypto/err/openssl.txt | 1 + include/openssl/asn1err.h | 1 + 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 1d34f56..6a67bc8 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -139,7 +139,7 @@ static int do_buf(unsigned char *buf, int buflen, int type, unsigned short flags, char *quotes, char_io *io_ch, void *arg) { - int i, outlen, len; + int i, outlen, len, charwidth; unsigned short orflags; unsigned char *p, *q; unsigned long c; @@ -147,12 +147,32 @@ static int do_buf(unsigned char *buf, int buflen, p = buf; q = buf + buflen; outlen = 0; + charwidth = type & BUF_TYPE_WIDTH_MASK; + + switch (charwidth) { + case 4: + if (buflen & 3) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + break; + case 2: + if (buflen & 1) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + break; + default: + break; + } + while (p != q) { if (p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; else orflags = 0; - switch (type & BUF_TYPE_WIDTH_MASK) { + + switch (charwidth) { case 4: c = ((unsigned long)*p++) << 24; c |= ((unsigned long)*p++) << 16; @@ -173,6 +193,7 @@ static int do_buf(unsigned char *buf, int buflen, i = UTF8_getc(p, buflen, &c); if (i < 0) return -1; /* Invalid UTF8String */ + buflen -= i; p += i; break; default: diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 751d441..22bf06f 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -109,6 +109,7 @@ static const ERR_STRING_DATA ASN1_str_functs[] = { "d2i_AutoPrivateKey"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_BUF, 0), "do_buf"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"}, diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 155a8f3..209bd0d 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -82,6 +82,7 @@ ASN1_F_D2I_ASN1_UINTEGER:150:d2i_ASN1_UINTEGER ASN1_F_D2I_AUTOPRIVATEKEY:207:d2i_AutoPrivateKey ASN1_F_D2I_PRIVATEKEY:154:d2i_PrivateKey ASN1_F_D2I_PUBLICKEY:155:d2i_PublicKey +ASN1_F_DO_BUF:142:do_buf ASN1_F_DO_CREATE:124:do_create ASN1_F_DO_DUMP:125:do_dump ASN1_F_DO_TCREATE:222:do_tcreate diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index 9697898..048a737 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -95,6 +95,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_D2I_AUTOPRIVATEKEY 207 # define ASN1_F_D2I_PRIVATEKEY 154 # define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 # define ASN1_F_DO_CREATE 124 # define ASN1_F_DO_DUMP 125 # define ASN1_F_DO_TCREATE 222 From matthias.st.pierre at ncp-e.com Wed May 2 18:39:02 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 02 May 2018 18:39:02 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525286342.658697.23110.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via ebdeeb363f03848cea5028e63c6be294a34a8426 (commit) from bf87bf45f181fa130af27739f5c38aba88f88cfd (commit) - Log ----------------------------------------------------------------- commit ebdeeb363f03848cea5028e63c6be294a34a8426 Author: Dr. Matthias St. Pierre Date: Thu Apr 26 20:36:41 2018 +0200 a_strex.c: prevent out of bound read in do_buf() which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*(). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6117) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_strex.c | 25 +++++++++++++++++++++++-- crypto/asn1/asn1_err.c | 1 + include/openssl/asn1.h | 1 + 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index b91266b..75bc431 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -139,7 +139,7 @@ static int do_buf(unsigned char *buf, int buflen, int type, unsigned short flags, char *quotes, char_io *io_ch, void *arg) { - int i, outlen, len; + int i, outlen, len, charwidth; unsigned short orflags; unsigned char *p, *q; unsigned long c; @@ -147,12 +147,32 @@ static int do_buf(unsigned char *buf, int buflen, p = buf; q = buf + buflen; outlen = 0; + charwidth = type & BUF_TYPE_WIDTH_MASK; + + switch (charwidth) { + case 4: + if (buflen & 3) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + break; + case 2: + if (buflen & 1) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + break; + default: + break; + } + while (p != q) { if (p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; else orflags = 0; - switch (type & BUF_TYPE_WIDTH_MASK) { + + switch (charwidth) { case 4: c = ((unsigned long)*p++) << 24; c |= ((unsigned long)*p++) << 16; @@ -173,6 +193,7 @@ static int do_buf(unsigned char *buf, int buflen, i = UTF8_getc(p, buflen, &c); if (i < 0) return -1; /* Invalid UTF8String */ + buflen -= i; p += i; break; default: diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 8602c40..7068c0c 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -92,6 +92,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, + {ERR_FUNC(ASN1_F_DO_BUF), "do_buf"}, {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 05ae1db..88e6469 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -953,6 +953,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_D2I_AUTOPRIVATEKEY 207 # define ASN1_F_D2I_PRIVATEKEY 154 # define ASN1_F_D2I_PUBLICKEY 155 +# define ASN1_F_DO_BUF 142 # define ASN1_F_DO_TCREATE 222 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 # define ASN1_F_I2D_DSA_PUBKEY 161 From matthias.st.pierre at ncp-e.com Wed May 2 18:40:07 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 02 May 2018 18:40:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525286407.859022.24043.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 7e6c0f56e65af0727d87615342df1272cd017e9f (commit) from a96022b3c4d159d1b14f54bd6811fd97a52df636 (commit) - Log ----------------------------------------------------------------- commit 7e6c0f56e65af0727d87615342df1272cd017e9f Author: Dr. Matthias St. Pierre Date: Thu Apr 26 20:36:41 2018 +0200 a_strex.c: prevent out of bound read in do_buf() which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*(). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6118) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_strex.c | 25 +++++++++++++++++++++++-- crypto/asn1/asn1.h | 6 ++++-- crypto/asn1/asn1_err.c | 1 + 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 95f0416..65f47a7 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen, int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) { - int i, outlen, len; + int i, outlen, len, charwidth; unsigned char orflags, *p, *q; unsigned long c; p = buf; q = buf + buflen; outlen = 0; + charwidth = type & BUF_TYPE_WIDTH_MASK; + + switch (charwidth) { + case 4: + if (buflen & 3) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + break; + case 2: + if (buflen & 1) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + break; + default: + break; + } + while (p != q) { if (p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; else orflags = 0; - switch (type & BUF_TYPE_WIDTH_MASK) { + + switch (charwidth) { case 4: c = ((unsigned long)*p++) << 24; c |= ((unsigned long)*p++) << 16; @@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen, i = UTF8_getc(p, buflen, &c); if (i < 0) return -1; /* Invalid UTF8String */ + buflen -= i; p += i; break; default: diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 35a2b2a..256c531 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out); * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ + void ERR_load_ASN1_strings(void); /* Error codes for the ASN1 functions. */ @@ -1264,6 +1265,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_D2I_X509 156 # define ASN1_F_D2I_X509_CINF 157 # define ASN1_F_D2I_X509_PKEY 159 +# define ASN1_F_DO_BUF 221 # define ASN1_F_I2D_ASN1_BIO_STREAM 211 # define ASN1_F_I2D_ASN1_SET 188 # define ASN1_F_I2D_ASN1_TIME 160 @@ -1414,7 +1416,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_WRONG_TAG 168 # define ASN1_R_WRONG_TYPE 169 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index cfc1512..c144180 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -166,6 +166,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, + {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, From appro at openssl.org Wed May 2 19:47:27 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 02 May 2018 19:47:27 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525290447.437502.4722.nullmailer@dev.openssl.org> The branch master has been updated via 48bc0d99af6df9919ddbe71e4bc6d8690e9b5174 (commit) from c6718437709108b4bcb784d774fb3df124df48e5 (commit) - Log ----------------------------------------------------------------- commit 48bc0d99af6df9919ddbe71e4bc6d8690e9b5174 Author: FdaSilvaYY Date: Mon Nov 28 23:36:50 2016 +0100 apps/speed.c: merge parameters defining EC curves to test ... ... and unify 'bits' declarations and printing format. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6132) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 118 +++++++++++++++++++++++++++-------------------------------- 1 file changed, 54 insertions(+), 64 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 66271fd..a9da7f3 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -221,7 +221,7 @@ static int run_benchmark(int async_jobs, int (*loop_function) (void *), static double Time_F(int s); static void print_message(const char *s, long num, int length, int tm); static void pkey_print_message(const char *str, const char *str2, - long num, int bits, int sec); + long num, unsigned int bits, int sec); static void print_result(int alg, int run_no, int count, double time_used); #ifndef NO_FORK static int do_multi(int multi, int size_num); @@ -1369,39 +1369,33 @@ int speed_main(int argc, char **argv) * add tests over more curves, simply add the curve NID and curve name to * the following arrays and increase the EC_NUM value accordingly. */ - static const unsigned int test_curves[EC_NUM] = { + static const struct { + const char *name; + unsigned int nid; + unsigned int bits; + } test_curves[] = { /* Prime Curves */ - NID_secp160r1, NID_X9_62_prime192v1, NID_secp224r1, - NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, + {"secp160r1", NID_secp160r1, 160}, + {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, /* Binary Curves */ - NID_sect163k1, NID_sect233k1, NID_sect283k1, - NID_sect409k1, NID_sect571k1, NID_sect163r2, - NID_sect233r1, NID_sect283r1, NID_sect409r1, - NID_sect571r1, + {"nistk163", NID_sect163k1, 163}, + {"nistk233", NID_sect233k1, 233}, + {"nistk283", NID_sect283k1, 283}, + {"nistk409", NID_sect409k1, 409}, + {"nistk571", NID_sect571k1, 571}, + {"nistb163", NID_sect163r2, 163}, + {"nistb233", NID_sect233r1, 233}, + {"nistb283", NID_sect283r1, 283}, + {"nistb409", NID_sect409r1, 409}, + {"nistb571", NID_sect571r1, 571}, /* Other */ - NID_X25519, NID_X448 + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} }; - static const char *test_curves_names[EC_NUM] = { - /* Prime Curves */ - "secp160r1", "nistp192", "nistp224", - "nistp256", "nistp384", "nistp521", - /* Binary Curves */ - "nistk163", "nistk233", "nistk283", - "nistk409", "nistk571", "nistb163", - "nistb233", "nistb283", "nistb409", - "nistb571", - /* Other */ - "X25519", "X448" - }; - static const int test_curves_bits[EC_NUM] = { - 160, 192, 224, - 256, 384, 521, - 163, 233, 283, - 409, 571, 163, - 233, 283, 409, - 571, 253, 448 - }; - int ecdsa_doit[EC_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; #endif /* ndef OPENSSL_NO_EC */ @@ -2512,7 +2506,7 @@ int speed_main(int argc, char **argv) d = Time_F(STOP); BIO_printf(bio_err, mr ? "+R1:%ld:%d:%.2f\n" - : "%ld %d bit private RSA's in %.2fs\n", + : "%ld %u bits private RSA's in %.2fs\n", count, rsa_bits[testnum], d); rsa_results[testnum][0] = (double)count / d; rsa_count = count; @@ -2538,7 +2532,7 @@ int speed_main(int argc, char **argv) d = Time_F(STOP); BIO_printf(bio_err, mr ? "+R2:%ld:%d:%.2f\n" - : "%ld %d bit public RSA's in %.2fs\n", + : "%ld %u bits public RSA's in %.2fs\n", count, rsa_bits[testnum], d); rsa_results[testnum][1] = (double)count / d; } @@ -2581,8 +2575,8 @@ int speed_main(int argc, char **argv) count = run_benchmark(async_jobs, DSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R3:%ld:%d:%.2f\n" - : "%ld %d bit DSA signs in %.2fs\n", + mr ? "+R3:%ld:%u:%.2f\n" + : "%ld %u bits DSA signs in %.2fs\n", count, dsa_bits[testnum], d); dsa_results[testnum][0] = (double)count / d; rsa_count = count; @@ -2607,8 +2601,8 @@ int speed_main(int argc, char **argv) count = run_benchmark(async_jobs, DSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R4:%ld:%d:%.2f\n" - : "%ld %d bit DSA verify in %.2fs\n", + mr ? "+R4:%ld:%u:%.2f\n" + : "%ld %u bits DSA verify in %.2fs\n", count, dsa_bits[testnum], d); dsa_results[testnum][1] = (double)count / d; } @@ -2622,6 +2616,7 @@ int speed_main(int argc, char **argv) #endif /* OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_EC + OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM); for (testnum = 0; testnum < EC_NUM; testnum++) { int st = 1; @@ -2629,7 +2624,7 @@ int speed_main(int argc, char **argv) continue; /* Ignore Curve */ for (i = 0; i < loopargs_len; i++) { loopargs[i].ecdsa[testnum] = - EC_KEY_new_by_curve_name(test_curves[testnum]); + EC_KEY_new_by_curve_name(test_curves[testnum].nid); if (loopargs[i].ecdsa[testnum] == NULL) { st = 0; break; @@ -2658,16 +2653,15 @@ int speed_main(int argc, char **argv) } else { pkey_print_message("sign", "ecdsa", ecdsa_c[testnum][0], - test_curves_bits[testnum], - seconds.ecdsa); + test_curves[testnum].bits, seconds.ecdsa); Time_F(START); count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R5:%ld:%d:%.2f\n" : - "%ld %d bit ECDSA signs in %.2fs \n", - count, test_curves_bits[testnum], d); + mr ? "+R5:%ld:%u:%.2f\n" : + "%ld %u bits ECDSA signs in %.2fs \n", + count, test_curves[testnum].bits, d); ecdsa_results[testnum][0] = (double)count / d; rsa_count = count; } @@ -2688,15 +2682,14 @@ int speed_main(int argc, char **argv) } else { pkey_print_message("verify", "ecdsa", ecdsa_c[testnum][1], - test_curves_bits[testnum], - seconds.ecdsa); + test_curves[testnum].bits, seconds.ecdsa); Time_F(START); count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R6:%ld:%d:%.2f\n" - : "%ld %d bit ECDSA verify in %.2fs\n", - count, test_curves_bits[testnum], d); + mr ? "+R6:%ld:%u:%.2f\n" + : "%ld %u bits ECDSA verify in %.2fs\n", + count, test_curves[testnum].bits, d); ecdsa_results[testnum][1] = (double)count / d; } @@ -2736,7 +2729,7 @@ int speed_main(int argc, char **argv) * If this fails we try creating a EVP_PKEY_EC generic param ctx, * then we set the curve by NID before deriving the actual keygen * ctx for that specific curve. */ - kctx = EVP_PKEY_CTX_new_id(test_curves[testnum], NULL); /* keygen ctx from NID */ + kctx = EVP_PKEY_CTX_new_id(test_curves[testnum].nid, NULL); /* keygen ctx from NID */ if (!kctx) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *params = NULL; @@ -2767,7 +2760,7 @@ int speed_main(int argc, char **argv) /* Set the curve by NID */ !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, test_curves - [testnum]) || + [testnum].nid) || /* Create the parameter object params */ !EVP_PKEY_paramgen(pctx, ¶ms)) { ecdh_checks = 0; @@ -2849,16 +2842,15 @@ int speed_main(int argc, char **argv) if (ecdh_checks != 0) { pkey_print_message("", "ecdh", ecdh_c[testnum][0], - test_curves_bits[testnum], - seconds.ecdh); + test_curves[testnum].bits, seconds.ecdh); Time_F(START); count = run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" : - "%ld %d-bit ECDH ops in %.2fs\n", count, - test_curves_bits[testnum], d); + "%ld %u-bits ECDH ops in %.2fs\n", count, + test_curves[testnum].bits, d); ecdh_results[testnum][0] = (double)count / d; rsa_count = count; } @@ -2973,12 +2965,11 @@ int speed_main(int argc, char **argv) if (mr) printf("+F4:%u:%u:%f:%f\n", - k, test_curves_bits[k], + k, test_curves[k].bits, ecdsa_results[k][0], ecdsa_results[k][1]); else - printf("%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - test_curves_bits[k], - test_curves_names[k], + printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", + test_curves[k].bits, test_curves[k].name, 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1], ecdsa_results[k][0], ecdsa_results[k][1]); } @@ -2993,13 +2984,12 @@ int speed_main(int argc, char **argv) } if (mr) printf("+F5:%u:%u:%f:%f\n", - k, test_curves_bits[k], + k, test_curves[k].bits, ecdh_results[k][0], 1.0 / ecdh_results[k][0]); else - printf("%4u bit ecdh (%s) %8.4fs %8.1f\n", - test_curves_bits[k], - test_curves_names[k], + printf("%4u bits ecdh (%s) %8.4fs %8.1f\n", + test_curves[k].bits, test_curves[k].name, 1.0 / ecdh_results[k][0], ecdh_results[k][0]); } #endif @@ -3060,18 +3050,18 @@ static void print_message(const char *s, long num, int length, int tm) } static void pkey_print_message(const char *str, const char *str2, long num, - int bits, int tm) + unsigned int bits, int tm) { #ifdef SIGALRM BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n" - : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm); + : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); (void)BIO_flush(bio_err); alarm(tm); #else BIO_printf(bio_err, mr ? "+DNP:%ld:%d:%s:%s\n" - : "Doing %ld %d bit %s %s's: ", num, bits, str, str2); + : "Doing %ld %u bits %s %s's: ", num, bits, str, str2); (void)BIO_flush(bio_err); #endif } From appro at openssl.org Wed May 2 19:56:21 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 02 May 2018 19:56:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525290981.517069.6617.nullmailer@dev.openssl.org> The branch master has been updated via 774ff8fed67e19d4f5f0df2f59050f2737abab2a (commit) from 48bc0d99af6df9919ddbe71e4bc6d8690e9b5174 (commit) - Log ----------------------------------------------------------------- commit 774ff8fed67e19d4f5f0df2f59050f2737abab2a Author: Andy Polyakov Date: Mon Apr 30 22:59:51 2018 +0200 bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word. Montgomery multiplication post-conditions in some of code paths were formally non-constant time. Cache access pattern was result-neutral, but a little bit asymmetric, which might have produced a signal [if processor reordered load and stores at run-time]. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6141) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/alpha-mont.pl | 9 ++--- crypto/bn/asm/armv4-mont.pl | 15 +++++---- crypto/bn/asm/ia64-mont.pl | 18 +++++----- crypto/bn/asm/mips-mont.pl | 12 +++---- crypto/bn/asm/parisc-mont.pl | 26 +++++++-------- crypto/bn/asm/ppc-mont.pl | 13 ++++---- crypto/bn/asm/ppc64-mont.pl | 41 ++++++++++++++++------- crypto/bn/asm/s390x-mont.pl | 14 ++++---- crypto/bn/asm/sparct4-mont.pl | 24 ++++++-------- crypto/bn/asm/sparcv9-mont.pl | 10 +++--- crypto/bn/asm/via-mont.pl | 13 +++----- crypto/bn/asm/vis3-mont.pl | 16 ++++----- crypto/bn/asm/x86-mont.pl | 20 ++++++----- crypto/bn/asm/x86_64-mont.pl | 77 +++++++++++++++++++++---------------------- crypto/bn/asm/x86_64-mont5.pl | 19 ++++++----- 15 files changed, 165 insertions(+), 162 deletions(-) diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl index cd0e1fb..cc5c30e 100644 --- a/crypto/bn/asm/alpha-mont.pl +++ b/crypto/bn/asm/alpha-mont.pl @@ -297,15 +297,12 @@ bn_mul_mont: mov sp,$tp mov $bp,$rp # restore rp - and sp,$hi0,$ap - bic $bp,$hi0,$bp - bis $bp,$ap,$ap # ap=borrow?tp:rp - .align 4 -.Lcopy: ldq $aj,0($ap) # copy or in-place refresh +.Lcopy: ldq $aj,0($tp) # conditional copy + ldq $nj,0($rp) lda $tp,8($tp) lda $rp,8($rp) - lda $ap,8($ap) + cmoveq $hi0,$nj,$aj stq zero,-8($tp) # zap tp cmpult $tp,$tj,AT stq $aj,-8($rp) diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 75a36f6..9169137 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -262,14 +262,15 @@ bn_mul_mont: mov $tp,sp @ "rewind" $tp sub $rp,$rp,$aj @ "rewind" $rp - and $ap,$tp,$nhi - bic $np,$rp,$nhi - orr $ap,$ap,$np @ ap=borrow?tp:rp - -.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh +.Lcopy: ldr $tj,[$tp] @ conditional copy + ldr $aj,[$rp] str sp,[$tp],#4 @ zap tp - str $tj,[$rp],#4 - cmp $tp,$num +#ifdef __thumb2__ + it cc +#endif + movcc $aj,$tj + str $aj,[$rp],#4 + teq $tp,$num @ preserve carry bne .Lcopy mov sp,$num diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl index 9d1ecf6..96d312f 100644 --- a/crypto/bn/asm/ia64-mont.pl +++ b/crypto/bn/asm/ia64-mont.pl @@ -341,19 +341,19 @@ bn_mul_mont_general: { .mmb; sub rptr=rptr,len // rewind sub tptr=tptr,len clrrrb.pr };; -{ .mmi; and aptr=tptr,topbit - andcm bptr=rptr,topbit +{ .mmi; mov aptr=rptr + mov bptr=tptr mov pr.rot=1<<16 };; -{ .mii; or nptr=aptr,bptr +{ .mii; cmp.eq p0,p6=topbit,r0 mov ar.lc=lc - mov ar.ec=3 };; + mov ar.ec=2 };; .Lcopy_ctop: -{ .mmb; (p16) ld8 n[0]=[nptr],8 - (p18) st8 [tptr]=r0,8 - (p16) nop.b 0 } -{ .mmb; (p16) nop.m 0 - (p18) st8 [rptr]=n[2],8 +{ .mmi; (p16) ld8 a[0]=[aptr],8 + (p16) ld8 t[0]=[bptr],8 + (p6) mov a[1]=t[1] };; // (p17) +{ .mmb; (p17) st8 [rptr]=a[1],8 + (p17) st8 [tptr]=r0,8 br.ctop.sptk .Lcopy_ctop };; .Lcopy_cend: diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl index 56d4202..b2e8df8 100644 --- a/crypto/bn/asm/mips-mont.pl +++ b/crypto/bn/asm/mips-mont.pl @@ -386,15 +386,13 @@ $code.=<<___; $PTR_SUB $rp,$num # restore rp not $hi1,$hi0 - and $ap,$hi0,$sp - and $bp,$hi1,$rp - or $ap,$ap,$bp # ap=borrow?tp:rp - -.align 4 -.Lcopy: $LD $aj,($ap) - $PTR_ADD $ap,$BNSZ +.Lcopy: $LD $nj,($tp) # conditional move + $LD $aj,($rp) $ST $zero,($tp) $PTR_ADD $tp,$BNSZ + and $nj,$hi0 + and $aj,$hi1 + or $aj,$nj sltu $at,$tp,$tj $ST $aj,($rp) bnez $at,.Lcopy diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index a705e16..4c9d045 100644 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl @@ -517,7 +517,6 @@ L\$sub stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp ___ $code.=<<___ if ($BN_SZ==8); ldd,ma 8($tp),$ti0 @@ -532,20 +531,18 @@ L\$sub extrd,u $ti0,31,32,$ti0 ; carry in flipped word order sub,db $ti0,%r0,$hi1 - ldo -8($tp),$tp ___ $code.=<<___; - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np - + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy - ldd $idx($np),$hi0 + ldd 0($tp),$ti0 + ldd 0($rp),$hi0 std,ma %r0,8($tp) - addib,<> 8,$idx,.-8 ; L\$copy + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 + addib,<> 8,$idx,L\$copy std,ma $hi0,8($rp) ___ @@ -856,17 +853,16 @@ L\$sub_pa11 stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy_pa11 - ldwx $idx($np),$hi0 + ldw 0($tp),$ti0 + ldw 0($rp),$hi0 stws,ma %r0,4($tp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 addib,<> 4,$idx,L\$copy_pa11 stws,ma $hi0,4($rp) diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl index 9aa96c8..d9cc983 100644 --- a/crypto/bn/asm/ppc-mont.pl +++ b/crypto/bn/asm/ppc-mont.pl @@ -314,15 +314,16 @@ Lsub: $LDX $tj,$tp,$j li $j,0 mtctr $num subfe $ovf,$j,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp .align 4 -Lcopy: ; copy or in-place refresh - $LDX $tj,$ap,$j - $STX $tj,$rp,$j +Lcopy: ; conditional copy + $LDX $tj,$tp,$j + $LDX $aj,$rp,$j + and $tj,$tj,$ovf + andc $aj,$aj,$ovf $STX $j,$tp,$j ; zap at once + or $aj,$aj,$tj + $STX $aj,$rp,$j addi $j,$j,$BNSZ bdnz Lcopy diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index 0b2bb39..a82e77d 100644 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl @@ -1501,16 +1501,14 @@ Lsub: ldx $t0,$tp,$i li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp - addi $t7,$ap,8 mtctr $j .align 4 -Lcopy: ; copy or in-place refresh - ldx $t0,$ap,$i - ldx $t1,$t7,$i +Lcopy: ; conditional copy + ldx $t0,$tp,$i + ldx $t1,$t4,$i + ldx $t2,$rp,$i + ldx $t3,$t6,$i std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1519,6 +1517,12 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + andc $t2,$t2,$ovf + andc $t3,$t3,$ovf + or $t0,$t0,$t2 + or $t1,$t1,$t3 stdx $t0,$rp,$i stdx $t1,$t6,$i stdx $i,$tp,$i ; zap tp at once @@ -1561,20 +1565,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - addi $tp,$sp,`$FRAME+$TRANSFER+4` + addi $ap,$sp,`$FRAME+$TRANSFER+4` subf $rp,$num,$rp ; rewind rp - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp addi $tp,$sp,`$FRAME+$TRANSFER` mtctr $j .align 4 -Lcopy: ; copy or in-place refresh +Lcopy: ; conditional copy lwz $t0,4($ap) lwz $t1,8($ap) lwz $t2,12($ap) lwzu $t3,16($ap) + lwz $t4,4($rp) + lwz $t5,8($rp) + lwz $t6,12($rp) + lwz $t7,16($rp) std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1583,6 +1588,18 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + and $t2,$t2,$ovf + and $t3,$t3,$ovf + andc $t4,$t4,$ovf + andc $t5,$t5,$ovf + andc $t6,$t6,$ovf + andc $t7,$t7,$ovf + or $t0,$t0,$t4 + or $t1,$t1,$t5 + or $t2,$t2,$t6 + or $t3,$t3,$t7 stw $t0,4($rp) stw $t1,8($rp) stw $t2,12($rp) diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl index 0eaade3..59f70be 100644 --- a/crypto/bn/asm/s390x-mont.pl +++ b/crypto/bn/asm/s390x-mont.pl @@ -252,16 +252,16 @@ $code.=<<___; brct $count,.Lsub lghi $ahi,0 slbgr $AHI,$ahi # handle upmost carry - - ngr $ap,$AHI - lghi $np,-1 - xgr $np,$AHI - ngr $np,$rp - ogr $ap,$np # ap=borrow?tp:rp + lghi $NHI,-1 + xgr $NHI,$AHI la $j,0(%r0) lgr $count,$num -.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh +.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy + lg $alo,0($j,$rp) + ngr $ahi,$AHI + ngr $alo,$NHI + ogr $alo,$ahi _dswap $alo stg $j,$stdframe($j,$sp) # zap tp stg $alo,0($j,$rp) diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl index 6eb634d..90c7bb8 100755 --- a/crypto/bn/asm/sparct4-mont.pl +++ b/crypto/bn/asm/sparct4-mont.pl @@ -888,19 +888,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy @@ -1136,19 +1134,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy_g5 sub $num, 8, $cnt .align 16 -.Lcopy_g5: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy_g5: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy_g5 diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index 44d28ac..a0830a0 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -265,7 +265,6 @@ $fname: .Ltail: add $np,$num,$np add $rp,$num,$rp - mov $tp,$ap sub %g0,$num,%o7 ! k=-num ba .Lsub subcc %g0,%g0,%g0 ! clear %icc.c @@ -278,15 +277,14 @@ $fname: add %o7,4,%o7 brnz %o7,.Lsub st %o1,[$i] - subc $car2,0,$car2 ! handle upmost overflow bit - and $tp,$car2,$ap - andn $rp,$car2,$np - or $ap,$np,$ap + subccc $car2,0,$car2 ! handle upmost overflow bit sub %g0,$num,%o7 .Lcopy: - ld [$ap+%o7],%o0 ! copy or in-place refresh + ld [$tp+%o7],%o1 ! conditional copy + ld [$rp+%o7],%o0 st %g0,[$tp+%o7] ! zap tp + movcs %icc,%o1,%o0 st %o0,[$rp+%o7] add %o7,4,%o7 brnz %o7,.Lcopy diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl index eaac4dd..2b73a42 100644 --- a/crypto/bn/asm/via-mont.pl +++ b/crypto/bn/asm/via-mont.pl @@ -213,18 +213,15 @@ $sp=&DWP(28,"esp"); &mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit &sbb ("eax",0); - &and ("esi","eax"); - ¬ ("eax"); - &mov ("ebp","edi"); - &and ("ebp","eax"); - &or ("esi","ebp"); # tp=carry?tp:rp &mov ("ecx","edx"); # num - &xor ("edx","edx"); # i=0 + &mov ("edx",0); # i=0 &set_label("copy",8); - &mov ("eax",&DWP(0,"esi","edx",4)); - &mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp + &mov ("ebx",&DWP(0,"esi","edx",4)); + &mov ("eax",&DWP(0,"edi","edx",4)); + &mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp + &cmovc ("eax","ebx"); &mov (&DWP(0,"edi","edx",4),"eax"); &lea ("edx",&DWP(1,"edx")); # i++ &loop (&label("copy")); diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index 04694a4..ee55870 100644 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -310,23 +310,23 @@ $code.=<<___; sub $anp, $num, $anp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ld [$ap+0], $t2 - ld [$ap+4], $t3 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ld [$tp+0], $t0 + ld [$tp+4], $t1 + ld [$rp+0], $t2 + ld [$rp+4], $t3 stx %g0, [$tp] ! zap add $tp, 8, $tp stx %g0, [$anp] ! zap stx %g0, [$anp+8] add $anp, 16, $anp + movcs %icc, $t0, $t2 + movcs %icc, $t1, $t3 st $t3, [$rp+0] ! flip order st $t2, [$rp+4] add $rp, 8, $rp diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl index 66997e2..d54a543 100755 --- a/crypto/bn/asm/x86-mont.pl +++ b/crypto/bn/asm/x86-mont.pl @@ -604,16 +604,18 @@ $sbit=$num; &jge (&label("sub")); &sbb ("eax",0); # handle upmost overflow bit - &and ($tp,"eax"); - ¬ ("eax"); - &mov ($np,$rp); - &and ($np,"eax"); - &or ($tp,$np); # tp=carry?tp:rp - -&set_label("copy",16); # copy or in-place refresh - &mov ("eax",&DWP(0,$tp,$num,4)); - &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i] + &mov ("edx",-1); + &xor ("edx","eax"); + &jmp (&label("copy")); + +&set_label("copy",16); # conditional copy + &mov ($tp,&DWP($frame,"esp",$num,4)); + &mov ($np,&DWP(0,$rp,$num,4)); &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector + &and ($tp,"eax"); + &and ($np,"edx"); + &or ($np,$tp); + &mov (&DWP(0,$rp,$num,4),$np); &dec ($num); &jge (&label("copy")); diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 7e6e902..a0560e0 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -311,30 +311,30 @@ $code.=<<___; xor $i,$i # i=0 and clear CF! mov (%rsp),%rax # tp[0] - lea (%rsp),$ap # borrow ap for tp mov $num,$j # j=num - jmp .Lsub + .align 16 .Lsub: sbb ($np,$i,8),%rax mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 8($ap,$i,8),%rax # tp[i+1] + mov 8(%rsp,$i,8),%rax # tp[i+1] lea 1($i),$i # i++ dec $j # doesn't affect CF! jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx # not %rax xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax - mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx + mov $num,(%rsp,$i,8) # zap temporary vector + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy @@ -724,7 +724,6 @@ $code.=<<___; mov 16(%rsp,$num,8),$rp # restore $rp lea -4($num),$j mov 0(%rsp), at ri[0] # tp[0] - pxor %xmm0,%xmm0 mov 8(%rsp), at ri[1] # tp[1] shr \$2,$j # j=num/4-1 lea (%rsp),$ap # borrow ap for tp @@ -734,8 +733,7 @@ $code.=<<___; mov 16($ap), at ri[2] # tp[2] mov 24($ap), at ri[3] # tp[3] sbb 8($np), at ri[1] - jmp .Lsub4x -.align 16 + .Lsub4x: mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] @@ -762,34 +760,35 @@ $code.=<<___; sbb \$0, at ri[0] # handle upmost overflow bit mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] - xor $i,$i # i=0 - and @ri[0],$ap - not @ri[0] - mov $rp,$np - and @ri[0],$np - lea -4($num),$j - or $np,$ap # ap=borrow?tp:rp - shr \$2,$j # j=num/4-1 + pxor %xmm0,%xmm0 + movq @ri[0],%xmm4 + pcmpeqd %xmm5,%xmm5 + pshufd \$0,%xmm4,%xmm4 + mov $num,$j + pxor %xmm4,%xmm5 + shr \$2,$j # j=num/4 + xor %eax,%eax # i=0 - movdqu ($ap),%xmm1 - movdqa %xmm0,(%rsp) - movdqu %xmm1,($rp) jmp .Lcopy4x .align 16 -.Lcopy4x: # copy or in-place refresh - movdqu 16($ap,$i),%xmm2 - movdqu 32($ap,$i),%xmm1 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) - movdqa %xmm0,32(%rsp,$i) - movdqu %xmm1,32($rp,$i) - lea 32($i),$i +.Lcopy4x: # conditional copy + movdqa (%rsp,%rax),%xmm1 + movdqu ($rp,%rax),%xmm2 + pand %xmm4,%xmm1 + pand %xmm5,%xmm2 + movdqa 16(%rsp,%rax),%xmm3 + movdqa %xmm0,(%rsp,%rax) + por %xmm2,%xmm1 + movdqu 16($rp,%rax),%xmm2 + movdqu %xmm1,($rp,%rax) + pand %xmm4,%xmm3 + pand %xmm5,%xmm2 + movdqa %xmm0,16(%rsp,%rax) + por %xmm2,%xmm3 + movdqu %xmm3,16($rp,%rax) + lea 32(%rax),%rax dec $j jnz .Lcopy4x - - movdqu 16($ap,$i),%xmm2 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) ___ } $code.=<<___; diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 2635435..b1ad71f 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -423,18 +423,19 @@ $code.=<<___; jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy From levitte at openssl.org Wed May 2 21:42:27 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 May 2018 21:42:27 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525297347.120374.26411.nullmailer@dev.openssl.org> The branch master has been updated via c7e10755fac1d8f4421aa60646d311ab2068752d (commit) from 774ff8fed67e19d4f5f0df2f59050f2737abab2a (commit) - Log ----------------------------------------------------------------- commit c7e10755fac1d8f4421aa60646d311ab2068752d Author: FdaSilvaYY Date: Tue May 1 23:25:16 2018 +0200 opensslconf.h inclusion cleanup No need to buildtest on opensslconf.h Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6149) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_egd.c | 1 - include/openssl/dsa.h | 1 - test/build.info | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 5eb3225..461ef25 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -38,7 +38,6 @@ int RAND_egd_bytes(const char *path, int bytes) # else -# include # include OPENSSL_UNISTD # include # include diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index a5d539f..5a06847 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -20,7 +20,6 @@ extern "C" { # include # include # include -# include # include # if OPENSSL_API_COMPAT < 0x10100000L # include diff --git a/test/build.info b/test/build.info index 7887813..1708e94 100644 --- a/test/build.info +++ b/test/build.info @@ -536,6 +536,7 @@ ENDIF use OpenSSL::Glob; my @nogo_headers = ( "asn1_mac.h", + "opensslconf.h", "__decc_include_prologue.h", "__decc_include_epilogue.h" ); my @nogo_headers_re = ( qr/.*err\.h/ ); From matt at openssl.org Wed May 2 22:34:49 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 May 2018 22:34:49 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525300489.321676.5097.nullmailer@dev.openssl.org> The branch master has been updated via e401389a0cc8ce807aa52e30cf5aba080a62b2df (commit) via 6021d8ec5affe07116cdae81fa3db81d67996aac (commit) via 3bfa4756bd02659fa9f9a265550862c562749db6 (commit) via f054160a1923845f40d15457d1009420827f4c88 (commit) via a216df599a6076147c27acea6c976fb11f505b1a (commit) from c7e10755fac1d8f4421aa60646d311ab2068752d (commit) - Log ----------------------------------------------------------------- commit e401389a0cc8ce807aa52e30cf5aba080a62b2df Author: Matt Caswell Date: Fri Apr 27 12:20:04 2018 +0100 Add a test for SSL_get_shared_ciphers() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6113) commit 6021d8ec5affe07116cdae81fa3db81d67996aac Author: Matt Caswell Date: Fri Apr 27 12:09:08 2018 +0100 Fix a bug in create_ssl_ctx_pair() The max protocol version was only being set on the server side. It should have been done on both the client and the server. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6113) commit 3bfa4756bd02659fa9f9a265550862c562749db6 Author: Matt Caswell Date: Fri Apr 27 11:38:19 2018 +0100 Add some documentation for SSL_get_shared_ciphers() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6113) commit f054160a1923845f40d15457d1009420827f4c88 Author: Matt Caswell Date: Fri Apr 27 11:24:01 2018 +0100 Fix comment in ssl_locl.h The ciphers field in a session contains the stack of ciphers offered by the client. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6113) commit a216df599a6076147c27acea6c976fb11f505b1a Author: Matt Caswell Date: Fri Apr 27 11:20:52 2018 +0100 Fix SSL_get_shared_ciphers() The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6113) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_get_ciphers.pod | 24 ++++++++-- doc/man7/ssl.pod | 2 +- include/openssl/ssl.h | 2 +- ssl/ssl_lib.c | 27 +++++++---- ssl/ssl_locl.h | 2 +- test/sslapitest.c | 104 +++++++++++++++++++++++++++++++++++++++++++ test/ssltestlib.c | 4 +- 7 files changed, 148 insertions(+), 17 deletions(-) diff --git a/doc/man3/SSL_get_ciphers.pod b/doc/man3/SSL_get_ciphers.pod index d91afc2..89d9461 100644 --- a/doc/man3/SSL_get_ciphers.pod +++ b/doc/man3/SSL_get_ciphers.pod @@ -2,9 +2,13 @@ =head1 NAME -SSL_get1_supported_ciphers, SSL_get_client_ciphers, -SSL_get_ciphers, SSL_CTX_get_ciphers, -SSL_bytes_to_cipher_list, SSL_get_cipher_list +SSL_get1_supported_ciphers, +SSL_get_client_ciphers, +SSL_get_ciphers, +SSL_CTX_get_ciphers, +SSL_bytes_to_cipher_list, +SSL_get_cipher_list, +SSL_get_shared_ciphers - get list of available SSL_CIPHERs =head1 SYNOPSIS @@ -19,6 +23,7 @@ SSL_bytes_to_cipher_list, SSL_get_cipher_list int isv2format, STACK_OF(SSL_CIPHER) **sk, STACK_OF(SSL_CIPHER) **scsvs); const char *SSL_get_cipher_list(const SSL *ssl, int priority); + char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); =head1 DESCRIPTION @@ -58,6 +63,19 @@ listed for B with B. If B is NULL, no ciphers are available, or there are less ciphers than B available, NULL is returned. +SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. B is +the buffer that should be populated with the list of names and B is the +size of that buffer. A pointer to B is returned on success or NULL on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of SSL_get1_supported_ciphers() above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake. + =head1 NOTES The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod index 7cf7d61..c1e4924 100644 --- a/doc/man7/ssl.pod +++ b/doc/man7/ssl.pod @@ -570,7 +570,7 @@ fresh handle for each connection. =item SSL_SESSION *B(const SSL *ssl); -=item char *B(const SSL *ssl, char *buf, int len); +=item char *B(const SSL *ssl, char *buf, int size); =item int B(const SSL *ssl); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 4b45ae7..4bd53fc 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1497,7 +1497,7 @@ __owur int SSL_get_fd(const SSL *s); __owur int SSL_get_rfd(const SSL *s); __owur int SSL_get_wfd(const SSL *s); __owur const char *SSL_get_cipher_list(const SSL *s, int n); -__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); __owur int SSL_get_read_ahead(const SSL *s); __owur int SSL_pending(const SSL *s); __owur int SSL_has_pending(const SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2a57831..3aefa34 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2549,28 +2549,37 @@ int SSL_set_cipher_list(SSL *s, const char *str) return 1; } -char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) +char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) { char *p; - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; const SSL_CIPHER *c; int i; - if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) + if (!s->server + || s->session == NULL + || s->session->ciphers == NULL + || size < 2) return NULL; p = buf; - sk = s->session->ciphers; + clntsk = s->session->ciphers; + srvrsk = SSL_get_ciphers(s); + if (clntsk == NULL || srvrsk == NULL) + return NULL; - if (sk_SSL_CIPHER_num(sk) == 0) + if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) return NULL; - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { int n; - c = sk_SSL_CIPHER_value(sk, i); + c = sk_SSL_CIPHER_value(clntsk, i); + if (sk_SSL_CIPHER_find(srvrsk, c) < 0) + continue; + n = strlen(c->name); - if (n + 1 > len) { + if (n + 1 > size) { if (p != buf) --p; *p = '\0'; @@ -2579,7 +2588,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) strcpy(p, c->name); p += n; *(p++) = ':'; - len -= n + 1; + size -= n + 1; } p[-1] = '\0'; return buf; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d881458..b32b23b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -550,7 +550,7 @@ struct ssl_session_st { const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to * load the 'cipher' structure */ - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */ CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to diff --git a/test/sslapitest.c b/test/sslapitest.c index 832746c..0aac80b 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4452,6 +4452,109 @@ static int test_ssl_pending(int tst) return testresult; } +static struct { + unsigned int maxprot; + const char *clntciphers; + const char *clnttls13ciphers; + const char *srvrciphers; + const char *srvrtls13ciphers; + const char *shared; +} shared_ciphers_data[] = { + { + TLS1_2_VERSION, + "AES128-SHA:AES256-SHA", + NULL, + "AES256-SHA:DHE-RSA-AES128-SHA", + NULL, + "AES256-SHA" + }, + { + TLS1_2_VERSION, + "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA", + NULL, + "AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA", + NULL, + "AES128-SHA:AES256-SHA" + }, + { + TLS1_2_VERSION, + "AES128-SHA:AES256-SHA", + NULL, + "AES128-SHA:DHE-RSA-AES128-SHA", + NULL, + "AES128-SHA" + }, +#ifndef OPENSSL_NO_TLS1_3 + { + TLS1_3_VERSION, + "AES128-SHA:AES256-SHA", + NULL, + "AES256-SHA:AES128-SHA256", + NULL, + "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:" + "TLS_AES_128_GCM_SHA256:AES256-SHA" + }, + { + TLS1_3_VERSION, + "AES128-SHA", + "TLS_AES_256_GCM_SHA384", + "AES256-SHA", + "TLS_AES_256_GCM_SHA384", + "TLS_AES_256_GCM_SHA384" + }, +#endif +}; + +static int test_ssl_get_shared_ciphers(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char buf[1024]; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + shared_ciphers_data[tst].maxprot, + &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, + shared_ciphers_data[tst].clntciphers)) + || (shared_ciphers_data[tst].clnttls13ciphers != NULL + && !TEST_true(SSL_CTX_set_ciphersuites(cctx, + shared_ciphers_data[tst].clnttls13ciphers))) + || !TEST_true(SSL_CTX_set_cipher_list(sctx, + shared_ciphers_data[tst].srvrciphers)) + || (shared_ciphers_data[tst].srvrtls13ciphers != NULL + && !TEST_true(SSL_CTX_set_ciphersuites(sctx, + shared_ciphers_data[tst].srvrtls13ciphers)))) + goto end; + + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf))) + || !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) { + TEST_info("Shared ciphers are: %s\n", buf); + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) @@ -4544,6 +4647,7 @@ int setup_tests(void) #endif ADD_ALL_TESTS(test_info_callback, 6); ADD_ALL_TESTS(test_ssl_pending, 2); + ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); return 1; } diff --git a/test/ssltestlib.c b/test/ssltestlib.c index ebd87cc..959e329 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -531,10 +531,10 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, goto err; if (clientctx != NULL && ((min_proto_version > 0 - && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, + && !TEST_true(SSL_CTX_set_min_proto_version(clientctx, min_proto_version))) || (max_proto_version > 0 - && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, + && !TEST_true(SSL_CTX_set_max_proto_version(clientctx, max_proto_version))))) goto err; From matt at openssl.org Wed May 2 22:38:30 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 May 2018 22:38:30 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525300710.102502.6728.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 6f31c17af4ab75dd69858697b69617b2445df887 (commit) via 0a878015c6355ca00832579361907ce89662b321 (commit) via 627e2c45535f9ec14014448843bf24010f210112 (commit) from ebdeeb363f03848cea5028e63c6be294a34a8426 (commit) - Log ----------------------------------------------------------------- commit 6f31c17af4ab75dd69858697b69617b2445df887 Author: Matt Caswell Date: Fri Apr 27 11:38:19 2018 +0100 Add some documentation for SSL_get_shared_ciphers() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6114) commit 0a878015c6355ca00832579361907ce89662b321 Author: Matt Caswell Date: Fri Apr 27 11:24:01 2018 +0100 Fix comment in ssl_locl.h The ciphers field in a session contains the stack of ciphers offered by the client. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6114) commit 627e2c45535f9ec14014448843bf24010f210112 Author: Matt Caswell Date: Fri Apr 27 11:20:52 2018 +0100 Fix SSL_get_shared_ciphers() The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6114) ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_get_ciphers.pod | 34 ++++++++++++++++++++++++++-------- doc/ssl/ssl.pod | 2 +- include/openssl/ssl.h | 2 +- ssl/ssl_lib.c | 29 +++++++++++++++++++---------- ssl/ssl_locl.h | 2 +- 5 files changed, 48 insertions(+), 21 deletions(-) diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index cc55095..ac35f80 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -2,8 +2,12 @@ =head1 NAME -SSL_get1_supported_ciphers, SSL_get_client_ciphers, -SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list +SSL_get1_supported_ciphers, +SSL_get_client_ciphers, +SSL_get_ciphers, +SSL_CTX_get_ciphers, +SSL_get_cipher_list, +SSL_get_shared_ciphers - get list of available SSL_CIPHERs =head1 SYNOPSIS @@ -15,6 +19,7 @@ SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); + char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); =head1 DESCRIPTION @@ -25,16 +30,16 @@ is returned. SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for B. SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for -B, sorted by preference. +B as would be sent in a ClientHello (that is, sorted by preference). The list depends on settings like the cipher list, the supported protocol versions, the security level, and the enabled signature algorithms. SRP and PSK ciphers are only enabled if the appropriate callbacks or settings have been applied. -This is the list that will be sent by the client to the server. -The list supported by the server might include more ciphers in case there is a -hole in the list of supported protocols. -The server will also not use ciphers from this list depending on the -configured certificates and DH parameters. +The list of ciphers that would be sent in a ClientHello can differ from +the list of ciphers that would be acceptable when acting as a server. +For example, additional ciphers may be usable by a server if there is +a gap in the list of supported protocols, and some ciphers may not be +usable by a server if there is not a suitable certificate configured. If B is NULL or no ciphers are available, NULL is returned. SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the @@ -46,6 +51,19 @@ listed for B with B. If B is NULL, no ciphers are available, or there are less ciphers than B available, NULL is returned. +SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. B is +the buffer that should be populated with the list of names and B is the +size of that buffer. A pointer to B is returned on success or NULL on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of SSL_get1_supported_ciphers() above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake. + =head1 NOTES The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 7307a2b..da12e29 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -568,7 +568,7 @@ fresh handle for each connection. =item SSL_SESSION *B(const SSL *ssl); -=item char *B(const SSL *ssl, char *buf, int len); +=item char *B(const SSL *ssl, char *buf, int size); =item int B(const SSL *ssl); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index f070bd2..70c1603 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1358,7 +1358,7 @@ __owur int SSL_get_fd(const SSL *s); __owur int SSL_get_rfd(const SSL *s); __owur int SSL_get_wfd(const SSL *s); __owur const char *SSL_get_cipher_list(const SSL *s, int n); -__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); __owur int SSL_get_read_ahead(const SSL *s); __owur int SSL_pending(const SSL *s); __owur int SSL_has_pending(const SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 543a46c..2002c17 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2213,28 +2213,37 @@ int SSL_set_cipher_list(SSL *s, const char *str) return 1; } -char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) +char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) { char *p; - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; const SSL_CIPHER *c; int i; - if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) - return (NULL); + if (!s->server + || s->session == NULL + || s->session->ciphers == NULL + || size < 2) + return NULL; p = buf; - sk = s->session->ciphers; + clntsk = s->session->ciphers; + srvrsk = SSL_get_ciphers(s); + if (clntsk == NULL || srvrsk == NULL) + return NULL; - if (sk_SSL_CIPHER_num(sk) == 0) + if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) return NULL; - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { int n; - c = sk_SSL_CIPHER_value(sk, i); + c = sk_SSL_CIPHER_value(clntsk, i); + if (sk_SSL_CIPHER_find(srvrsk, c) < 0) + continue; + n = strlen(c->name); - if (n + 1 > len) { + if (n + 1 > size) { if (p != buf) --p; *p = '\0'; @@ -2243,7 +2252,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) memcpy(p, c->name, n + 1); p += n; *(p++) = ':'; - len -= n + 1; + size -= n + 1; } p[-1] = '\0'; return (buf); diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 85c7549..f5b03df 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -540,7 +540,7 @@ struct ssl_session_st { const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to * load the 'cipher' structure */ - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */ CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to From matt at openssl.org Wed May 2 22:42:01 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 May 2018 22:42:01 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525300921.238953.8994.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via bd05644df71602f76db5335b8077ba4dbbb6b427 (commit) via d7d6d9531a0a9bb40a5f8b0256c04fa7a3e9b0c6 (commit) via 3f5b23403cfa893f51b8def07a430a25ec607fc8 (commit) from 7e6c0f56e65af0727d87615342df1272cd017e9f (commit) - Log ----------------------------------------------------------------- commit bd05644df71602f76db5335b8077ba4dbbb6b427 Author: Matt Caswell Date: Fri Apr 27 11:38:19 2018 +0100 Add some documentation for SSL_get_shared_ciphers() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6115) commit d7d6d9531a0a9bb40a5f8b0256c04fa7a3e9b0c6 Author: Matt Caswell Date: Fri Apr 27 11:24:01 2018 +0100 Fix comment in ssl.h The ciphers field in a session contains the stack of ciphers offered by the client. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6115) commit 3f5b23403cfa893f51b8def07a430a25ec607fc8 Author: Matt Caswell Date: Fri Apr 27 11:20:52 2018 +0100 Fix SSL_get_shared_ciphers() The function SSL_get_shared_ciphers() is supposed to return ciphers shared by the client and the server. However it only ever returned the client ciphers. Fixes #5317 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6115) ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_get_ciphers.pod | 19 ++++++++++++++++++- doc/ssl/ssl.pod | 2 +- ssl/ssl.h | 4 ++-- ssl/ssl_lib.c | 29 +++++++++++++++++++---------- 4 files changed, 40 insertions(+), 14 deletions(-) diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index aecadd9..7697d27 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -2,7 +2,10 @@ =head1 NAME -SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs +SSL_get_ciphers, +SSL_get_cipher_list, +SSL_get_shared_ciphers +- get list of available SSL_CIPHERs =head1 SYNOPSIS @@ -10,6 +13,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); + char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); =head1 DESCRIPTION @@ -22,6 +26,19 @@ listed for B with B. If B is NULL, no ciphers are available, or there are less ciphers than B available, NULL is returned. +SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of +SSL_CIPHER names that are available in both the client and the server. B is +the buffer that should be populated with the list of names and B is the +size of that buffer. A pointer to B is returned on success or NULL on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (for +example some ciphers may not be usable by a server if there is not a suitable +certificate configured). This function will return available shared ciphersuites +whether or not they are enabled. This is a server side function only and must +only be called after the completion of the initial handshake. + =head1 NOTES The details of the ciphers obtained by SSL_get_ciphers() can be obtained using diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 70cca17..5408d61 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -572,7 +572,7 @@ connection defined in the B structure. =item SSL_SESSION *B(const SSL *ssl); -=item char *B(const SSL *ssl, char *buf, int len); +=item char *B(const SSL *ssl, char *buf, int size); =item int B(const SSL *ssl); diff --git a/ssl/ssl.h b/ssl/ssl.h index 3cf96a2..30a9471 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -548,7 +548,7 @@ struct ssl_session_st { const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used * to load the 'cipher' structure */ - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */ CRYPTO_EX_DATA ex_data; /* application specific data */ /* * These are used to make removal of session-ids more efficient and to @@ -2149,7 +2149,7 @@ int SSL_get_fd(const SSL *s); int SSL_get_rfd(const SSL *s); int SSL_get_wfd(const SSL *s); const char *SSL_get_cipher_list(const SSL *s, int n); -char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); int SSL_get_read_ahead(const SSL *s); int SSL_pending(const SSL *s); # ifndef OPENSSL_NO_SOCK diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3a6c1b1..3956dce 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1404,28 +1404,37 @@ int SSL_set_cipher_list(SSL *s, const char *str) } /* works well for SSLv2, not so good for SSLv3 */ -char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) +char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) { char *p; - STACK_OF(SSL_CIPHER) *sk; + STACK_OF(SSL_CIPHER) *clntsk, *srvrsk; SSL_CIPHER *c; int i; - if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2)) - return (NULL); + if (!s->server + || s->session == NULL + || s->session->ciphers == NULL + || size < 2) + return NULL; p = buf; - sk = s->session->ciphers; + clntsk = s->session->ciphers; + srvrsk = SSL_get_ciphers(s); + if (clntsk == NULL || srvrsk == NULL) + return NULL; - if (sk_SSL_CIPHER_num(sk) == 0) + if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) return NULL; - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { int n; - c = sk_SSL_CIPHER_value(sk, i); + c = sk_SSL_CIPHER_value(clntsk, i); + if (sk_SSL_CIPHER_find(srvrsk, c) < 0) + continue; + n = strlen(c->name); - if (n + 1 > len) { + if (n + 1 > size) { if (p != buf) --p; *p = '\0'; @@ -1434,7 +1443,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) strcpy(p, c->name); p += n; *(p++) = ':'; - len -= n + 1; + size -= n + 1; } p[-1] = '\0'; return (buf); From matt at openssl.org Wed May 2 22:45:38 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 May 2018 22:45:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525301138.283447.10475.nullmailer@dev.openssl.org> The branch master has been updated via 4db296d9f0cf2855b358883a55b77a6b6f6848ba (commit) from e401389a0cc8ce807aa52e30cf5aba080a62b2df (commit) - Log ----------------------------------------------------------------- commit 4db296d9f0cf2855b358883a55b77a6b6f6848ba Author: Matt Caswell Date: Wed May 2 11:32:39 2018 +0100 Make X509_VERIFY_PARAM_get_hostflags() take a const arg Commit 5b748dea5 added this function which should have taken a const argument. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6154) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vpm.c | 2 +- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 +- include/openssl/x509_vfy.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index e860afd..16d27f9 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -393,7 +393,7 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, param->hostflags = flags; } -unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param) +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param) { return param->hostflags; } diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index d317fa8..7765029 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -56,7 +56,7 @@ X509_VERIFY_PARAM_set1_ip_asc const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); - unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param); + unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index cede60e..75fcdb6 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -479,7 +479,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); -unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, From matt at openssl.org Wed May 2 22:47:48 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 02 May 2018 22:47:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525301268.341810.11742.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 70ec1c96a7cdf8ee6a500535a71cf46e930fb2f3 (commit) from 6f31c17af4ab75dd69858697b69617b2445df887 (commit) - Log ----------------------------------------------------------------- commit 70ec1c96a7cdf8ee6a500535a71cf46e930fb2f3 Author: Matt Caswell Date: Wed May 2 11:32:39 2018 +0100 Make X509_VERIFY_PARAM_get_hostflags() take a const arg Commit 14e55560 added this function which should have taken a const argument. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6155) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vpm.c | 2 +- doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 2 +- include/openssl/x509_vfy.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 04a5164..d622b89 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -412,7 +412,7 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, param->hostflags = flags; } -unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param) +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param) { return param->hostflags; } diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index df149f4..55077e5 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -56,7 +56,7 @@ X509_VERIFY_PARAM_set1_ip_asc const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); - unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param); + unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index aaaf7b5..4671981 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -475,7 +475,7 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); -unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param); +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, From matt at openssl.org Thu May 3 09:35:32 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 May 2018 09:35:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525340132.943774.28420.nullmailer@dev.openssl.org> The branch master has been updated via b1860d6c71733314417d053a72af66ae72e8268e (commit) from 4db296d9f0cf2855b358883a55b77a6b6f6848ba (commit) - Log ----------------------------------------------------------------- commit b1860d6c71733314417d053a72af66ae72e8268e Author: Matt Caswell Date: Fri Apr 27 17:36:11 2018 +0100 Return an error from BN_mod_inverse if n is 1 (or -1) Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We should return an error in that case. Instead we were returning a valid result with value 0. Fixes #6004 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6119) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_gcd.c | 9 ++++++++- crypto/bn/bn_mont.c | 8 ++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 22f8093..6d8c565 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -140,7 +140,14 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, BIGNUM *ret = NULL; int sign; - if (pnoinv) + /* This is invalid input so we don't worry about constant time here */ + if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { + if (pnoinv != NULL) + *pnoinv = 1; + return NULL; + } + + if (pnoinv != NULL) *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index b85a893..5e068c4 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -281,7 +281,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) tmod.top = 2; - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + if (BN_is_one(&tmod)) + BN_zero(Ri); + else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) goto err; /* R*Ri */ @@ -314,7 +316,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) buf[1] = 0; tmod.top = buf[0] != 0 ? 1 : 0; /* Ri = R^-1 mod N */ - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + if (BN_is_one(&tmod)) + BN_zero(Ri); + else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, BN_BITS2)) goto err; /* R*Ri */ From matt at openssl.org Thu May 3 09:43:57 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 May 2018 09:43:57 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525340637.347022.30834.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via f4be878edae21755fe83ef26f3f3821a2fe58a97 (commit) from 70ec1c96a7cdf8ee6a500535a71cf46e930fb2f3 (commit) - Log ----------------------------------------------------------------- commit f4be878edae21755fe83ef26f3f3821a2fe58a97 Author: Matt Caswell Date: Fri Apr 27 17:36:11 2018 +0100 Return an error from BN_mod_inverse if n is 1 (or -1) Calculating BN_mod_inverse where n is 1 (or -1) doesn't make sense. We should return an error in that case. Instead we were returning a valid result with value 0. Fixes #6004 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6119) (cherry picked from commit b1860d6c71733314417d053a72af66ae72e8268e) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_gcd.c | 9 ++++++++- crypto/bn/bn_mont.c | 8 ++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 0676426..fd1c7a2 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -140,7 +140,14 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, BIGNUM *ret = NULL; int sign; - if (pnoinv) + /* This is invalid input so we don't worry about constant time here */ + if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { + if (pnoinv != NULL) + *pnoinv = 1; + return NULL; + } + + if (pnoinv != NULL) *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index faef581..c0c1746 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -278,7 +278,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) tmod.top = 2; - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + if (BN_is_one(&tmod)) + BN_zero(Ri); + else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) goto err; /* R*Ri */ @@ -311,7 +313,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) buf[1] = 0; tmod.top = buf[0] != 0 ? 1 : 0; /* Ri = R^-1 mod N */ - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + if (BN_is_one(&tmod)) + BN_zero(Ri); + else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, BN_BITS2)) goto err; /* R*Ri */ From levitte at openssl.org Thu May 3 13:13:25 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 May 2018 13:13:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525353205.251510.11103.nullmailer@dev.openssl.org> The branch master has been updated via 463e6ef500ead3fefccc470ce2f82429bb060e70 (commit) via ce147f7333fa56ab87a0878b34649991a5dae8f5 (commit) from b1860d6c71733314417d053a72af66ae72e8268e (commit) - Log ----------------------------------------------------------------- commit 463e6ef500ead3fefccc470ce2f82429bb060e70 Author: Richard Levitte Date: Wed May 2 06:16:04 2018 +0200 VMS: modernise rand_pool_acquire_entropy, step 2 Add more items that could serve as entropy source. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6151) commit ce147f7333fa56ab87a0878b34649991a5dae8f5 Author: Richard Levitte Date: Mon Apr 30 18:04:10 2018 +0200 VMS: modernise rand_pool_acquire_entropy, step 1 Stop redefining structures that are already defined in system headers. This also means we can stop setting the pointer size globally, because the system structures will have the correct pointer sizes either way. The only exception is passing the right pointer size to a function. Stop trying to twist things around with rand(), that's the job of the DRBG that we feed. Stop assuming the location of the JPI$_FINALEXC item, look it up instead. Signal an exception if the sys$getjpiw call fails (it means the item list isn't set up right, so works as an assertion, but using VMS methodology). Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6151) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_vms.c | 474 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 393 insertions(+), 81 deletions(-) diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index 5561abc..0037466 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -10,16 +10,24 @@ #include "e_os.h" #if defined(OPENSSL_SYS_VMS) +# define __NEW_STARLET 1 /* New starlet definitions since VMS 7.0 */ # include # include "internal/cryptlib.h" # include # include "internal/rand_int.h" # include "rand_lcl.h" # include +# include # include +# include +# include # include # include -# include +# include +# include +# include +# include +# include # ifdef __DECC # pragma message disable DOLLARID # endif @@ -28,106 +36,410 @@ # error "Unsupported seeding method configured; must be os" # endif -/* - * Use 32-bit pointers almost everywhere. Define the type to which to cast a - * pointer passed to an external function. - */ +/* We need to make sure we have the right size pointer in some cases */ # if __INITIAL_POINTER_SIZE == 64 -# define PTR_T __void_ptr64 # pragma pointer_size save # pragma pointer_size 32 -# else -# define PTR_T void * +# endif +typedef uint32_t *uint32_t__ptr32; +# if __INITIAL_POINTER_SIZE == 64 +# pragma pointer_size restore # endif -static struct items_data_st { +struct item_st { short length, code; /* length is number of bytes */ -} items_data[] = { - {4, JPI$_BUFIO}, - {4, JPI$_CPUTIM}, - {4, JPI$_DIRIO}, - {4, JPI$_IMAGECOUNT}, - {8, JPI$_LAST_LOGIN_I}, - {8, JPI$_LOGINTIM}, - {4, JPI$_PAGEFLTS}, - {4, JPI$_PID}, - {4, JPI$_PPGCNT}, - {4, JPI$_WSPEAK}, - {4, JPI$_FINALEXC}, - {0, 0} }; +static const struct item_st DVI_item_data[] = { + {4, DVI$_ERRCNT}, + {4, DVI$_REFCNT}, +}; + +static const struct item_st JPI_item_data[] = { + {4, JPI$_BUFIO}, + {4, JPI$_CPUTIM}, + {4, JPI$_DIRIO}, + {4, JPI$_IMAGECOUNT}, + {4, JPI$_PAGEFLTS}, + {4, JPI$_PID}, + {4, JPI$_PPGCNT}, + {4, JPI$_WSPEAK}, + /* + * Note: the direct result is just a 32-bit address. However, it points + * to a list of 4 32-bit words, so we make extra space for them so we can + * do in-place replacement of values + */ + {16, JPI$_FINALEXC}, +}; + +static const struct item_st JPI_item_data_64bit[] = { + {8, JPI$_LAST_LOGIN_I}, + {8, JPI$_LOGINTIM}, +}; + +static const struct item_st RMI_item_data[] = { + {4, RMI$_COLPG}, + {4, RMI$_MWAIT}, + {4, RMI$_CEF}, + {4, RMI$_PFW}, + {4, RMI$_LEF}, + {4, RMI$_LEFO}, + {4, RMI$_HIB}, + {4, RMI$_HIBO}, + {4, RMI$_SUSP}, + {4, RMI$_SUSPO}, + {4, RMI$_FPG}, + {4, RMI$_COM}, + {4, RMI$_COMO}, + {4, RMI$_CUR}, +#if defined __alpha + {4, RMI$_FRLIST}, + {4, RMI$_MODLIST}, +#endif + {4, RMI$_FAULTS}, + {4, RMI$_PREADS}, + {4, RMI$_PWRITES}, + {4, RMI$_PWRITIO}, + {4, RMI$_PREADIO}, + {4, RMI$_GVALFLTS}, + {4, RMI$_WRTINPROG}, + {4, RMI$_FREFLTS}, + {4, RMI$_DZROFLTS}, + {4, RMI$_SYSFAULTS}, + {4, RMI$_ISWPCNT}, + {4, RMI$_DIRIO}, + {4, RMI$_BUFIO}, + {4, RMI$_MBREADS}, + {4, RMI$_MBWRITES}, + {4, RMI$_LOGNAM}, + {4, RMI$_FCPCALLS}, + {4, RMI$_FCPREAD}, + {4, RMI$_FCPWRITE}, + {4, RMI$_FCPCACHE}, + {4, RMI$_FCPCPU}, + {4, RMI$_FCPHIT}, + {4, RMI$_FCPSPLIT}, + {4, RMI$_FCPFAULT}, + {4, RMI$_ENQNEW}, + {4, RMI$_ENQCVT}, + {4, RMI$_DEQ}, + {4, RMI$_BLKAST}, + {4, RMI$_ENQWAIT}, + {4, RMI$_ENQNOTQD}, + {4, RMI$_DLCKSRCH}, + {4, RMI$_DLCKFND}, + {4, RMI$_NUMLOCKS}, + {4, RMI$_NUMRES}, + {4, RMI$_ARRLOCPK}, + {4, RMI$_DEPLOCPK}, + {4, RMI$_ARRTRAPK}, + {4, RMI$_TRCNGLOS}, + {4, RMI$_RCVBUFFL}, + {4, RMI$_ENQNEWLOC}, + {4, RMI$_ENQNEWIN}, + {4, RMI$_ENQNEWOUT}, + {4, RMI$_ENQCVTLOC}, + {4, RMI$_ENQCVTIN}, + {4, RMI$_ENQCVTOUT}, + {4, RMI$_DEQLOC}, + {4, RMI$_DEQIN}, + {4, RMI$_DEQOUT}, + {4, RMI$_BLKLOC}, + {4, RMI$_BLKIN}, + {4, RMI$_BLKOUT}, + {4, RMI$_DIRIN}, + {4, RMI$_DIROUT}, + /* We currently get a fault when trying these. TODO: To be figured out. */ +#if 0 + {140, RMI$_MSCP_EVERYTHING}, /* 35 32-bit words */ + {152, RMI$_DDTM_ALL}, /* 38 32-bit words */ + {80, RMI$_TMSCP_EVERYTHING} /* 20 32-bit words */ +#endif + {4, RMI$_LPZ_PAGCNT}, + {4, RMI$_LPZ_HITS}, + {4, RMI$_LPZ_MISSES}, + {4, RMI$_LPZ_EXPCNT}, + {4, RMI$_LPZ_ALLOCF}, + {4, RMI$_LPZ_ALLOC2}, + {4, RMI$_ACCESS}, + {4, RMI$_ALLOC}, + {4, RMI$_FCPCREATE}, + {4, RMI$_VOLWAIT}, + {4, RMI$_FCPTURN}, + {4, RMI$_FCPERASE}, + {4, RMI$_OPENS}, + {4, RMI$_FIDHIT}, + {4, RMI$_FIDMISS}, + {4, RMI$_FILHDR_HIT}, + {4, RMI$_DIRFCB_HIT}, + {4, RMI$_DIRFCB_MISS}, + {4, RMI$_DIRDATA_HIT}, + {4, RMI$_EXTHIT}, + {4, RMI$_EXTMISS}, + {4, RMI$_QUOHIT}, + {4, RMI$_QUOMISS}, + {4, RMI$_STORAGMAP_HIT}, + {4, RMI$_VOLLCK}, + {4, RMI$_SYNCHLCK}, + {4, RMI$_SYNCHWAIT}, + {4, RMI$_ACCLCK}, + {4, RMI$_XQPCACHEWAIT}, + {4, RMI$_DIRDATA_MISS}, + {4, RMI$_FILHDR_MISS}, + {4, RMI$_STORAGMAP_MISS}, + {4, RMI$_PROCCNTMAX}, + {4, RMI$_PROCBATCNT}, + {4, RMI$_PROCINTCNT}, + {4, RMI$_PROCNETCNT}, + {4, RMI$_PROCSWITCHCNT}, + {4, RMI$_PROCBALSETCNT}, + {4, RMI$_PROCLOADCNT}, + {4, RMI$_BADFLTS}, + {4, RMI$_EXEFAULTS}, + {4, RMI$_HDRINSWAPS}, + {4, RMI$_HDROUTSWAPS}, + {4, RMI$_IOPAGCNT}, + {4, RMI$_ISWPCNTPG}, + {4, RMI$_OSWPCNT}, + {4, RMI$_OSWPCNTPG}, + {4, RMI$_RDFAULTS}, + {4, RMI$_TRANSFLTS}, + {4, RMI$_WRTFAULTS}, +#if defined __alpha + {4, RMI$_USERPAGES}, +#endif + {4, RMI$_VMSPAGES}, + {4, RMI$_TTWRITES}, + {4, RMI$_BUFOBJPAG}, + {4, RMI$_BUFOBJPAGPEAK}, + {4, RMI$_BUFOBJPAGS01}, + {4, RMI$_BUFOBJPAGS2}, + {4, RMI$_BUFOBJPAGMAXS01}, + {4, RMI$_BUFOBJPAGMAXS2}, + {4, RMI$_BUFOBJPAGPEAKS01}, + {4, RMI$_BUFOBJPAGPEAKS2}, + {4, RMI$_BUFOBJPGLTMAXS01}, + {4, RMI$_BUFOBJPGLTMAXS2}, + {4, RMI$_DLCK_INCMPLT}, + {4, RMI$_DLCKMSGS_IN}, + {4, RMI$_DLCKMSGS_OUT}, + {4, RMI$_MCHKERRS}, + {4, RMI$_MEMERRS}, +}; + +static const struct item_st RMI_item_data_64bit[] = { +#if defined __ia64 + {8, RMI$_FRLIST}, + {8, RMI$_MODLIST}, +#endif + {8, RMI$_LCKMGR_REQCNT}, + {8, RMI$_LCKMGR_REQTIME}, + {8, RMI$_LCKMGR_SPINCNT}, + {8, RMI$_LCKMGR_SPINTIME}, + {8, RMI$_CPUINTSTK}, + {8, RMI$_CPUMPSYNCH}, + {8, RMI$_CPUKERNEL}, + {8, RMI$_CPUEXEC}, + {8, RMI$_CPUSUPER}, + {8, RMI$_CPUUSER}, +#if defined __ia64 + {8, RMI$_USERPAGES}, +#endif + {8, RMI$_TQETOTAL}, + {8, RMI$_TQESYSUB}, + {8, RMI$_TQEUSRTIMR}, + {8, RMI$_TQEUSRWAKE}, +}; + +static const struct item_st SYI_item_data[] = { + {4, SYI$_PAGEFILE_FREE}, +}; + +/* + * Input: + * items_data - an array of lengths and codes + * items_data_num - number of elements in that array + * + * Output: + * items - pre-allocated ILE3 array to be filled. + * It's assumed to have items_data_num elements plus + * one extra for the terminating NULL element + * databuffer - pre-allocated 32-bit word array. + * + * Returns the number of elements used in databuffer + */ +static size_t prepare_item_list(const struct item_st *items_input, + size_t items_input_num, + ILE3 *items, + uint32_t__ptr32 databuffer) +{ + size_t data_sz = 0; + + for (; items_input_num-- > 0; items_input++, items++) { + + /* Special treatment of JPI$_FINALEXC */ + if (items->ile3$w_code == JPI$_FINALEXC) + items->ile3$w_length = 4; + else + items->ile3$w_length = items_input->length; + + items->ile3$w_code = items_input->code; + items->ile3$ps_bufaddr = databuffer; + items->ile3$ps_retlen_addr = 0; + + databuffer += items_input->length / sizeof(databuffer[0]); + data_sz += items_input->length; + } + /* Terminating NULL entry */ + items->ile3$w_length = items->ile3$w_code = 0; + items->ile3$ps_bufaddr = items->ile3$ps_retlen_addr = NULL; + + return data_sz / sizeof(databuffer[0]); +} + +static void massage_JPI(ILE3 *items) +{ + /* + * Special treatment of JPI$_FINALEXC + * The result of that item's data buffer is a 32-bit address to a list of + * 4 32-bit words. + */ + for (; items->ile3$w_length != 0; items++) { + if (items->ile3$w_code == JPI$_FINALEXC) { + uint32_t *data = items->ile3$ps_bufaddr; + uint32_t *ptr = (uint32_t *)*data; + size_t j; + + /* + * We know we made space for 4 32-bit words, so we can do in-place + * replacement. + */ + for (j = 0; j < 4; j++) + data[j] = ptr[j]; + + break; + } + } +} + /* * This number expresses how many bits of data contain 1 bit of entropy. * - * For the moment, we assume about 0.5 entropy bits per data bit, or 1 - * bit of entropy per 2 data bits. + * For the moment, we assume about 0.05 entropy bits per data bit, or 1 + * bit of entropy per 20 data bits. */ -#define ENTROPY_FACTOR 2 +#define ENTROPY_FACTOR 20 size_t rand_pool_acquire_entropy(RAND_POOL *pool) { - /* determine the number of items in the JPI array */ - struct items_data_st item_entry; - size_t item_entry_count = OSSL_NELEM(items_data); - /* Create the 32-bit JPI itemlist array to hold item_data content */ - struct { - uint16_t length, code; - uint32_t *buffer; - uint32_t *retlen; - } item[item_entry_count], *pitem; - struct items_data_st *pitems_data; - /* 8 bytes (two longs) per entry max */ - uint32_t data_buffer[(item_entry_count * 2) + 4]; - uint32_t iosb[2]; - uint32_t sys_time[2]; - uint32_t *ptr; - size_t i, j ; - size_t tmp_length = 0; + ILE3 JPI_items_64bit[OSSL_NELEM(JPI_item_data_64bit) + 1]; + ILE3 RMI_items_64bit[OSSL_NELEM(RMI_item_data_64bit) + 1]; + ILE3 DVI_items[OSSL_NELEM(DVI_item_data) + 1]; + ILE3 JPI_items[OSSL_NELEM(JPI_item_data) + 1]; + ILE3 RMI_items[OSSL_NELEM(RMI_item_data) + 1]; + ILE3 SYI_items[OSSL_NELEM(SYI_item_data) + 1]; + union { + /* This ensures buffer starts at 64 bit boundary */ + uint64_t dummy; + uint32_t buffer[OSSL_NELEM(JPI_item_data_64bit) * 2 + + OSSL_NELEM(RMI_item_data_64bit) * 2 + + OSSL_NELEM(DVI_item_data) + + OSSL_NELEM(JPI_item_data) + + OSSL_NELEM(RMI_item_data) + + OSSL_NELEM(SYI_item_data) + + 4 /* For JPI$_FINALEXC */]; + } data; + size_t total_elems = 0; size_t total_length = 0; size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_FACTOR); size_t bytes_remaining = rand_pool_bytes_remaining(pool); - /* Setup itemlist for GETJPI */ - pitems_data = items_data; - for (pitem = item; pitems_data->length != 0; pitem++) { - pitem->length = pitems_data->length; - pitem->code = pitems_data->code; - pitem->buffer = &data_buffer[total_length]; - pitem->retlen = 0; - /* total_length is in longwords */ - total_length += pitems_data->length / 4; - pitems_data++; - } - pitem->length = pitem->code = 0; + /* Take all the 64-bit items first, to ensure proper alignment of data */ + total_elems += + prepare_item_list(JPI_item_data_64bit, OSSL_NELEM(JPI_item_data_64bit), + JPI_items_64bit, &data.buffer[total_elems]); + total_elems += + prepare_item_list(RMI_item_data_64bit, OSSL_NELEM(RMI_item_data_64bit), + RMI_items_64bit, &data.buffer[total_elems]); + /* Now the 32-bit items */ + total_elems += prepare_item_list(DVI_item_data, OSSL_NELEM(DVI_item_data), + DVI_items, &data.buffer[total_elems]); + total_elems += prepare_item_list(JPI_item_data, OSSL_NELEM(JPI_item_data), + JPI_items, &data.buffer[total_elems]); + total_elems += prepare_item_list(RMI_item_data, OSSL_NELEM(RMI_item_data), + RMI_items, &data.buffer[total_elems]); + total_elems += prepare_item_list(SYI_item_data, OSSL_NELEM(SYI_item_data), + SYI_items, &data.buffer[total_elems]); + total_length = total_elems * sizeof(data.buffer[0]); - /* Fill data_buffer with various info bits from this process */ - if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) != SS$_NORMAL) - return 0; + /* Fill data.buffer with various info bits from this process */ + { + uint32_t status; + uint32_t efn; + IOSB iosb; + $DESCRIPTOR(SYSDEVICE,"SYS$SYSDEVICE:"); - /* Now twist that data to seed the SSL random number init */ - for (i = 0; i < total_length; i++) { - sys$gettim((struct _generic_64 *)&sys_time[0]); - srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i); - - if (i == (total_length - 1)) { /* for JPI$_FINALEXC */ - ptr = &data_buffer[i]; - for (j = 0; j < 4; j++) { - data_buffer[i + j] = ptr[j]; - /* OK to use rand() just to scramble the seed */ - data_buffer[i + j] ^= (sys_time[0] ^ rand()); - tmp_length++; - } - } else { - /* OK to use rand() just to scramble the seed */ - data_buffer[i] ^= (sys_time[0] ^ rand()); + if ((status = sys$getdviw(EFN$C_ENF, 0, &SYSDEVICE, DVI_items, + 0, 0, 0, 0, 0)) != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items_64bit, 0, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$getjpiw(EFN$C_ENF, 0, 0, JPI_items, 0, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$getsyiw(EFN$C_ENF, 0, 0, SYI_items, 0, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + /* + * The RMI service is a bit special, as there is no synchronous + * variant, so we MUST create an event flag to synchronise on. + */ + if ((status = lib$get_ef(&efn)) != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$getrmi(efn, 0, 0, RMI_items_64bit, &iosb, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if (iosb.iosb$l_getxxi_status != SS$_NORMAL) { + lib$signal(iosb.iosb$l_getxxi_status); + return 0; + } + if ((status = sys$getrmi(efn, 0, 0, RMI_items, &iosb, 0, 0)) + != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if ((status = sys$synch(efn, &iosb)) != SS$_NORMAL) { + lib$signal(status); + return 0; + } + if (iosb.iosb$l_getxxi_status != SS$_NORMAL) { + lib$signal(iosb.iosb$l_getxxi_status); + return 0; + } + if ((status = lib$free_ef(&efn)) != SS$_NORMAL) { + lib$signal(status); + return 0; } } - total_length += (tmp_length - 1); - - /* Change the total length to number of bytes */ - total_length *= 4; + massage_JPI(JPI_items); /* * If we can't feed the requirements from the caller, we're in deep trouble. @@ -152,8 +464,8 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) total_length = bytes_remaining; /* We give the pessimistic value for the amount of entropy */ - rand_pool_add(pool, (PTR_T)data_buffer, total_length, - total_length / ENTROPY_FACTOR); + rand_pool_add(pool, (unsigned char *)data.buffer, total_length, + 8 * total_length / ENTROPY_FACTOR); return rand_pool_entropy_available(pool); } @@ -172,7 +484,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) */ data.pid = getpid(); data.tid = CRYPTO_THREAD_get_current_id(); - sys$gettim_prec((struct _generic_64 *)&data.time); + sys$gettim_prec(&data.time); return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } @@ -190,7 +502,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool) * concurrently (which is the case for the drbg). */ data.tid = CRYPTO_THREAD_get_current_id(); - sys$gettim_prec((struct _generic_64 *)&data.time); + sys$gettim_prec(&data.time); return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } From matthias.st.pierre at ncp-e.com Thu May 3 20:23:38 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 03 May 2018 20:23:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525379018.294904.27686.nullmailer@dev.openssl.org> The branch master has been updated via bc624bd95554ea218cbc3fad0d794abdfeb21eb6 (commit) from 463e6ef500ead3fefccc470ce2f82429bb060e70 (commit) - Log ----------------------------------------------------------------- commit bc624bd95554ea218cbc3fad0d794abdfeb21eb6 Author: Dr. Matthias St. Pierre Date: Wed May 2 23:06:15 2018 +0200 v3_purp.c: add locking to x509v3_cache_extensions() Fixes #6121 Thanks to Mingtao Yang for reporting this bug. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6162) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_purp.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index d344e2d..1ba1ce8 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -78,11 +78,9 @@ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); - x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); - } + + x509v3_cache_extensions(x); + /* Return if side-effect only call */ if (id == -1) return 1; @@ -354,8 +352,16 @@ static void x509v3_cache_extensions(X509 *x) X509_EXTENSION *ex; int i; + if (x->ex_flags & EXFLAG_SET) return; + + CRYPTO_THREAD_write_lock(x->lock); + if (x->ex_flags & EXFLAG_SET) { + CRYPTO_THREAD_unlock(x->lock); + return; + } + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); /* V1 should mean no extensions ... */ if (!X509_get_version(x)) @@ -490,6 +496,7 @@ static void x509v3_cache_extensions(X509 *x) } x509_init_sig_info(x); x->ex_flags |= EXFLAG_SET; + CRYPTO_THREAD_unlock(x->lock); } /*- @@ -542,11 +549,7 @@ void X509_set_proxy_pathlen(X509 *x, long l) int X509_check_ca(X509 *x) { - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); - x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); - } + x509v3_cache_extensions(x); return check_ca(x); } @@ -760,6 +763,7 @@ int X509_check_issued(X509 *issuer, X509 *subject) if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); From matthias.st.pierre at ncp-e.com Thu May 3 20:26:35 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 03 May 2018 20:26:35 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525379195.831055.28903.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2c2d9dcd25b6a9e9c6522bfd030d6be5d8e1c92a (commit) from f4be878edae21755fe83ef26f3f3821a2fe58a97 (commit) - Log ----------------------------------------------------------------- commit 2c2d9dcd25b6a9e9c6522bfd030d6be5d8e1c92a Author: Dr. Matthias St. Pierre Date: Wed May 2 23:06:15 2018 +0200 v3_purp.c: add locking to x509v3_cache_extensions() Fixes #6121 Thanks to Mingtao Yang for reporting this bug. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6162) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_purp.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 6d2f354..144de0c 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -78,11 +78,9 @@ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); - x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); - } + + x509v3_cache_extensions(x); + /* Return if side-effect only call */ if (id == -1) return 1; @@ -354,8 +352,16 @@ static void x509v3_cache_extensions(X509 *x) X509_EXTENSION *ex; int i; + if (x->ex_flags & EXFLAG_SET) return; + + CRYPTO_THREAD_write_lock(x->lock); + if (x->ex_flags & EXFLAG_SET) { + CRYPTO_THREAD_unlock(x->lock); + return; + } + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); /* V1 should mean no extensions ... */ if (!X509_get_version(x)) @@ -489,6 +495,7 @@ static void x509v3_cache_extensions(X509 *x) } } x->ex_flags |= EXFLAG_SET; + CRYPTO_THREAD_unlock(x->lock); } /*- @@ -541,11 +548,7 @@ void X509_set_proxy_pathlen(X509 *x, long l) int X509_check_ca(X509 *x) { - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); - x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); - } + x509v3_cache_extensions(x); return check_ca(x); } @@ -759,6 +762,7 @@ int X509_check_issued(X509 *issuer, X509 *subject) if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); From appro at openssl.org Thu May 3 20:28:48 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 03 May 2018 20:28:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525379328.482267.29753.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 1b3af972c0ea6435ce7ac897de9f7c0f138e05a7 (commit) from bd05644df71602f76db5335b8077ba4dbbb6b427 (commit) - Log ----------------------------------------------------------------- commit 1b3af972c0ea6435ce7ac897de9f7c0f138e05a7 Author: Todd Short Date: Mon Apr 23 14:06:22 2018 -0400 Configure: fix Mac OS X builds that still require makedepend Earlier Apple Xcode compilers, e.g. one targeting Mac OS X 10.7, don't support dependency generation and one still has to use makedepend. It's unclear when it was fixed, but all clang-based Apple compilers seem to support -M options. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6073) ----------------------------------------------------------------------- Summary of changes: Configure | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 744b493..9c1879e 100755 --- a/Configure +++ b/Configure @@ -1671,6 +1671,13 @@ while () { } close(PIPE); +# Xcode did not handle $cc -M before clang support +my $cc_as_makedepend = 0; +if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__}) + && !defined($predefined{__clang__}))) { + $cc_as_makedepend = 1; +} + if ($strict_warnings) { my $wopt; @@ -1730,14 +1737,14 @@ while () s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend; } else { s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^RC=.*/RC= $windres/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; From matthias.st.pierre at ncp-e.com Thu May 3 20:34:27 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 03 May 2018 20:34:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525379667.085038.31262.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via c14a3be5adf88edc002199835d8fa40f1296e381 (commit) from 1b3af972c0ea6435ce7ac897de9f7c0f138e05a7 (commit) - Log ----------------------------------------------------------------- commit c14a3be5adf88edc002199835d8fa40f1296e381 Author: Dr. Matthias St. Pierre Date: Wed May 2 23:06:15 2018 +0200 v3_purp.c: add locking to x509v3_cache_extensions() Fixes #6121 Thanks to Mingtao Yang for reporting this bug. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6164) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_purp.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 96e629a..1baa811 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -128,11 +128,10 @@ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); - x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } + + x509v3_cache_extensions(x); + + /* Return if side-effect only call */ if (id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -399,8 +398,16 @@ static void x509v3_cache_extensions(X509 *x) X509_EXTENSION *ex; int i; + if (x->ex_flags & EXFLAG_SET) return; + + CRYPTO_w_lock(CRYPTO_LOCK_X509); + if (x->ex_flags & EXFLAG_SET) { + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + return; + } + #ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); #endif @@ -536,6 +543,7 @@ static void x509v3_cache_extensions(X509 *x) } } x->ex_flags |= EXFLAG_SET; + CRYPTO_w_unlock(CRYPTO_LOCK_X509); } /*- @@ -578,11 +586,7 @@ static int check_ca(const X509 *x) int X509_check_ca(X509 *x) { - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); - x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } + x509v3_cache_extensions(x); return check_ca(x); } @@ -796,6 +800,7 @@ int X509_check_issued(X509 *issuer, X509 *subject) if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); From openssl at openssl.org Thu May 3 23:33:52 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 May 2018 23:33:52 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-chacha Message-ID: <1525390432.450441.17220.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-chacha Commit log since last time: bc624bd v3_purp.c: add locking to x509v3_cache_extensions() 463e6ef VMS: modernise rand_pool_acquire_entropy, step 2 ce147f7 VMS: modernise rand_pool_acquire_entropy, step 1 b1860d6 Return an error from BN_mod_inverse if n is 1 (or -1) 4db296d Make X509_VERIFY_PARAM_get_hostflags() take a const arg e401389 Add a test for SSL_get_shared_ciphers() 6021d8e Fix a bug in create_ssl_ctx_pair() 3bfa475 Add some documentation for SSL_get_shared_ciphers() f054160 Fix comment in ssl_locl.h a216df5 Fix SSL_get_shared_ciphers() Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1335, 207 wallclock secs ( 2.96 usr 0.37 sys + 171.90 cusr 10.84 csys = 186.07 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-chacha' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri May 4 05:53:23 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 May 2018 05:53:23 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-poly1305 Message-ID: <1525413203.844516.7416.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-poly1305 Commit log since last time: bc624bd v3_purp.c: add locking to x509v3_cache_extensions() 463e6ef VMS: modernise rand_pool_acquire_entropy, step 2 ce147f7 VMS: modernise rand_pool_acquire_entropy, step 1 b1860d6 Return an error from BN_mod_inverse if n is 1 (or -1) 4db296d Make X509_VERIFY_PARAM_get_hostflags() take a const arg e401389 Add a test for SSL_get_shared_ciphers() 6021d8e Fix a bug in create_ssl_ctx_pair() 3bfa475 Add some documentation for SSL_get_shared_ciphers() f054160 Fix comment in ssl_locl.h a216df5 Fix SSL_get_shared_ciphers() Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1336, 215 wallclock secs ( 2.98 usr 0.38 sys + 181.56 cusr 11.07 csys = 195.99 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-poly1305' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri May 4 09:34:58 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 May 2018 09:34:58 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1525426498.247458.16935.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: bc624bd v3_purp.c: add locking to x509v3_cache_extensions() 463e6ef VMS: modernise rand_pool_acquire_entropy, step 2 ce147f7 VMS: modernise rand_pool_acquire_entropy, step 1 b1860d6 Return an error from BN_mod_inverse if n is 1 (or -1) 4db296d Make X509_VERIFY_PARAM_get_hostflags() take a const arg e401389 Add a test for SSL_get_shared_ciphers() 6021d8e Fix a bug in create_ssl_ctx_pair() 3bfa475 Add some documentation for SSL_get_shared_ciphers() f054160 Fix comment in ssl_locl.h a216df5 Fix SSL_get_shared_ciphers() Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1261, 185 wallclock secs ( 1.67 usr 0.28 sys + 160.28 cusr 9.59 csys = 171.82 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From appro at openssl.org Fri May 4 09:44:28 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 04 May 2018 09:44:28 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525427068.768758.7345.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via d067ba3bcc4944140578bdbf857affa6faf9e8c1 (commit) from 2c2d9dcd25b6a9e9c6522bfd030d6be5d8e1c92a (commit) - Log ----------------------------------------------------------------- commit d067ba3bcc4944140578bdbf857affa6faf9e8c1 Author: Andy Polyakov Date: Mon Apr 30 22:59:51 2018 +0200 bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word. Montgomery multiplication post-conditions in some of code paths were formally non-constant time. Cache access pattern was result-neutral, but a little bit asymmetric, which might have produced a signal [if processor reordered load and stores at run-time]. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6163) (cherry picked from commit 774ff8fed67e19d4f5f0df2f59050f2737abab2a) Resolved conflicts in ppc-mont.pl and x86_64-mont.pl. ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/alpha-mont.pl | 9 ++--- crypto/bn/asm/armv4-mont.pl | 15 ++++---- crypto/bn/asm/ia64-mont.pl | 18 +++++----- crypto/bn/asm/mips-mont.pl | 12 +++---- crypto/bn/asm/parisc-mont.pl | 28 +++++++-------- crypto/bn/asm/ppc-mont.pl | 13 +++---- crypto/bn/asm/ppc64-mont.pl | 41 ++++++++++++++------- crypto/bn/asm/s390x-mont.pl | 14 ++++---- crypto/bn/asm/sparct4-mont.pl | 24 ++++++------- crypto/bn/asm/sparcv9-mont.pl | 10 +++--- crypto/bn/asm/via-mont.pl | 13 +++---- crypto/bn/asm/vis3-mont.pl | 16 ++++----- crypto/bn/asm/x86-mont.pl | 20 ++++++----- crypto/bn/asm/x86_64-mont.pl | 83 +++++++++++++++++++++---------------------- crypto/bn/asm/x86_64-mont5.pl | 19 +++++----- 15 files changed, 169 insertions(+), 166 deletions(-) diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl index 1d68d6d..068e450 100644 --- a/crypto/bn/asm/alpha-mont.pl +++ b/crypto/bn/asm/alpha-mont.pl @@ -297,15 +297,12 @@ bn_mul_mont: mov sp,$tp mov $bp,$rp # restore rp - and sp,$hi0,$ap - bic $bp,$hi0,$bp - bis $bp,$ap,$ap # ap=borrow?tp:rp - .align 4 -.Lcopy: ldq $aj,0($ap) # copy or in-place refresh +.Lcopy: ldq $aj,0($tp) # conditional copy + ldq $nj,0($rp) lda $tp,8($tp) lda $rp,8($rp) - lda $ap,8($ap) + cmoveq $hi0,$nj,$aj stq zero,-8($tp) # zap tp cmpult $tp,$tj,AT stq $aj,-8($rp) diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 0dc4fe9..152823c 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -262,14 +262,15 @@ bn_mul_mont: mov $tp,sp @ "rewind" $tp sub $rp,$rp,$aj @ "rewind" $rp - and $ap,$tp,$nhi - bic $np,$rp,$nhi - orr $ap,$ap,$np @ ap=borrow?tp:rp - -.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh +.Lcopy: ldr $tj,[$tp] @ conditional copy + ldr $aj,[$rp] str sp,[$tp],#4 @ zap tp - str $tj,[$rp],#4 - cmp $tp,$num +#ifdef __thumb2__ + it cc +#endif + movcc $aj,$tj + str $aj,[$rp],#4 + teq $tp,$num @ preserve carry bne .Lcopy mov sp,$num diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl index 5cc5c59..a535e2d 100644 --- a/crypto/bn/asm/ia64-mont.pl +++ b/crypto/bn/asm/ia64-mont.pl @@ -341,19 +341,19 @@ bn_mul_mont_general: { .mmb; sub rptr=rptr,len // rewind sub tptr=tptr,len clrrrb.pr };; -{ .mmi; and aptr=tptr,topbit - andcm bptr=rptr,topbit +{ .mmi; mov aptr=rptr + mov bptr=tptr mov pr.rot=1<<16 };; -{ .mii; or nptr=aptr,bptr +{ .mii; cmp.eq p0,p6=topbit,r0 mov ar.lc=lc - mov ar.ec=3 };; + mov ar.ec=2 };; .Lcopy_ctop: -{ .mmb; (p16) ld8 n[0]=[nptr],8 - (p18) st8 [tptr]=r0,8 - (p16) nop.b 0 } -{ .mmb; (p16) nop.m 0 - (p18) st8 [rptr]=n[2],8 +{ .mmi; (p16) ld8 a[0]=[aptr],8 + (p16) ld8 t[0]=[bptr],8 + (p6) mov a[1]=t[1] };; // (p17) +{ .mmb; (p17) st8 [rptr]=a[1],8 + (p17) st8 [tptr]=r0,8 br.ctop.sptk .Lcopy_ctop };; .Lcopy_cend: diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl index a907571..d15c0b9 100644 --- a/crypto/bn/asm/mips-mont.pl +++ b/crypto/bn/asm/mips-mont.pl @@ -384,15 +384,13 @@ $code.=<<___; $PTR_SUB $rp,$num # restore rp not $hi1,$hi0 - and $ap,$hi0,$sp - and $bp,$hi1,$rp - or $ap,$ap,$bp # ap=borrow?tp:rp - -.align 4 -.Lcopy: $LD $aj,($ap) - $PTR_ADD $ap,$BNSZ +.Lcopy: $LD $nj,($tp) # conditional move + $LD $aj,($rp) $ST $zero,($tp) $PTR_ADD $tp,$BNSZ + and $nj,$hi0 + and $aj,$hi1 + or $aj,$nj sltu $at,$tp,$tj $ST $aj,($rp) bnez $at,.Lcopy diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index 8aa94e8..ef50ba1 100644 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl @@ -517,7 +517,6 @@ L\$sub stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp ___ $code.=<<___ if ($BN_SZ==8); ldd,ma 8($tp),$ti0 @@ -532,21 +531,19 @@ L\$sub extrd,u $ti0,31,32,$ti0 ; carry in flipped word order sub,db $ti0,%r0,$hi1 - ldo -8($tp),$tp ___ $code.=<<___; - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np - + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy - ldd $idx($np),$hi0 + ldd 0($tp),$ti0 + ldd 0($rp),$hi0 std,ma %r0,8($tp) - addib,<> 8,$idx,.-8 ; L\$copy - std,ma $hi0,8($rp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 + addib,<> 8,$idx,L\$copy + std,ma $hi0,8($rp) ___ if ($BN_SZ==4) { # PA-RISC 1.1 code-path @@ -856,17 +853,16 @@ L\$sub_pa11 stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy_pa11 - ldwx $idx($np),$hi0 + ldw 0($tp),$ti0 + ldw 0($rp),$hi0 stws,ma %r0,4($tp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 addib,<> 4,$idx,L\$copy_pa11 stws,ma $hi0,4($rp) diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl index 5802260..6dd3ccc 100644 --- a/crypto/bn/asm/ppc-mont.pl +++ b/crypto/bn/asm/ppc-mont.pl @@ -301,15 +301,16 @@ Lsub: $LDX $tj,$tp,$j li $j,0 mtctr $num subfe $ovf,$j,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp .align 4 -Lcopy: ; copy or in-place refresh - $LDX $tj,$ap,$j - $STX $tj,$rp,$j +Lcopy: ; conditional copy + $LDX $tj,$tp,$j + $LDX $aj,$rp,$j + and $tj,$tj,$ovf + andc $aj,$aj,$ovf $STX $j,$tp,$j ; zap at once + or $aj,$aj,$tj + $STX $aj,$rp,$j addi $j,$j,$BNSZ bdnz Lcopy diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index 1e19c95..377a6b3 100644 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl @@ -1501,16 +1501,14 @@ Lsub: ldx $t0,$tp,$i li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp - addi $t7,$ap,8 mtctr $j .align 4 -Lcopy: ; copy or in-place refresh - ldx $t0,$ap,$i - ldx $t1,$t7,$i +Lcopy: ; conditional copy + ldx $t0,$tp,$i + ldx $t1,$t4,$i + ldx $t2,$rp,$i + ldx $t3,$t6,$i std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1519,6 +1517,12 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + andc $t2,$t2,$ovf + andc $t3,$t3,$ovf + or $t0,$t0,$t2 + or $t1,$t1,$t3 stdx $t0,$rp,$i stdx $t1,$t6,$i stdx $i,$tp,$i ; zap tp at once @@ -1561,20 +1565,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - addi $tp,$sp,`$FRAME+$TRANSFER+4` + addi $ap,$sp,`$FRAME+$TRANSFER+4` subf $rp,$num,$rp ; rewind rp - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp addi $tp,$sp,`$FRAME+$TRANSFER` mtctr $j .align 4 -Lcopy: ; copy or in-place refresh +Lcopy: ; conditional copy lwz $t0,4($ap) lwz $t1,8($ap) lwz $t2,12($ap) lwzu $t3,16($ap) + lwz $t4,4($rp) + lwz $t5,8($rp) + lwz $t6,12($rp) + lwz $t7,16($rp) std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1583,6 +1588,18 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + and $t2,$t2,$ovf + and $t3,$t3,$ovf + andc $t4,$t4,$ovf + andc $t5,$t5,$ovf + andc $t6,$t6,$ovf + andc $t7,$t7,$ovf + or $t0,$t0,$t4 + or $t1,$t1,$t5 + or $t2,$t2,$t6 + or $t3,$t3,$t7 stw $t0,4($rp) stw $t1,8($rp) stw $t2,12($rp) diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl index 2205bc2..7af1bcd 100644 --- a/crypto/bn/asm/s390x-mont.pl +++ b/crypto/bn/asm/s390x-mont.pl @@ -252,16 +252,16 @@ $code.=<<___; brct $count,.Lsub lghi $ahi,0 slbgr $AHI,$ahi # handle upmost carry - - ngr $ap,$AHI - lghi $np,-1 - xgr $np,$AHI - ngr $np,$rp - ogr $ap,$np # ap=borrow?tp:rp + lghi $NHI,-1 + xgr $NHI,$AHI la $j,0(%r0) lgr $count,$num -.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh +.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy + lg $alo,0($j,$rp) + ngr $ahi,$AHI + ngr $alo,$NHI + ogr $alo,$ahi _dswap $alo stg $j,$stdframe($j,$sp) # zap tp stg $alo,0($j,$rp) diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl index 4faf66f..2e1d110 100755 --- a/crypto/bn/asm/sparct4-mont.pl +++ b/crypto/bn/asm/sparct4-mont.pl @@ -888,19 +888,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy @@ -1136,19 +1134,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy_g5 sub $num, 8, $cnt .align 16 -.Lcopy_g5: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy_g5: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy_g5 diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index 6807c8b..55ceecb 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -265,7 +265,6 @@ $fname: .Ltail: add $np,$num,$np add $rp,$num,$rp - mov $tp,$ap sub %g0,$num,%o7 ! k=-num ba .Lsub subcc %g0,%g0,%g0 ! clear %icc.c @@ -278,15 +277,14 @@ $fname: add %o7,4,%o7 brnz %o7,.Lsub st %o1,[$i] - subc $car2,0,$car2 ! handle upmost overflow bit - and $tp,$car2,$ap - andn $rp,$car2,$np - or $ap,$np,$ap + subccc $car2,0,$car2 ! handle upmost overflow bit sub %g0,$num,%o7 .Lcopy: - ld [$ap+%o7],%o0 ! copy or in-place refresh + ld [$tp+%o7],%o1 ! conditional copy + ld [$rp+%o7],%o0 st %g0,[$tp+%o7] ! zap tp + movcs %icc,%o1,%o0 st %o0,[$rp+%o7] add %o7,4,%o7 brnz %o7,.Lcopy diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl index 9f81bc8..8357cb5 100644 --- a/crypto/bn/asm/via-mont.pl +++ b/crypto/bn/asm/via-mont.pl @@ -213,18 +213,15 @@ $sp=&DWP(28,"esp"); &mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit &sbb ("eax",0); - &and ("esi","eax"); - ¬ ("eax"); - &mov ("ebp","edi"); - &and ("ebp","eax"); - &or ("esi","ebp"); # tp=carry?tp:rp &mov ("ecx","edx"); # num - &xor ("edx","edx"); # i=0 + &mov ("edx",0); # i=0 &set_label("copy",8); - &mov ("eax",&DWP(0,"esi","edx",4)); - &mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp + &mov ("ebx",&DWP(0,"esi","edx",4)); + &mov ("eax",&DWP(0,"edi","edx",4)); + &mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp + &cmovc ("eax","ebx"); &mov (&DWP(0,"edi","edx",4),"eax"); &lea ("edx",&DWP(1,"edx")); # i++ &loop (&label("copy")); diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index 64dba44..6937fe2 100644 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -310,23 +310,23 @@ $code.=<<___; sub $anp, $num, $anp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ld [$ap+0], $t2 - ld [$ap+4], $t3 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ld [$tp+0], $t0 + ld [$tp+4], $t1 + ld [$rp+0], $t2 + ld [$rp+4], $t3 stx %g0, [$tp] ! zap add $tp, 8, $tp stx %g0, [$anp] ! zap stx %g0, [$anp+8] add $anp, 16, $anp + movcs %icc, $t0, $t2 + movcs %icc, $t1, $t3 st $t3, [$rp+0] ! flip order st $t2, [$rp+4] add $rp, 8, $rp diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl index 6787503..3c1bb9d 100755 --- a/crypto/bn/asm/x86-mont.pl +++ b/crypto/bn/asm/x86-mont.pl @@ -604,16 +604,18 @@ $sbit=$num; &jge (&label("sub")); &sbb ("eax",0); # handle upmost overflow bit - &and ($tp,"eax"); - ¬ ("eax"); - &mov ($np,$rp); - &and ($np,"eax"); - &or ($tp,$np); # tp=carry?tp:rp - -&set_label("copy",16); # copy or in-place refresh - &mov ("eax",&DWP(0,$tp,$num,4)); - &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i] + &mov ("edx",-1); + &xor ("edx","eax"); + &jmp (&label("copy")); + +&set_label("copy",16); # conditional copy + &mov ($tp,&DWP($frame,"esp",$num,4)); + &mov ($np,&DWP(0,$rp,$num,4)); &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector + &and ($tp,"eax"); + &and ($np,"edx"); + &or ($np,$tp); + &mov (&DWP(0,$rp,$num,4),$np); &dec ($num); &jge (&label("copy")); diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index df4cca5..95524d2 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -302,30 +302,30 @@ $code.=<<___; xor $i,$i # i=0 and clear CF! mov (%rsp),%rax # tp[0] - lea (%rsp),$ap # borrow ap for tp mov $num,$j # j=num - jmp .Lsub + .align 16 .Lsub: sbb ($np,$i,8),%rax mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 8($ap,$i,8),%rax # tp[i+1] + mov 8(%rsp,$i,8),%rax # tp[i+1] lea 1($i),$i # i++ dec $j # doesnn't affect CF! jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx # not %rax xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax - mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx + mov $num,(%rsp,$i,8) # zap temporary vector + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy @@ -695,10 +695,10 @@ ___ my @ri=("%rax","%rdx",$m0,$m1); $code.=<<___; mov 16(%rsp,$num,8),$rp # restore $rp + lea -4($num),$j mov 0(%rsp), at ri[0] # tp[0] - pxor %xmm0,%xmm0 mov 8(%rsp), at ri[1] # tp[1] - shr \$2,$num # num/=4 + shr \$2,$j # j=num/4-1 lea (%rsp),$ap # borrow ap for tp xor $i,$i # i=0 and clear CF! @@ -706,9 +706,7 @@ $code.=<<___; mov 16($ap), at ri[2] # tp[2] mov 24($ap), at ri[3] # tp[3] sbb 8($np), at ri[1] - lea -1($num),$j # j=num/4-1 - jmp .Lsub4x -.align 16 + .Lsub4x: mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] @@ -735,34 +733,35 @@ $code.=<<___; sbb \$0, at ri[0] # handle upmost overflow bit mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] - xor $i,$i # i=0 - and @ri[0],$ap - not @ri[0] - mov $rp,$np - and @ri[0],$np - lea -1($num),$j - or $np,$ap # ap=borrow?tp:rp - - movdqu ($ap),%xmm1 - movdqa %xmm0,(%rsp) - movdqu %xmm1,($rp) + pxor %xmm0,%xmm0 + movq @ri[0],%xmm4 + pcmpeqd %xmm5,%xmm5 + pshufd \$0,%xmm4,%xmm4 + mov $num,$j + pxor %xmm4,%xmm5 + shr \$2,$j # j=num/4 + xor %eax,%eax # i=0 + jmp .Lcopy4x .align 16 -.Lcopy4x: # copy or in-place refresh - movdqu 16($ap,$i),%xmm2 - movdqu 32($ap,$i),%xmm1 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) - movdqa %xmm0,32(%rsp,$i) - movdqu %xmm1,32($rp,$i) - lea 32($i),$i +.Lcopy4x: # conditional copy + movdqa (%rsp,%rax),%xmm1 + movdqu ($rp,%rax),%xmm2 + pand %xmm4,%xmm1 + pand %xmm5,%xmm2 + movdqa 16(%rsp,%rax),%xmm3 + movdqa %xmm0,(%rsp,%rax) + por %xmm2,%xmm1 + movdqu 16($rp,%rax),%xmm2 + movdqu %xmm1,($rp,%rax) + pand %xmm4,%xmm3 + pand %xmm5,%xmm2 + movdqa %xmm0,16(%rsp,%rax) + por %xmm2,%xmm3 + movdqu %xmm3,16($rp,%rax) + lea 32(%rax),%rax dec $j jnz .Lcopy4x - - shl \$2,$num - movdqu 16($ap,$i),%xmm2 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) ___ } $code.=<<___; diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 5779059..31c60d9 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -414,18 +414,19 @@ $code.=<<___; jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy From appro at openssl.org Fri May 4 09:54:00 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 04 May 2018 09:54:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525427640.227640.10412.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via aed0ecb97c2d5329b5b5728c1e74fa63ce58ca8f (commit) from c14a3be5adf88edc002199835d8fa40f1296e381 (commit) - Log ----------------------------------------------------------------- commit aed0ecb97c2d5329b5b5728c1e74fa63ce58ca8f Author: Andy Polyakov Date: Mon Apr 30 22:59:51 2018 +0200 bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word. Montgomery multiplication post-conditions in some of code paths were formally non-constant time. Cache access pattern was result-neutral, but a little bit asymmetric, which might have produced a signal [if processor reordered load and stores at run-time]. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6163) (cherry picked from commit 774ff8fed67e19d4f5f0df2f59050f2737abab2a) Resolved conflicts in ppc-mont.pl and x86_64-mont.pl. (cherry picked from commit d067ba3bcc4944140578bdbf857affa6faf9e8c1) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/alpha-mont.pl | 9 ++--- crypto/bn/asm/armv4-mont.pl | 15 ++++---- crypto/bn/asm/ia64-mont.pl | 18 +++++----- crypto/bn/asm/mips-mont.pl | 12 +++---- crypto/bn/asm/parisc-mont.pl | 28 +++++++-------- crypto/bn/asm/ppc-mont.pl | 13 +++---- crypto/bn/asm/ppc64-mont.pl | 41 ++++++++++++++------- crypto/bn/asm/s390x-mont.pl | 14 ++++---- crypto/bn/asm/sparct4-mont.pl | 24 ++++++------- crypto/bn/asm/sparcv9-mont.pl | 10 +++--- crypto/bn/asm/via-mont.pl | 13 +++---- crypto/bn/asm/vis3-mont.pl | 16 ++++----- crypto/bn/asm/x86-mont.pl | 20 ++++++----- crypto/bn/asm/x86_64-mont.pl | 83 +++++++++++++++++++++---------------------- crypto/bn/asm/x86_64-mont5.pl | 19 +++++----- 15 files changed, 169 insertions(+), 166 deletions(-) diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl index 03596e2..f80cca2 100644 --- a/crypto/bn/asm/alpha-mont.pl +++ b/crypto/bn/asm/alpha-mont.pl @@ -287,15 +287,12 @@ bn_mul_mont: mov sp,$tp mov $bp,$rp # restore rp - and sp,$hi0,$ap - bic $bp,$hi0,$bp - bis $bp,$ap,$ap # ap=borrow?tp:rp - .align 4 -.Lcopy: ldq $aj,0($ap) # copy or in-place refresh +.Lcopy: ldq $aj,0($tp) # conditional copy + ldq $nj,0($rp) lda $tp,8($tp) lda $rp,8($rp) - lda $ap,8($ap) + cmoveq $hi0,$nj,$aj stq zero,-8($tp) # zap tp cmpult $tp,$tj,AT stq $aj,-8($rp) diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 1d330e9..8961180 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -216,14 +216,15 @@ bn_mul_mont: mov $tp,sp @ "rewind" $tp sub $rp,$rp,$aj @ "rewind" $rp - and $ap,$tp,$nhi - bic $np,$rp,$nhi - orr $ap,$ap,$np @ ap=borrow?tp:rp - -.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh +.Lcopy: ldr $tj,[$tp] @ conditional copy + ldr $aj,[$rp] str sp,[$tp],#4 @ zap tp - str $tj,[$rp],#4 - cmp $tp,$num +#ifdef __thumb2__ + it cc +#endif + movcc $aj,$tj + str $aj,[$rp],#4 + teq $tp,$num @ preserve carry bne .Lcopy add sp,$num,#4 @ skip over tp[num+1] diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl index e258658..7dae817 100644 --- a/crypto/bn/asm/ia64-mont.pl +++ b/crypto/bn/asm/ia64-mont.pl @@ -332,19 +332,19 @@ bn_mul_mont_general: { .mmb; sub rptr=rptr,len // rewind sub tptr=tptr,len clrrrb.pr };; -{ .mmi; and aptr=tptr,topbit - andcm bptr=rptr,topbit +{ .mmi; mov aptr=rptr + mov bptr=tptr mov pr.rot=1<<16 };; -{ .mii; or nptr=aptr,bptr +{ .mii; cmp.eq p0,p6=topbit,r0 mov ar.lc=lc - mov ar.ec=3 };; + mov ar.ec=2 };; .Lcopy_ctop: -{ .mmb; (p16) ld8 n[0]=[nptr],8 - (p18) st8 [tptr]=r0,8 - (p16) nop.b 0 } -{ .mmb; (p16) nop.m 0 - (p18) st8 [rptr]=n[2],8 +{ .mmi; (p16) ld8 a[0]=[aptr],8 + (p16) ld8 t[0]=[bptr],8 + (p6) mov a[1]=t[1] };; // (p17) +{ .mmb; (p17) st8 [rptr]=a[1],8 + (p17) st8 [tptr]=r0,8 br.ctop.sptk .Lcopy_ctop };; .Lcopy_cend: diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl index a33cdf4..9b80e84 100644 --- a/crypto/bn/asm/mips-mont.pl +++ b/crypto/bn/asm/mips-mont.pl @@ -377,15 +377,13 @@ $code.=<<___; $PTR_SUB $rp,$num # restore rp not $hi1,$hi0 - and $ap,$hi0,$sp - and $bp,$hi1,$rp - or $ap,$ap,$bp # ap=borrow?tp:rp - -.align 4 -.Lcopy: $LD $aj,($ap) - $PTR_ADD $ap,$BNSZ +.Lcopy: $LD $nj,($tp) # conditional move + $LD $aj,($rp) $ST $zero,($tp) $PTR_ADD $tp,$BNSZ + and $nj,$hi0 + and $aj,$hi1 + or $aj,$nj sltu $at,$tp,$tj $ST $aj,($rp) bnez $at,.Lcopy diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index c02ef6f..53e179d 100644 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl @@ -510,7 +510,6 @@ L\$sub stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp ___ $code.=<<___ if ($BN_SZ==8); ldd,ma 8($tp),$ti0 @@ -525,21 +524,19 @@ L\$sub extrd,u $ti0,31,32,$ti0 ; carry in flipped word order sub,db $ti0,%r0,$hi1 - ldo -8($tp),$tp ___ $code.=<<___; - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np - + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy - ldd $idx($np),$hi0 + ldd 0($tp),$ti0 + ldd 0($rp),$hi0 std,ma %r0,8($tp) - addib,<> 8,$idx,.-8 ; L\$copy - std,ma $hi0,8($rp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 + addib,<> 8,$idx,L\$copy + std,ma $hi0,8($rp) ___ if ($BN_SZ==4) { # PA-RISC 1.1 code-path @@ -849,17 +846,16 @@ L\$sub_pa11 stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy_pa11 - ldwx $idx($np),$hi0 + ldw 0($tp),$ti0 + ldw 0($rp),$hi0 stws,ma %r0,4($tp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 addib,<> 4,$idx,L\$copy_pa11 stws,ma $hi0,4($rp) diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl index 6930a3a..ac3b4a4 100644 --- a/crypto/bn/asm/ppc-mont.pl +++ b/crypto/bn/asm/ppc-mont.pl @@ -294,15 +294,16 @@ Lsub: $LDX $tj,$tp,$j li $j,0 mtctr $num subfe $ovf,$j,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp .align 4 -Lcopy: ; copy or in-place refresh - $LDX $tj,$ap,$j - $STX $tj,$rp,$j +Lcopy: ; conditional copy + $LDX $tj,$tp,$j + $LDX $aj,$rp,$j + and $tj,$tj,$ovf + andc $aj,$aj,$ovf $STX $j,$tp,$j ; zap at once + or $aj,$aj,$tj + $STX $aj,$rp,$j addi $j,$j,$BNSZ bdnz Lcopy diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index 595fc6d..6cf99c5 100644 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl @@ -1494,16 +1494,14 @@ Lsub: ldx $t0,$tp,$i li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp - addi $t7,$ap,8 mtctr $j .align 4 -Lcopy: ; copy or in-place refresh - ldx $t0,$ap,$i - ldx $t1,$t7,$i +Lcopy: ; conditional copy + ldx $t0,$tp,$i + ldx $t1,$t4,$i + ldx $t2,$rp,$i + ldx $t3,$t6,$i std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1512,6 +1510,12 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + andc $t2,$t2,$ovf + andc $t3,$t3,$ovf + or $t0,$t0,$t2 + or $t1,$t1,$t3 stdx $t0,$rp,$i stdx $t1,$t6,$i stdx $i,$tp,$i ; zap tp at once @@ -1554,20 +1558,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - addi $tp,$sp,`$FRAME+$TRANSFER+4` + addi $ap,$sp,`$FRAME+$TRANSFER+4` subf $rp,$num,$rp ; rewind rp - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp addi $tp,$sp,`$FRAME+$TRANSFER` mtctr $j .align 4 -Lcopy: ; copy or in-place refresh +Lcopy: ; conditional copy lwz $t0,4($ap) lwz $t1,8($ap) lwz $t2,12($ap) lwzu $t3,16($ap) + lwz $t4,4($rp) + lwz $t5,8($rp) + lwz $t6,12($rp) + lwz $t7,16($rp) std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1576,6 +1581,18 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + and $t2,$t2,$ovf + and $t3,$t3,$ovf + andc $t4,$t4,$ovf + andc $t5,$t5,$ovf + andc $t6,$t6,$ovf + andc $t7,$t7,$ovf + or $t0,$t0,$t4 + or $t1,$t1,$t5 + or $t2,$t2,$t6 + or $t3,$t3,$t7 stw $t0,4($rp) stw $t1,8($rp) stw $t2,12($rp) diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl index 9fd64e8..46188eb 100644 --- a/crypto/bn/asm/s390x-mont.pl +++ b/crypto/bn/asm/s390x-mont.pl @@ -245,16 +245,16 @@ $code.=<<___; brct $count,.Lsub lghi $ahi,0 slbgr $AHI,$ahi # handle upmost carry - - ngr $ap,$AHI - lghi $np,-1 - xgr $np,$AHI - ngr $np,$rp - ogr $ap,$np # ap=borrow?tp:rp + lghi $NHI,-1 + xgr $NHI,$AHI la $j,0(%r0) lgr $count,$num -.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh +.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy + lg $alo,0($j,$rp) + ngr $ahi,$AHI + ngr $alo,$NHI + ogr $alo,$ahi _dswap $alo stg $j,$stdframe($j,$sp) # zap tp stg $alo,0($j,$rp) diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl index 71b4500..cac60f9 100755 --- a/crypto/bn/asm/sparct4-mont.pl +++ b/crypto/bn/asm/sparct4-mont.pl @@ -878,19 +878,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy @@ -1126,19 +1124,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy_g5 sub $num, 8, $cnt .align 16 -.Lcopy_g5: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy_g5: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy_g5 diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index d866287..30db95e 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -255,7 +255,6 @@ $fname: .Ltail: add $np,$num,$np add $rp,$num,$rp - mov $tp,$ap sub %g0,$num,%o7 ! k=-num ba .Lsub subcc %g0,%g0,%g0 ! clear %icc.c @@ -268,15 +267,14 @@ $fname: add %o7,4,%o7 brnz %o7,.Lsub st %o1,[$i] - subc $car2,0,$car2 ! handle upmost overflow bit - and $tp,$car2,$ap - andn $rp,$car2,$np - or $ap,$np,$ap + subccc $car2,0,$car2 ! handle upmost overflow bit sub %g0,$num,%o7 .Lcopy: - ld [$ap+%o7],%o0 ! copy or in-place refresh + ld [$tp+%o7],%o1 ! conditional copy + ld [$rp+%o7],%o0 st %g0,[$tp+%o7] ! zap tp + movcs %icc,%o1,%o0 st %o0,[$rp+%o7] add %o7,4,%o7 brnz %o7,.Lcopy diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl index c046a51..9179421 100644 --- a/crypto/bn/asm/via-mont.pl +++ b/crypto/bn/asm/via-mont.pl @@ -203,18 +203,15 @@ $sp=&DWP(28,"esp"); &mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit &sbb ("eax",0); - &and ("esi","eax"); - ¬ ("eax"); - &mov ("ebp","edi"); - &and ("ebp","eax"); - &or ("esi","ebp"); # tp=carry?tp:rp &mov ("ecx","edx"); # num - &xor ("edx","edx"); # i=0 + &mov ("edx",0); # i=0 &set_label("copy",8); - &mov ("eax",&DWP(0,"esi","edx",4)); - &mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp + &mov ("ebx",&DWP(0,"esi","edx",4)); + &mov ("eax",&DWP(0,"edi","edx",4)); + &mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp + &cmovc ("eax","ebx"); &mov (&DWP(0,"edi","edx",4),"eax"); &lea ("edx",&DWP(1,"edx")); # i++ &loop (&label("copy")); diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index 263ac02..002c00c 100644 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -299,23 +299,23 @@ $code.=<<___; sub $anp, $num, $anp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ld [$ap+0], $t2 - ld [$ap+4], $t3 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ld [$tp+0], $t0 + ld [$tp+4], $t1 + ld [$rp+0], $t2 + ld [$rp+4], $t3 stx %g0, [$tp] ! zap add $tp, 8, $tp stx %g0, [$anp] ! zap stx %g0, [$anp+8] add $anp, 16, $anp + movcs %icc, $t0, $t2 + movcs %icc, $t1, $t3 st $t3, [$rp+0] ! flip order st $t2, [$rp+4] add $rp, 8, $rp diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl index 1c4003e..d72eb00 100755 --- a/crypto/bn/asm/x86-mont.pl +++ b/crypto/bn/asm/x86-mont.pl @@ -592,16 +592,18 @@ $sbit=$num; &jge (&label("sub")); &sbb ("eax",0); # handle upmost overflow bit - &and ($tp,"eax"); - ¬ ("eax"); - &mov ($np,$rp); - &and ($np,"eax"); - &or ($tp,$np); # tp=carry?tp:rp - -&set_label("copy",16); # copy or in-place refresh - &mov ("eax",&DWP(0,$tp,$num,4)); - &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i] + &mov ("edx",-1); + &xor ("edx","eax"); + &jmp (&label("copy")); + +&set_label("copy",16); # conditional copy + &mov ($tp,&DWP($frame,"esp",$num,4)); + &mov ($np,&DWP(0,$rp,$num,4)); &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector + &and ($tp,"eax"); + &and ($np,"edx"); + &or ($np,$tp); + &mov (&DWP(0,$rp,$num,4),$np); &dec ($num); &jge (&label("copy")); diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 80492d8..2074fd8 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -293,30 +293,30 @@ $code.=<<___; xor $i,$i # i=0 and clear CF! mov (%rsp),%rax # tp[0] - lea (%rsp),$ap # borrow ap for tp mov $num,$j # j=num - jmp .Lsub + .align 16 .Lsub: sbb ($np,$i,8),%rax mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 8($ap,$i,8),%rax # tp[i+1] + mov 8(%rsp,$i,8),%rax # tp[i+1] lea 1($i),$i # i++ dec $j # doesnn't affect CF! jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx # not %rax xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax - mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx + mov $num,(%rsp,$i,8) # zap temporary vector + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy @@ -686,10 +686,10 @@ ___ my @ri=("%rax","%rdx",$m0,$m1); $code.=<<___; mov 16(%rsp,$num,8),$rp # restore $rp + lea -4($num),$j mov 0(%rsp), at ri[0] # tp[0] - pxor %xmm0,%xmm0 mov 8(%rsp), at ri[1] # tp[1] - shr \$2,$num # num/=4 + shr \$2,$j # j=num/4-1 lea (%rsp),$ap # borrow ap for tp xor $i,$i # i=0 and clear CF! @@ -697,9 +697,7 @@ $code.=<<___; mov 16($ap), at ri[2] # tp[2] mov 24($ap), at ri[3] # tp[3] sbb 8($np), at ri[1] - lea -1($num),$j # j=num/4-1 - jmp .Lsub4x -.align 16 + .Lsub4x: mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] @@ -726,34 +724,35 @@ $code.=<<___; sbb \$0, at ri[0] # handle upmost overflow bit mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] - xor $i,$i # i=0 - and @ri[0],$ap - not @ri[0] - mov $rp,$np - and @ri[0],$np - lea -1($num),$j - or $np,$ap # ap=borrow?tp:rp - - movdqu ($ap),%xmm1 - movdqa %xmm0,(%rsp) - movdqu %xmm1,($rp) + pxor %xmm0,%xmm0 + movq @ri[0],%xmm4 + pcmpeqd %xmm5,%xmm5 + pshufd \$0,%xmm4,%xmm4 + mov $num,$j + pxor %xmm4,%xmm5 + shr \$2,$j # j=num/4 + xor %eax,%eax # i=0 + jmp .Lcopy4x .align 16 -.Lcopy4x: # copy or in-place refresh - movdqu 16($ap,$i),%xmm2 - movdqu 32($ap,$i),%xmm1 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) - movdqa %xmm0,32(%rsp,$i) - movdqu %xmm1,32($rp,$i) - lea 32($i),$i +.Lcopy4x: # conditional copy + movdqa (%rsp,%rax),%xmm1 + movdqu ($rp,%rax),%xmm2 + pand %xmm4,%xmm1 + pand %xmm5,%xmm2 + movdqa 16(%rsp,%rax),%xmm3 + movdqa %xmm0,(%rsp,%rax) + por %xmm2,%xmm1 + movdqu 16($rp,%rax),%xmm2 + movdqu %xmm1,($rp,%rax) + pand %xmm4,%xmm3 + pand %xmm5,%xmm2 + movdqa %xmm0,16(%rsp,%rax) + por %xmm2,%xmm3 + movdqu %xmm3,16($rp,%rax) + lea 32(%rax),%rax dec $j jnz .Lcopy4x - - shl \$2,$num - movdqu 16($ap,$i),%xmm2 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) ___ } $code.=<<___; diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 42178e4..f8ff822 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -405,18 +405,19 @@ $code.=<<___; jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy From openssl at openssl.org Fri May 4 10:09:13 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 04 May 2018 10:09:13 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1525428553.781571.12443.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: bc624bd v3_purp.c: add locking to x509v3_cache_extensions() 463e6ef VMS: modernise rand_pool_acquire_entropy, step 2 ce147f7 VMS: modernise rand_pool_acquire_entropy, step 1 b1860d6 Return an error from BN_mod_inverse if n is 1 (or -1) 4db296d Make X509_VERIFY_PARAM_get_hostflags() take a const arg e401389 Add a test for SSL_get_shared_ciphers() 6021d8e Fix a bug in create_ssl_ctx_pair() 3bfa475 Add some documentation for SSL_get_shared_ciphers() f054160 Fix comment in ssl_locl.h a216df5 Fix SSL_get_shared_ciphers() Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1261, 179 wallclock secs ( 1.75 usr 0.32 sys + 153.54 cusr 9.28 csys = 164.89 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Fri May 4 17:52:07 2018 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 May 2018 17:52:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525456327.414647.2320.nullmailer@dev.openssl.org> The branch master has been updated via c16ab9dc6303e42519559f6053bf7e4931203a79 (commit) from bc624bd95554ea218cbc3fad0d794abdfeb21eb6 (commit) - Log ----------------------------------------------------------------- commit c16ab9dc6303e42519559f6053bf7e4931203a79 Author: Richard Levitte Date: Fri May 4 19:41:53 2018 +0200 docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6177) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod | 2 +- doc/man7/scrypt.pod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod index 333b8da..18c27a3 100644 --- a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod @@ -99,7 +99,7 @@ All these functions are implemented as macros. A context for HKDF can be obtained by calling: - EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_HKDF, NULL); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); The total length of the info buffer cannot exceed 1024 bytes in length: this should be more than enough for any normal use of HKDF. diff --git a/doc/man7/scrypt.pod b/doc/man7/scrypt.pod index aabb6c9..94ff3ab 100644 --- a/doc/man7/scrypt.pod +++ b/doc/man7/scrypt.pod @@ -33,7 +33,7 @@ may be used by scrypt defaults to 1025 MiB. A context for scrypt can be obtained by calling: - EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_SCRYPT, NULL); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); The output length of an scrypt key derivation is specified via the length parameter to the L function. From levitte at openssl.org Fri May 4 22:11:45 2018 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 May 2018 22:11:45 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525471905.542135.21930.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 96d0c1a32b777807452c324cdc1f36db01edf8a1 (commit) from d067ba3bcc4944140578bdbf857affa6faf9e8c1 (commit) - Log ----------------------------------------------------------------- commit 96d0c1a32b777807452c324cdc1f36db01edf8a1 Author: Richard Levitte Date: Fri May 4 19:45:52 2018 +0200 docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6178) ----------------------------------------------------------------------- Summary of changes: doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod | 2 +- doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod index 61e0eec..8cda107 100644 --- a/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod @@ -59,7 +59,7 @@ All these functions are implemented as macros. A context for HKDF can be obtained by calling: - EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_HKDF, NULL); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); The digest, key, salt and info values must be set before a key is derived or an error occurs. diff --git a/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod b/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod index f1f0ae4..8aa2152 100644 --- a/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod +++ b/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod @@ -50,7 +50,7 @@ All these functions are implemented as macros. A context for the TLS PRF can be obtained by calling: - EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_TLS1_PRF, NULL); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); The digest, secret value and seed must be set before a key is derived or an error occurs. From levitte at openssl.org Fri May 4 22:15:38 2018 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 May 2018 22:15:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525472138.007761.23621.nullmailer@dev.openssl.org> The branch master has been updated via 0d94212a046e87fafea6e83e8ea2b2a58db49979 (commit) from c16ab9dc6303e42519559f6053bf7e4931203a79 (commit) - Log ----------------------------------------------------------------- commit 0d94212a046e87fafea6e83e8ea2b2a58db49979 Author: Richard Levitte Date: Fri May 4 14:44:19 2018 +0200 BIO_s_mem() write: Skip early when input length is zero When the input length is zero, just return zero early. Otherwise, there's a small chance that memory allocation is engaged, fails and returns -1, which is a bit confusing when nothing should be written. Fixes #4782 #4827 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/6175) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 7678a1d..9881984 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -216,6 +216,8 @@ static int mem_write(BIO *b, const char *in, int inl) goto end; } BIO_clear_retry_flags(b); + if (inl == 0) + return 0; blen = bbm->readp->length; mem_buf_sync(b); if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0) From levitte at openssl.org Fri May 4 22:17:01 2018 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 May 2018 22:17:01 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525472221.746178.24617.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 8748dccbbab088d9b5484769343121051db78ed9 (commit) from 96d0c1a32b777807452c324cdc1f36db01edf8a1 (commit) - Log ----------------------------------------------------------------- commit 8748dccbbab088d9b5484769343121051db78ed9 Author: Richard Levitte Date: Fri May 4 14:44:19 2018 +0200 BIO_s_mem() write: Skip early when input length is zero When the input length is zero, just return zero early. Otherwise, there's a small chance that memory allocation is engaged, fails and returns -1, which is a bit confusing when nothing should be written. Fixes #4782 #4827 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/6175) (cherry picked from commit 0d94212a046e87fafea6e83e8ea2b2a58db49979) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index ff9a3eb..62b01cd 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -212,6 +212,8 @@ static int mem_write(BIO *b, const char *in, int inl) goto end; } BIO_clear_retry_flags(b); + if (inl == 0) + return 0; blen = bbm->readp->length; mem_buf_sync(b); if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0) From levitte at openssl.org Fri May 4 22:19:30 2018 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 May 2018 22:19:30 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525472370.216388.25816.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8dd55d9ee107337460e6a35b4ece234b4475e12d (commit) from aed0ecb97c2d5329b5b5728c1e74fa63ce58ca8f (commit) - Log ----------------------------------------------------------------- commit 8dd55d9ee107337460e6a35b4ece234b4475e12d Author: Richard Levitte Date: Fri May 4 14:44:19 2018 +0200 BIO_s_mem() write: Skip early when input length is zero When the input length is zero, just return zero early. Otherwise, there's a small chance that memory allocation is engaged, fails and returns -1, which is a bit confusing when nothing should be written. Fixes #4782 #4827 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/6175) (cherry picked from commit 0d94212a046e87fafea6e83e8ea2b2a58db49979) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_mem.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index b0394a9..6ccb8e2 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -188,6 +188,8 @@ static int mem_write(BIO *b, const char *in, int inl) } BIO_clear_retry_flags(b); + if (inl == 0) + return 0; blen = bm->length; if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) goto end; From rsalz at openssl.org Sat May 5 14:10:58 2018 From: rsalz at openssl.org (Rich Salz) Date: Sat, 05 May 2018 14:10:58 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1525529458.967210.24417.nullmailer@dev.openssl.org> The branch master has been updated via 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d (commit) from 52717d01f543385642f385407e52b1eb35283f21 (commit) - Log ----------------------------------------------------------------- commit 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d Author: Rich Salz Date: Sat May 5 10:10:44 2018 -0400 Tweak wording based on F2F ----------------------------------------------------------------------- Summary of changes: community/getting-started.html | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/community/getting-started.html b/community/getting-started.html index 0bbc175..c7c9626 100644 --- a/community/getting-started.html +++ b/community/getting-started.html @@ -14,11 +14,21 @@ the information on this page, and the links to the side. In particular, you should look at the Mailing Lists page and join - the openssl-dev or openssl-users list, or both. + the openssl-project or openssl-users list, or both. After that, here are some ideas:

    +
  • Review and comment on the pull requests on GitHub. +
    + You can find pull requests -- patches that people have + suggested -- at + https://github.com/openssl/openssl/pulls + Reviewing and commenting on these is helpful and can be a good + way to learn your way around the code. +

    • +
  • Look through the OpenSSL issues on GitHub.
    You can find issues that people have opened at @@ -31,22 +41,12 @@ very useful!

    • -
  • Look at the pull requests on GitHub. -
    - You can find pull requests -- patches that people have - suggested -- at - https://github.com/openssl/openssl/pulls - Reviewing and commenting on these is helpful, like with - the issues mentioned above. -

    • -
  • Help update the documentation.
    The documentation has gotten better, but there are still many API's that are not documented. Write a POD page, or report - bugs in existing pages. It's probably better to get a whole - bunch of minor edits done one once. + bugs in existing pages. It's probably better to do a whole + bunch of minor edits in one submission.

  • Write some test cases. From appro at openssl.org Sat May 5 18:49:11 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 05 May 2018 18:49:11 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525546151.951793.31806.nullmailer@dev.openssl.org> The branch master has been updated via 41d6e0f36e43a2b6f555977147e05f0fdec87f56 (commit) via 0ad4078cd604797eec4b8922f169da5c2a1a16d3 (commit) from 0d94212a046e87fafea6e83e8ea2b2a58db49979 (commit) - Log ----------------------------------------------------------------- commit 41d6e0f36e43a2b6f555977147e05f0fdec87f56 Author: Andy Polyakov Date: Fri May 4 14:25:45 2018 +0200 Configure: pass more suitable argument to compiler_predefined(). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6174) commit 0ad4078cd604797eec4b8922f169da5c2a1a16d3 Author: Andy Polyakov Date: Fri May 4 14:06:44 2018 +0200 Configure: move --noexecstack probe to Configure. config probe doesn't work in cross-compile scenarios or with clang. In addition consolidate -Qunused-arguments handling. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6174) ----------------------------------------------------------------------- Summary of changes: Configurations/15-android.conf | 2 +- Configure | 43 ++++++++++++++++++++++++++++-------------- config | 8 -------- 3 files changed, 30 insertions(+), 23 deletions(-) diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf index 9df4d94..ddd642a 100644 --- a/Configurations/15-android.conf +++ b/Configurations/15-android.conf @@ -65,7 +65,7 @@ my ($api, $arch) = ($1, $2); my $triarch = $triplet{$arch}; - my $cflags = "-Wa,--noexecstack"; + my $cflags; my $cppflags; # see if there is NDK clang on $PATH diff --git a/Configure b/Configure index ffc5fe5..6650703 100755 --- a/Configure +++ b/Configure @@ -1407,7 +1407,7 @@ unless ($disabled{asm}) { } } -my %predefined = compiler_predefined($config{CC}); +my %predefined = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); # Check for makedepend capabilities. if (!$disabled{makedepend}) { @@ -1427,6 +1427,27 @@ if (!$disabled{makedepend}) { } } +if (!$disabled{asm}) { + # probe for -Wa,--noexecstack option... + if ($predefined{__clang__}) { + # clang has builtin assembler, which doesn't recognize --help, + # but it apparently recognizes the option in question on all + # supported platforms even when it's meaningless. In other words + # probe would fail, but probed option always accepted... + push @{$config{cflags}}, "-Wa,--noexecstack", "-Qunused-arguments"; + } elsif ($^O ne 'VMS') { + my $cc = $config{CROSS_COMPILE}.$config{CC}; + open(PIPE, "$cc -Wa,--help -c -o null.$$.o -x assembler /dev/null 2>&1 |"); + while() { + if (m/--noexecstack/) { + push @{$config{cflags}}, "-Wa,--noexecstack"; + last; + } + } + close(PIPE); + unlink("null.$$.o"); + } +} # Deal with bn_ops ################################################### @@ -1468,11 +1489,6 @@ if (defined($config{api})) { push @{$config{defines}}, $apiflag; } -if (defined($predefined{__clang__}) && !$disabled{asm}) { - push @{$config{cflags}}, "-Qunused-arguments"; - push @{$config{cxxflags}}, "-Qunused-arguments" if $config{CXX}; -} - if ($strict_warnings) { my $wopt; @@ -3052,28 +3068,27 @@ sub run_dofile sub compiler_predefined { state %predefined; - my $default_compiler = shift; + my $cc = shift; return () if $^O eq 'VMS'; - die 'compiler_predefined called without a default compiler' - unless $default_compiler; + die 'compiler_predefined called without a compiler command' + unless $cc; - if (! $predefined{$default_compiler}) { - my $cc = "$config{CROSS_COMPILE}$default_compiler"; + if (! $predefined{$cc}) { - $predefined{$default_compiler} = {}; + $predefined{$cc} = {}; # collect compiler pre-defines from gcc or gcc-alike... open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |"); while (my $l = ) { $l =~ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; - $predefined{$default_compiler}->{$1} = $2 // ''; + $predefined{$cc}->{$1} = $2 // ''; } close(PIPE); } - return %{$predefined{$default_compiler}}; + return %{$predefined{$cc}}; } sub which diff --git a/config b/config index a44cd21..b8adf34 100755 --- a/config +++ b/config @@ -840,14 +840,6 @@ if [ -n "$CONFIG_OPTIONS" ]; then options="$options $CONFIG_OPTIONS" fi -if expr "$options" : '.*no\-asm' > /dev/null; then :; else - if sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \ - grep \\--noexecstack >/dev/null; then - __CNF_CFLAGS="$__CNF_CFLAGS -Wa,--noexecstack" - __CNF_CXXFLAGS="$__CNF_CXXFLAGS -Wa,--noexecstack" - fi -fi - # gcc < 2.8 does not support -march=ultrasparc if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ] then From appro at openssl.org Sat May 5 18:59:47 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 05 May 2018 18:59:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525546787.645928.1675.nullmailer@dev.openssl.org> The branch master has been updated via 717f308e7624233e2ad18fba62558a421dfda83d (commit) from 41d6e0f36e43a2b6f555977147e05f0fdec87f56 (commit) - Log ----------------------------------------------------------------- commit 717f308e7624233e2ad18fba62558a421dfda83d Author: Todd Short Date: Thu May 3 11:17:49 2018 -0400 Configure: fix Mac OS X builds that still require makedepend Earlier Apple Xcode compilers, e.g. one targeting Mac OS X 10.7, don't support dependency generation and one still has to use makedepend. It's unclear when it was fixed, but all clang-based Apple compilers seem to support -M options. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6169) ----------------------------------------------------------------------- Summary of changes: Configure | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 6650703..62c354a 100755 --- a/Configure +++ b/Configure @@ -1415,9 +1415,11 @@ if (!$disabled{makedepend}) { # For VC- and vms- targets, there's nothing more to do here. The # functionality is hard coded in the corresponding build files for # cl (Windows) and CC/DECC (VMS). - } elsif ($predefined{__GNUC__} >= 3) { + } elsif (($predefined{__GNUC__} // -1) >= 3 + && !($predefined{__APPLE_CC__} && !$predefined{__clang__})) { # We know that GNU C version 3 and up as well as all clang - # versions support dependency generation + # versions support dependency generation, but Xcode did not + # handle $cc -M before clang support (but claims __GNUC__ = 3) $config{makedepprog} = "\$(CROSS_COMPILE)$config{CC}"; } else { # In all other cases, we look for 'makedepend', and disable the From appro at openssl.org Sat May 5 19:04:00 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 05 May 2018 19:04:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525547040.204107.4098.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 29627a364be80f8c30fe7824bc3642d43d7e2c0a (commit) from 8748dccbbab088d9b5484769343121051db78ed9 (commit) - Log ----------------------------------------------------------------- commit 29627a364be80f8c30fe7824bc3642d43d7e2c0a Author: Todd Short Date: Thu May 3 11:17:49 2018 -0400 Configure: fix Mac OS X builds that still require makedepend Earlier Apple Xcode compilers, e.g. one targeting Mac OS X 10.7, don't support dependency generation and one still has to use makedepend. It's unclear when it was fixed, but all clang-based Apple compilers seem to support -M options. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6167) ----------------------------------------------------------------------- Summary of changes: Configure | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index c003364..7f073b6 100755 --- a/Configure +++ b/Configure @@ -1215,8 +1215,10 @@ if ($^O ne "VMS") { if (!$disabled{makedepend}) { # We know that GNU C version 3 and up as well as all clang - # versions support dependency generation - if ($predefined{__GNUC__} >= 3) { + # versions support dependency generation, but Xcode did not + # handle $cc -M before clang support (but claims __GNUC__ = 3) + if (($predefined{__GNUC__} // -1) >= 3 + && !($predefined{__APPLE_CC__} && !$predefined{__clang__})) { $config{makedepprog} = $cc; } else { $config{makedepprog} = which('makedepend'); From matthias.st.pierre at ncp-e.com Sat May 5 19:31:40 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sat, 05 May 2018 19:31:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525548700.771890.9145.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 414d19d0341407b211c64729df37889e2c572e12 (commit) from 29627a364be80f8c30fe7824bc3642d43d7e2c0a (commit) - Log ----------------------------------------------------------------- commit 414d19d0341407b211c64729df37889e2c572e12 Author: Emilia Kasper Date: Fri Feb 17 19:00:15 2017 +0100 X509 time: tighten validation per RFC 5280 - Reject fractional seconds - Reject offsets - Check that the date/time digits are in valid range. - Add documentation for X509_cmp_time GH issue 2620 Backported from 80770da39e Reviewed-by: Rich Salz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6181) ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 + crypto/x509/x509_vfy.c | 140 +++++--------- doc/man3/X509_cmp_time.pod | 39 ++++ test/build.info | 6 +- .../{03-test_exdata.t => 60-test_x509_time.t} | 2 +- test/x509_time_test.c | 212 +++++++++++++++++++++ 6 files changed, 306 insertions(+), 98 deletions(-) create mode 100644 doc/man3/X509_cmp_time.pod copy test/recipes/{03-test_exdata.t => 60-test_x509_time.t} (88%) create mode 100644 test/x509_time_test.c diff --git a/CHANGES b/CHANGES index 7199f3d..e8cd361 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,11 @@ Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] + *) Certificate time validation (X509_cmp_time) enforces stricter + compliance with RFC 5280. Fractional seconds and timezone offsets + are no longer allowed. + [Emilia K?sper] + *) Fixed a text canonicalisation bug in CMS Where a CMS detached signature is used with text content the text goes diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index a48d231..3fa2e5c 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include #include @@ -1756,120 +1757,67 @@ int X509_cmp_current_time(const ASN1_TIME *ctm) int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { - char *str; - ASN1_TIME atm; - long offset; - char buff1[24], buff2[24], *p; - int i, j, remaining; + static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1; + static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1; + ASN1_TIME *asn1_cmp_time = NULL; + int i, day, sec, ret = 0; - p = buff1; - remaining = ctm->length; - str = (char *)ctm->data; /* - * Note that the following (historical) code allows much more slack in the - * time format than RFC5280. In RFC5280, the representation is fixed: + * Note that ASN.1 allows much more slack in the time format than RFC5280. + * In RFC5280, the representation is fixed: * UTCTime: YYMMDDHHMMSSZ * GeneralizedTime: YYYYMMDDHHMMSSZ + * + * We do NOT currently enforce the following RFC 5280 requirement: + * "CAs conforming to this profile MUST always encode certificate + * validity dates through the year 2049 as UTCTime; certificate validity + * dates in 2050 or later MUST be encoded as GeneralizedTime." */ - if (ctm->type == V_ASN1_UTCTIME) { - /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ - int min_length = sizeof("YYMMDDHHMMZ") - 1; - int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + switch (ctm->type) { + case V_ASN1_UTCTIME: + if (ctm->length != (int)(utctime_length)) return 0; - memcpy(p, str, 10); - p += 10; - str += 10; - remaining -= 10; - } else { - /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ - int min_length = sizeof("YYYYMMDDHHMMZ") - 1; - int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + break; + case V_ASN1_GENERALIZEDTIME: + if (ctm->length != (int)(generalizedtime_length)) return 0; - memcpy(p, str, 12); - p += 12; - str += 12; - remaining -= 12; + break; + default: + return 0; } - if ((*str == 'Z') || (*str == '-') || (*str == '+')) { - *(p++) = '0'; - *(p++) = '0'; - } else { - /* SS (seconds) */ - if (remaining < 2) + /** + * Verify the format: the ASN.1 functions we use below allow a more + * flexible format than what's mandated by RFC 5280. + * Digit and date ranges will be verified in the conversion methods. + */ + for (i = 0; i < ctm->length - 1; i++) { + if (!isdigit(ctm->data[i])) return 0; - *(p++) = *(str++); - *(p++) = *(str++); - remaining -= 2; - /* - * Skip any (up to three) fractional seconds... - * TODO(emilia): in RFC5280, fractional seconds are forbidden. - * Can we just kill them altogether? - */ - if (remaining && *str == '.') { - str++; - remaining--; - for (i = 0; i < 3 && remaining; i++, str++, remaining--) { - if (*str < '0' || *str > '9') - break; - } - } - } - *(p++) = 'Z'; - *(p++) = '\0'; - - /* We now need either a terminating 'Z' or an offset. */ - if (!remaining) + if (ctm->data[ctm->length - 1] != 'Z') return 0; - if (*str == 'Z') { - if (remaining != 1) - return 0; - offset = 0; - } else { - /* (+-)HHMM */ - if ((*str != '+') && (*str != '-')) - return 0; - /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ - if (remaining != 5) - return 0; - if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || - str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') - return 0; - offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; - offset += (str[3] - '0') * 10 + (str[4] - '0'); - if (*str == '-') - offset = -offset; - } - atm.type = ctm->type; - atm.flags = 0; - atm.length = sizeof(buff2); - atm.data = (unsigned char *)buff2; - if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) - return 0; + /* + * There is ASN1_UTCTIME_cmp_time_t but no + * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t, + * so we go through ASN.1 + */ + asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time); + if (asn1_cmp_time == NULL) + goto err; + if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time)) + goto err; - if (ctm->type == V_ASN1_UTCTIME) { - i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); - if (i < 50) - i += 100; /* cf. RFC 2459 */ - j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); - if (j < 50) - j += 100; - - if (i < j) - return -1; - if (i > j) - return 1; - } - i = strcmp(buff1, buff2); /* * X509_cmp_time comparison is <=. * The return value 0 is reserved for errors. */ - return i > 0 ? 1 : -1; + ret = (day >= 0 && sec >= 0) ? -1 : 1; + + err: + ASN1_TIME_free(asn1_cmp_time); + return ret; } ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) diff --git a/doc/man3/X509_cmp_time.pod b/doc/man3/X509_cmp_time.pod new file mode 100644 index 0000000..31826ad --- /dev/null +++ b/doc/man3/X509_cmp_time.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +X509_cmp_time - X509 time functions + +=head1 SYNOPSIS + + X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time); + +=head1 DESCRIPTION + +X509_cmp_time() compares the ASN1_TIME in B with the time in +. + +B must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., +its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. + +If B is NULL the current time is used. + +=head1 BUGS + +Unlike many standard comparison functions, X509_cmp_time returns 0 on error. + +=head1 RETURN VALUES + +X509_cmp_time() returns -1 if B is earlier than, or equal to, +B, and 1 otherwise. It returns 0 on error. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/test/build.info b/test/build.info index 1c11ae1..dcb3985 100644 --- a/test/build.info +++ b/test/build.info @@ -18,7 +18,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ - ocspapitest fatalerrtest + ocspapitest fatalerrtest x509_time_test SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -297,6 +297,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[bio_enc_test]=../include DEPEND[bio_enc_test]=../libcrypto + SOURCE[x509_time_test]=x509_time_test.c testutil.c + INCLUDE[x509_time_test]=.. ../include + DEPEND[x509_time_test]=../libcrypto + IF[{- !$disabled{shared} -}] PROGRAMS_NO_INST=shlibloadtest SOURCE[shlibloadtest]=shlibloadtest.c diff --git a/test/recipes/03-test_exdata.t b/test/recipes/60-test_x509_time.t similarity index 88% copy from test/recipes/03-test_exdata.t copy to test/recipes/60-test_x509_time.t index da66f95..8b311ad 100644 --- a/test/recipes/03-test_exdata.t +++ b/test/recipes/60-test_x509_time.t @@ -9,4 +9,4 @@ use OpenSSL::Test::Simple; -simple_test("test_exdata", "exdatatest"); +simple_test("test_x509_time", "x509_time_test"); diff --git a/test/x509_time_test.c b/test/x509_time_test.c new file mode 100644 index 0000000..bc7e4c2 --- /dev/null +++ b/test/x509_time_test.c @@ -0,0 +1,212 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Tests for X509 time functions */ + +#include +#include + +#include +#include +#include "testutil.h" +#include "e_os.h" + +typedef struct { + const char *data; + int type; + time_t cmp_time; + /* -1 if asn1_time <= cmp_time, 1 if asn1_time > cmp_time, 0 if error. */ + int expected; +} TESTDATA; + +static TESTDATA x509_cmp_tests[] = { + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* The same in seconds since epoch. */ + 1487354514, -1, + }, + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* One second more. */ + 1487354515, -1, + }, + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* One second less. */ + 1487354513, 1, + }, + /* Same as UTC time. */ + { + "170217180154Z", V_ASN1_UTCTIME, + /* The same in seconds since epoch. */ + 1487354514, -1, + }, + { + "170217180154Z", V_ASN1_UTCTIME, + /* One second more. */ + 1487354515, -1, + }, + { + "170217180154Z", V_ASN1_UTCTIME, + /* One second less. */ + 1487354513, 1, + }, + /* UTCTime from the 20th century. */ + { + "990217180154Z", V_ASN1_UTCTIME, + /* The same in seconds since epoch. */ + 919274514, -1, + }, + { + "990217180154Z", V_ASN1_UTCTIME, + /* One second more. */ + 919274515, -1, + }, + { + "990217180154Z", V_ASN1_UTCTIME, + /* One second less. */ + 919274513, 1, + }, + /* Various invalid formats. */ + { + /* No trailing Z. */ + "20170217180154", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* No trailing Z, UTCTime. */ + "170217180154", V_ASN1_UTCTIME, 0, 0, + }, + { + /* No seconds. */ + "201702171801Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* No seconds, UTCTime. */ + "1702171801Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Fractional seconds. */ + "20170217180154.001Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Fractional seconds, UTCTime. */ + "170217180154.001Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Timezone offset. */ + "20170217180154+0100", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Timezone offset, UTCTime. */ + "170217180154+0100", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Extra digits. */ + "2017021718015400Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Extra digits, UTCTime. */ + "17021718015400Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Non-digits. */ + "2017021718015aZ", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Non-digits, UTCTime. */ + "17021718015aZ", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Trailing garbage. */ + "20170217180154Zlongtrailinggarbage", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Trailing garbage, UTCTime. */ + "170217180154Zlongtrailinggarbage", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Swapped type. */ + "20170217180154Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Swapped type. */ + "170217180154Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Bad type. */ + "20170217180154Z", V_ASN1_OCTET_STRING, 0, 0, + }, +}; + +static int test_x509_cmp_time(int idx) +{ + ASN1_TIME t; + int result; + + memset(&t, 0, sizeof(t)); + t.type = x509_cmp_tests[idx].type; + t.data = (unsigned char*)(x509_cmp_tests[idx].data); + t.length = strlen(x509_cmp_tests[idx].data); + + result = X509_cmp_time(&t, &x509_cmp_tests[idx].cmp_time); + if (result != x509_cmp_tests[idx].expected) { + fprintf(stderr, "test_x509_cmp_time(%d) failed: expected %d, got %d\n", + idx, x509_cmp_tests[idx].expected, result); + return 0; + } + return 1; +} + +static int test_x509_cmp_time_current() +{ + time_t now = time(NULL); + /* Pick a day earlier and later, relative to any system clock. */ + ASN1_TIME *asn1_before = NULL, *asn1_after = NULL; + int cmp_result, failed = 0; + + asn1_before = ASN1_TIME_adj(NULL, now, -1, 0); + asn1_after = ASN1_TIME_adj(NULL, now, 1, 0); + + cmp_result = X509_cmp_time(asn1_before, NULL); + if (cmp_result != -1) { + fprintf(stderr, "test_x509_cmp_time_current failed: expected -1, got %d\n", + cmp_result); + failed = 1; + } + + cmp_result = X509_cmp_time(asn1_after, NULL); + if (cmp_result != 1) { + fprintf(stderr, "test_x509_cmp_time_current failed: expected 1, got %d\n", + cmp_result); + failed = 1; + } + + ASN1_TIME_free(asn1_before); + ASN1_TIME_free(asn1_after); + + return failed == 0; +} + +int main(int argc, char **argv) +{ + int ret = 0; + unsigned int idx; + + if (!test_x509_cmp_time_current()) + ret = 1; + + for (idx=0 ; idx < OSSL_NELEM(x509_cmp_tests) ; ++idx) { + if (!test_x509_cmp_time(idx)) + ret = 1; + } + + if (ret == 0) + printf("PASS\n"); + return ret; +} From rsalz at openssl.org Sat May 5 20:01:47 2018 From: rsalz at openssl.org (Rich Salz) Date: Sat, 05 May 2018 20:01:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525550508.002025.15131.nullmailer@dev.openssl.org> The branch master has been updated via 781fb90cd7ec28a0d4e94cbb4a95fecb72020c2d (commit) from 717f308e7624233e2ad18fba62558a421dfda83d (commit) - Log ----------------------------------------------------------------- commit 781fb90cd7ec28a0d4e94cbb4a95fecb72020c2d Author: Rich Salz Date: Sat May 5 15:57:21 2018 -0400 Cleanup Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6183) ----------------------------------------------------------------------- Summary of changes: README.ECC | 61 ------------------------------------------------------------- 1 file changed, 61 deletions(-) delete mode 100644 README.ECC diff --git a/README.ECC b/README.ECC deleted file mode 100644 index fa3cad7..0000000 --- a/README.ECC +++ /dev/null @@ -1,61 +0,0 @@ -NOTE: The OpenSSL Software Foundation has executed a sublicense agreement -entitled "Elliptic Curve Cryptography Patent License Agreement" with the -National Security Agency/ Central Security Service Commercial Solutions -Center (NCSC) dated 2010-11-04. That agreement permits implementation and -distribution of software containing features covered by any or all of the -following patents: - -1.) U.S. Pat. No. 5,761,305 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on June 2, 1998; -2.) Can. Pat. Appl. Ser. No. 2176972 entitled "Key Agreement and Transport - Protocol with Implicit Signature and Reduced Bandwidth" filed on May - 16, 1996; -3.) U.S. Pat. No. 5,889,865 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on March 30, 1999; -4.) U.S. Pat. No. 5,896,455 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on April 20, 1999; -5.) U.S. Pat. No. 5,933,504 entitled "Strengthened Public Key Protocol" - issued on August 3, 1999; -6.) Can. Pat. Appl. Ser. No. 2176866 entitled "Strengthened Public Key - Protocol" filed on May 17, 1996; -7.) E.P. Pat. Appl. Ser. No. 96201322.3 entitled "Strengthened Public Key - Protocol" filed on May 17, 1996; -8.) U.S. Pat. No. 5,999,626 entitled "Digital Signatures on a Smartcard" - issued on December 7, 1999; -9.) Can. Pat. Appl. Ser. No. 2202566 entitled "Digital Signatures on a - Smartcard" filed on April 14, 1997; -10.) E.P. Pat. Appl. No. 97106114.8 entitled "Digital Signatures on a - Smartcard" filed on April 15, 1997; -11.) U.S Pat. No. 6,122,736 entitled "Key Agreement and Transport Protocol - with Implicit Signatures" issued on September 19, 2000; -12.) Can. Pat. Appl. Ser. No. 2174261 entitled "Key Agreement and Transport - Protocol with Implicit Signatures" filed on April 16, 1996; -13.) E.P. Pat. Appl. Ser. No. 96105920.1 entitled "Key Agreement and - Transport Protocol with Implicit Signatures" filed on April 16, 1996; -14.) U.S. Pat. No. 6,141,420 entitled "Elliptic Curve Encryption Systems" - issued on October 31, 2000; -15.) Can. Pat. Appl. Ser. No. 2155038 entitled "Elliptic Curve Encryption - Systems" filed on July 31, 1995; -16.) E.P. Pat. Appl. Ser. No. 95926348.4 entitled "Elliptic Curve Encryption - Systems" filed on July 31, 1995; -17.) U.S. Pat. No. 6,336,188 entitled "Authenticated Key Agreement" issued - on January 1, 2002; -18.) U.S. Pat. No. 6,487,661 entitled "Key Agreement and Transport Protocol" - issued on November 26, 2002; -19.) Can. Pat. Appl. Ser. No. 2174260 entitled "Key Agreement and Transport - Protocol" filed on April 16, 1996; -20.) E.P. Pat. Appl. Ser. No. 96105921.9 entitled "Key Agreement and - Transport Protocol" filed on April 21, 1996; -21.) U.S. Pat. No. 6,563,928 entitled "Strengthened Public Key Protocol" - issued on May 13, 2003; -22.) U.S. Pat. No. 6,618,483 entitled "Elliptic Curve Encryption Systems" - issued September 9, 2003; -23.) U.S. Pat. Appl. Ser. No. 09/434,247 entitled "Digital Signatures on a - Smartcard" filed on November 5, 1999; -24.) U.S. Pat. Appl. Ser. No. 09/558,256 entitled "Key Agreement and - Transport Protocol with Implicit Signatures" filed on April 25, 2000; -25.) U.S. Pat. Appl. Ser. No. 09/942,492 entitled "Digital Signatures on a - Smartcard" filed on August 29, 2001 and published on July 18, 2002; and, -26.) U.S. Pat. Appl. Ser. No. 10/185,735 entitled "Strengthened Public Key - Protocol" filed on July 1, 2000. - From rsalz at openssl.org Sat May 5 20:10:55 2018 From: rsalz at openssl.org (Rich Salz) Date: Sat, 05 May 2018 20:10:55 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1525551055.092337.17817.nullmailer@dev.openssl.org> The branch master has been updated via c1af450066654ac208edbb73f954fcf32d6330f7 (commit) from 8ccfc6a3cc806bef51c2ce3db7f72e26d866678d (commit) - Log ----------------------------------------------------------------- commit c1af450066654ac208edbb73f954fcf32d6330f7 Author: Rich Salz Date: Fri Apr 6 12:08:26 2018 -0400 Remove NSA license and mention of it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/51) ----------------------------------------------------------------------- Summary of changes: source/NSA-PLA.pdf | Bin 2276088 -> 0 bytes source/sidebar.shtml | 3 --- 2 files changed, 3 deletions(-) delete mode 100644 source/NSA-PLA.pdf diff --git a/source/NSA-PLA.pdf b/source/NSA-PLA.pdf deleted file mode 100644 index 88514df..0000000 Binary files a/source/NSA-PLA.pdf and /dev/null differ diff --git a/source/sidebar.shtml b/source/sidebar.shtml index 233e092..6862589 100644 --- a/source/sidebar.shtml +++ b/source/sidebar.shtml @@ -17,9 +17,6 @@ OCB License
  • - NSA ECC License -
    • -
  • Old Releases
  • From matthias.st.pierre at ncp-e.com Sat May 5 20:16:54 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sat, 05 May 2018 20:16:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1525551414.043763.19215.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 7b6cfcd6dd99a86ecc3a1c51eef539494e191754 (commit) from 8dd55d9ee107337460e6a35b4ece234b4475e12d (commit) - Log ----------------------------------------------------------------- commit 7b6cfcd6dd99a86ecc3a1c51eef539494e191754 Author: Emilia Kasper Date: Fri Feb 17 19:00:15 2017 +0100 X509 time: tighten validation per RFC 5280 - Reject fractional seconds - Reject offsets - Check that the date/time digits are in valid range. - Add documentation for X509_cmp_time GH issue 2620 Backported from 80770da39e Reviewed-by: Rich Salz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6182) ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 +- crypto/x509/x509_vfy.c | 140 ++++++++------------------ doc/man3/X509_cmp_time.pod | 39 +++++++ test/Makefile | 36 +++++-- test/recipes/60-test_x509_time.t | 12 +++ test/x509_time_test.c | 212 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 340 insertions(+), 104 deletions(-) create mode 100644 doc/man3/X509_cmp_time.pod create mode 100644 test/recipes/60-test_x509_time.t create mode 100644 test/x509_time_test.c diff --git a/CHANGES b/CHANGES index 1da1a42..25b453e 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,10 @@ Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] - *) + *) Certificate time validation (X509_cmp_time) enforces stricter + compliance with RFC 5280. Fractional seconds and timezone offsets + are no longer allowed. + [Emilia K?sper] Changes between 1.0.2n and 1.0.2o [27 Mar 2018] diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index ff23833..869460d 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include #include @@ -1937,120 +1938,67 @@ int X509_cmp_current_time(const ASN1_TIME *ctm) int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { - char *str; - ASN1_TIME atm; - long offset; - char buff1[24], buff2[24], *p; - int i, j, remaining; + static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1; + static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1; + ASN1_TIME *asn1_cmp_time = NULL; + int i, day, sec, ret = 0; - p = buff1; - remaining = ctm->length; - str = (char *)ctm->data; /* - * Note that the following (historical) code allows much more slack in the - * time format than RFC5280. In RFC5280, the representation is fixed: + * Note that ASN.1 allows much more slack in the time format than RFC5280. + * In RFC5280, the representation is fixed: * UTCTime: YYMMDDHHMMSSZ * GeneralizedTime: YYYYMMDDHHMMSSZ + * + * We do NOT currently enforce the following RFC 5280 requirement: + * "CAs conforming to this profile MUST always encode certificate + * validity dates through the year 2049 as UTCTime; certificate validity + * dates in 2050 or later MUST be encoded as GeneralizedTime." */ - if (ctm->type == V_ASN1_UTCTIME) { - /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ - int min_length = sizeof("YYMMDDHHMMZ") - 1; - int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + switch (ctm->type) { + case V_ASN1_UTCTIME: + if (ctm->length != (int)(utctime_length)) return 0; - memcpy(p, str, 10); - p += 10; - str += 10; - remaining -= 10; - } else { - /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ - int min_length = sizeof("YYYYMMDDHHMMZ") - 1; - int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + break; + case V_ASN1_GENERALIZEDTIME: + if (ctm->length != (int)(generalizedtime_length)) return 0; - memcpy(p, str, 12); - p += 12; - str += 12; - remaining -= 12; + break; + default: + return 0; } - if ((*str == 'Z') || (*str == '-') || (*str == '+')) { - *(p++) = '0'; - *(p++) = '0'; - } else { - /* SS (seconds) */ - if (remaining < 2) + /** + * Verify the format: the ASN.1 functions we use below allow a more + * flexible format than what's mandated by RFC 5280. + * Digit and date ranges will be verified in the conversion methods. + */ + for (i = 0; i < ctm->length - 1; i++) { + if (!isdigit(ctm->data[i])) return 0; - *(p++) = *(str++); - *(p++) = *(str++); - remaining -= 2; - /* - * Skip any (up to three) fractional seconds... - * TODO(emilia): in RFC5280, fractional seconds are forbidden. - * Can we just kill them altogether? - */ - if (remaining && *str == '.') { - str++; - remaining--; - for (i = 0; i < 3 && remaining; i++, str++, remaining--) { - if (*str < '0' || *str > '9') - break; - } - } - } - *(p++) = 'Z'; - *(p++) = '\0'; - - /* We now need either a terminating 'Z' or an offset. */ - if (!remaining) + if (ctm->data[ctm->length - 1] != 'Z') return 0; - if (*str == 'Z') { - if (remaining != 1) - return 0; - offset = 0; - } else { - /* (+-)HHMM */ - if ((*str != '+') && (*str != '-')) - return 0; - /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ - if (remaining != 5) - return 0; - if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || - str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') - return 0; - offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; - offset += (str[3] - '0') * 10 + (str[4] - '0'); - if (*str == '-') - offset = -offset; - } - atm.type = ctm->type; - atm.flags = 0; - atm.length = sizeof(buff2); - atm.data = (unsigned char *)buff2; - if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) - return 0; + /* + * There is ASN1_UTCTIME_cmp_time_t but no + * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t, + * so we go through ASN.1 + */ + asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time); + if (asn1_cmp_time == NULL) + goto err; + if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time)) + goto err; - if (ctm->type == V_ASN1_UTCTIME) { - i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); - if (i < 50) - i += 100; /* cf. RFC 2459 */ - j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); - if (j < 50) - j += 100; - - if (i < j) - return -1; - if (i > j) - return 1; - } - i = strcmp(buff1, buff2); /* * X509_cmp_time comparison is <=. * The return value 0 is reserved for errors. */ - return i > 0 ? 1 : -1; + ret = (day >= 0 && sec >= 0) ? -1 : 1; + + err: + ASN1_TIME_free(asn1_cmp_time); + return ret; } ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) diff --git a/doc/man3/X509_cmp_time.pod b/doc/man3/X509_cmp_time.pod new file mode 100644 index 0000000..31826ad --- /dev/null +++ b/doc/man3/X509_cmp_time.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +X509_cmp_time - X509 time functions + +=head1 SYNOPSIS + + X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time); + +=head1 DESCRIPTION + +X509_cmp_time() compares the ASN1_TIME in B with the time in +. + +B must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., +its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. + +If B is NULL the current time is used. + +=head1 BUGS + +Unlike many standard comparison functions, X509_cmp_time returns 0 on error. + +=head1 RETURN VALUES + +X509_cmp_time() returns -1 if B is earlier than, or equal to, +B, and 1 otherwise. It returns 0 on error. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/test/Makefile b/test/Makefile index a1f7eeb..db407f7 100644 --- a/test/Makefile +++ b/test/Makefile @@ -74,7 +74,7 @@ BADDTLSTEST= bad_dtls_test SSLV2CONFTEST = sslv2conftest DTLSTEST = dtlstest FATALERRTEST = fatalerrtest - +X509TIMETEST = x509_time_test TESTS= alltests EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \ @@ -88,7 +88,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \ $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \ $(CLIENTHELLOTEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT) $(DTLSTEST)$(EXE_EXT) \ - $(BADDTLSTEST)$(EXE_EXT) $(FATALERRTEST)$(EXE_EXT) + $(BADDTLSTEST)$(EXE_EXT) $(FATALERRTEST)$(EXE_EXT) $(X509TIMETEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -103,7 +103,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \ $(CLIENTHELLOTEST).o $(SSLV2CONFTEST).o $(DTLSTEST).o ssltestlib.o \ - $(BADDTLSTEST).o $(FATALERRTEST).o + $(BADDTLSTEST).o $(FATALERRTEST).o $(X509TIMETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -115,7 +115,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \ $(CLIENTHELLOTEST).c $(SSLV2CONFTEST).c $(DTLSTEST).c ssltestlib.c \ - $(BADDTLSTEST).c $(FATALERRTEST).c + $(BADDTLSTEST).c $(FATALERRTEST).c $(X509TIMETEST).c EXHEADER= HEADER= testutil.h ssltestlib.h $(EXHEADER) @@ -160,7 +160,7 @@ alltests: \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ test_constant_time test_verify_extra test_clienthello test_sslv2conftest \ - test_dtls test_bad_dtls test_fatalerr + test_dtls test_bad_dtls test_fatalerr test_x509_time test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -378,6 +378,10 @@ test_fatalerr: $(FATALERRTEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(FATALERRTEST) ../apps/server.pem ../apps/server.pem +test_x509_time: $(X509TIMETEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(X509TIMETEST) + test_sslv2conftest: $(SSLV2CONFTEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(SSLV2CONFTEST) @@ -569,6 +573,9 @@ $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD) +$(X509TIMETEST)$(EXE_EXT): $(X509TIMETEST).o + @target=$(X509TIMETEST) $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o @target=$(SSLV2CONFTEST) $(BUILD_CMD) @@ -832,8 +839,11 @@ hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h hmactest.o: ../include/openssl/symhacks.h hmactest.c -ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h -ideatest.o: ../include/openssl/opensslconf.h ideatest.c +ideatest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +ideatest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +ideatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ideatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +ideatest.o: ../include/openssl/symhacks.h ideatest.c igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h igetest.o: ../include/openssl/rand.h igetest.c @@ -1012,3 +1022,15 @@ wp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h wp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h wp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h wp_test.o: ../include/openssl/whrlpool.h wp_test.c +x509_time_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +x509_time_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +x509_time_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +x509_time_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +x509_time_test.o: ../include/openssl/evp.h ../include/openssl/lhash.h +x509_time_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +x509_time_test.o: ../include/openssl/opensslconf.h +x509_time_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +x509_time_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +x509_time_test.o: ../include/openssl/sha.h ../include/openssl/stack.h +x509_time_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +x509_time_test.o: ../include/openssl/x509_vfy.h testutil.h x509_time_test.c diff --git a/test/recipes/60-test_x509_time.t b/test/recipes/60-test_x509_time.t new file mode 100644 index 0000000..8b311ad --- /dev/null +++ b/test/recipes/60-test_x509_time.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_x509_time", "x509_time_test"); diff --git a/test/x509_time_test.c b/test/x509_time_test.c new file mode 100644 index 0000000..ef277fe --- /dev/null +++ b/test/x509_time_test.c @@ -0,0 +1,212 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Tests for X509 time functions */ + +#include +#include + +#include +#include +#include "testutil.h" +#include "e_os.h" + +typedef struct { + const char *data; + int type; + time_t cmp_time; + /* -1 if asn1_time <= cmp_time, 1 if asn1_time > cmp_time, 0 if error. */ + int expected; +} TESTDATA; + +static TESTDATA x509_cmp_tests[] = { + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* The same in seconds since epoch. */ + 1487354514, -1, + }, + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* One second more. */ + 1487354515, -1, + }, + { + "20170217180154Z", V_ASN1_GENERALIZEDTIME, + /* One second less. */ + 1487354513, 1, + }, + /* Same as UTC time. */ + { + "170217180154Z", V_ASN1_UTCTIME, + /* The same in seconds since epoch. */ + 1487354514, -1, + }, + { + "170217180154Z", V_ASN1_UTCTIME, + /* One second more. */ + 1487354515, -1, + }, + { + "170217180154Z", V_ASN1_UTCTIME, + /* One second less. */ + 1487354513, 1, + }, + /* UTCTime from the 20th century. */ + { + "990217180154Z", V_ASN1_UTCTIME, + /* The same in seconds since epoch. */ + 919274514, -1, + }, + { + "990217180154Z", V_ASN1_UTCTIME, + /* One second more. */ + 919274515, -1, + }, + { + "990217180154Z", V_ASN1_UTCTIME, + /* One second less. */ + 919274513, 1, + }, + /* Various invalid formats. */ + { + /* No trailing Z. */ + "20170217180154", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* No trailing Z, UTCTime. */ + "170217180154", V_ASN1_UTCTIME, 0, 0, + }, + { + /* No seconds. */ + "201702171801Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* No seconds, UTCTime. */ + "1702171801Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Fractional seconds. */ + "20170217180154.001Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Fractional seconds, UTCTime. */ + "170217180154.001Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Timezone offset. */ + "20170217180154+0100", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Timezone offset, UTCTime. */ + "170217180154+0100", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Extra digits. */ + "2017021718015400Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Extra digits, UTCTime. */ + "17021718015400Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Non-digits. */ + "2017021718015aZ", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Non-digits, UTCTime. */ + "17021718015aZ", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Trailing garbage. */ + "20170217180154Zlongtrailinggarbage", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Trailing garbage, UTCTime. */ + "170217180154Zlongtrailinggarbage", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Swapped type. */ + "20170217180154Z", V_ASN1_UTCTIME, 0, 0, + }, + { + /* Swapped type. */ + "170217180154Z", V_ASN1_GENERALIZEDTIME, 0, 0, + }, + { + /* Bad type. */ + "20170217180154Z", V_ASN1_OCTET_STRING, 0, 0, + }, +}; + +static int test_x509_cmp_time(int idx) +{ + ASN1_TIME t; + int result; + + memset(&t, 0, sizeof(t)); + t.type = x509_cmp_tests[idx].type; + t.data = (unsigned char*)(x509_cmp_tests[idx].data); + t.length = strlen(x509_cmp_tests[idx].data); + + result = X509_cmp_time(&t, &x509_cmp_tests[idx].cmp_time); + if (result != x509_cmp_tests[idx].expected) { + fprintf(stderr, "test_x509_cmp_time(%d) failed: expected %d, got %d\n", + idx, x509_cmp_tests[idx].expected, result); + return 0; + } + return 1; +} + +static int test_x509_cmp_time_current() +{ + time_t now = time(NULL); + /* Pick a day earlier and later, relative to any system clock. */ + ASN1_TIME *asn1_before = NULL, *asn1_after = NULL; + int cmp_result, failed = 0; + + asn1_before = ASN1_TIME_adj(NULL, now, -1, 0); + asn1_after = ASN1_TIME_adj(NULL, now, 1, 0); + + cmp_result = X509_cmp_time(asn1_before, NULL); + if (cmp_result != -1) { + fprintf(stderr, "test_x509_cmp_time_current failed: expected -1, got %d\n", + cmp_result); + failed = 1; + } + + cmp_result = X509_cmp_time(asn1_after, NULL); + if (cmp_result != 1) { + fprintf(stderr, "test_x509_cmp_time_current failed: expected 1, got %d\n", + cmp_result); + failed = 1; + } + + ASN1_TIME_free(asn1_before); + ASN1_TIME_free(asn1_after); + + return failed == 0; +} + +int main(int argc, char **argv) +{ + int ret = 0; + unsigned int idx; + + if (!test_x509_cmp_time_current()) + ret = 1; + + for (idx=0 ; idx < sizeof(x509_cmp_tests)/sizeof(x509_cmp_tests[0]) ; ++idx) { + if (!test_x509_cmp_time(idx)) + ret = 1; + } + + if (ret == 0) + printf("PASS\n"); + return ret; +} From scan-admin at coverity.com Sun May 6 07:34:49 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 06 May 2018 07:34:49 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5aeeb0191b2ba_4dd82ab1dd750f58714d8@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1dK7b3YeykyjZ7Nd2-2Fm9oTBgqhtS9FovIRIf4PoF8JBZ1kz-2BHhba2VtUtIMJpDz-2B12uB7tWFLqNobTCRlvzv21A5GmnAs7OsLjTc39sUFsVdFFJb2K2Ay7E6821O20Bwa1zn-2BpYx2zcPNrOsjoomtQuvV-2BIOrX3Ud8nVFeAWCLTlEKquEITDc7PKg9yEKITl8-3D Build ID: 209744 Analysis Summary: New defects found: 1 Defects eliminated: 2 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1dK7b3YeykyjZ7Nd2-2Fm9oTBgqhtS9FovIRIf4PoF8JBbuEq9pWu3NHnaX-2FdGVd7WGHh2Iu2izjAfm7NQKThyCHIY2jR71Edygf7waJ1kY8mSPT1Unn8moho9y-2BO2dDg0iYV2Uk4v7oswxbBAsoroThkGGHtn-2BmlMYn0iBb9TCz2spGOHeBeWnhMygyZLHMfHY-3D From scan-admin at coverity.com Sun May 6 07:45:52 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 06 May 2018 07:45:52 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5aeeb2afbee77_56d12ab1dd750f587146a@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2bYLTkrEEgku8rfXmKhqxkFXE1CPMMcme2l8dnIXzs01W9B0799e2nzM-2F2iQQHdScolFIJaWRQKsXl6-2B15hNF-2FhihbIG1AjVD0fy8RqBhZOlooANbtfOsKPD1J1J7DFy6lCGLUHf-2FkXcTLrMouqWvXVYD305pnHuP2xWL52D28MzW7AN-2BWL9MN6Jv9dg9FWhU-3D Build ID: 209748 Analysis Summary: New defects found: 0 Defects eliminated: 0 From openssl at openssl.org Sun May 6 23:34:23 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 06 May 2018 23:34:23 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-chacha Message-ID: <1525649663.462457.9842.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-chacha Commit log since last time: 781fb90 Cleanup 717f308 Configure: fix Mac OS X builds that still require makedepend 41d6e0f Configure: pass more suitable argument to compiler_predefined(). 0ad4078 Configure: move --noexecstack probe to Configure. 0d94212 BIO_s_mem() write: Skip early when input length is zero c16ab9d docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1335, 207 wallclock secs ( 3.09 usr 0.28 sys + 171.07 cusr 11.57 csys = 186.01 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-chacha' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon May 7 05:52:59 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 May 2018 05:52:59 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-poly1305 Message-ID: <1525672379.083705.32397.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-poly1305 Commit log since last time: 781fb90 Cleanup 717f308 Configure: fix Mac OS X builds that still require makedepend 41d6e0f Configure: pass more suitable argument to compiler_predefined(). 0ad4078 Configure: move --noexecstack probe to Configure. 0d94212 BIO_s_mem() write: Skip early when input length is zero c16ab9d docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1336, 210 wallclock secs ( 3.08 usr 0.33 sys + 173.51 cusr 11.81 csys = 188.73 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-poly1305' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Mon May 7 07:37:58 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 May 2018 07:37:58 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1525678678.046597.3916.nullmailer@dev.openssl.org> The branch master has been updated via ba63b292f904eca32e6c707575af3bee1a238172 (commit) from 6c9eac0cab97aa1e4d98721ef3e68452f1839c5e (commit) - Log ----------------------------------------------------------------- commit ba63b292f904eca32e6c707575af3bee1a238172 Author: Richard Levitte Date: Mon May 7 09:31:51 2018 +0200 QueryApp: rename bureau => omc, bump version ----------------------------------------------------------------------- Summary of changes: QueryApp/MANIFEST | 2 +- QueryApp/Makefile.PL | 2 +- QueryApp/bin/query.psgi | 18 +++++++++--------- QueryApp/lib/OpenSSL/Query/ClaDB.pm | 2 +- QueryApp/lib/OpenSSL/Query/PersonDB.pm | 2 +- QueryApp/lib/OpenSSL/Query/Role/{Bureau.pm => OMC.pm} | 8 ++++---- 6 files changed, 17 insertions(+), 17 deletions(-) rename QueryApp/lib/OpenSSL/Query/Role/{Bureau.pm => OMC.pm} (81%) diff --git a/QueryApp/MANIFEST b/QueryApp/MANIFEST index 99f1b16..d9f0654 100644 --- a/QueryApp/MANIFEST +++ b/QueryApp/MANIFEST @@ -1,7 +1,7 @@ bin/query.psgi lib/OpenSSL/Query/ClaDB.pm lib/OpenSSL/Query/DB.pm -lib/OpenSSL/Query/Role/Bureau.pm +lib/OpenSSL/Query/Role/OMC.pm lib/OpenSSL/Query/PersonDB.pm Makefile.PL MANIFEST diff --git a/QueryApp/Makefile.PL b/QueryApp/Makefile.PL index bb1dac9..56d57ca 100644 --- a/QueryApp/Makefile.PL +++ b/QueryApp/Makefile.PL @@ -4,7 +4,7 @@ use warnings; use inc::Module::Install; name 'QueryApp'; -version '1.2'; +version '2.0'; abstract 'An OpenSSL query web app'; author q{Richard Levitte }; license 'apache'; diff --git a/QueryApp/bin/query.psgi b/QueryApp/bin/query.psgi index ec9a994..523fb8f 100644 --- a/QueryApp/bin/query.psgi +++ b/QueryApp/bin/query.psgi @@ -55,7 +55,7 @@ use OpenSSL::Query::DB; use URI::Encode qw(uri_decode); set serializer => 'JSON'; -set bureau => '/var/cache/openssl/checkouts/bureau'; +set omc => '/var/cache/openssl/checkouts/omc'; # Version 0 API. # Feel free to add new routes, but never to change them or remove them, @@ -73,7 +73,7 @@ sub name_decode { } get '/People' => sub { - my $query = OpenSSL::Query->new(bureau => config->{bureau}); + my $query = OpenSSL::Query->new(omc => config->{omc}); my @response = $query->list_people(); return [ @response ] if @response; @@ -81,7 +81,7 @@ get '/People' => sub { }; get '/Person/:name' => sub { - my $query = OpenSSL::Query->new(bureau => config->{bureau}); + my $query = OpenSSL::Query->new(omc => config->{omc}); my $name = name_decode(uri_decode(param('name'))); my %response = $query->find_person($name); @@ -90,7 +90,7 @@ get '/Person/:name' => sub { }; get '/Person/:name/Membership' => sub { - my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0); + my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0); my $name = name_decode(uri_decode(param('name'))); my %response = $query->find_person($name); @@ -99,7 +99,7 @@ get '/Person/:name/Membership' => sub { }; get '/Person/:name/IsMemberOf/:group' => sub { - my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0); + my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0); my $name = name_decode(uri_decode(param('name'))); my $group = uri_decode(param('group')); my $response = $query->is_member_of($name, $group); @@ -109,7 +109,7 @@ get '/Person/:name/IsMemberOf/:group' => sub { }; get '/Person/:name/ValueOfTag/:tag' => sub { - my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0); + my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0); my $name = name_decode(uri_decode(param('name'))); my $tag = uri_decode(param('tag')); my $response = $query->find_person_tag($name, $tag); @@ -119,7 +119,7 @@ get '/Person/:name/ValueOfTag/:tag' => sub { }; get '/Person/:name/HasCLA' => sub { - my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0); + my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0); my $name = name_decode(uri_decode(param('name'))); my %person = $query->find_person($name); my @response = (); @@ -134,7 +134,7 @@ get '/Person/:name/HasCLA' => sub { }; get '/Group/:group/Members' => sub { - my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0); + my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0); my $group = uri_decode(param('group')); my @response = $query->members_of($group); @@ -143,7 +143,7 @@ get '/Group/:group/Members' => sub { }; get '/HasCLA/:id' => sub { - my $query = OpenSSL::Query->new(bureau => config->{bureau}, REST => 0); + my $query = OpenSSL::Query->new(omc => config->{omc}, REST => 0); my $id = uri_decode(param('id')); if ($id =~ m|^\S+\@\S+$|) { my $response = $query->has_cla($id); diff --git a/QueryApp/lib/OpenSSL/Query/ClaDB.pm b/QueryApp/lib/OpenSSL/Query/ClaDB.pm index 406b445..bcd6daf 100644 --- a/QueryApp/lib/OpenSSL/Query/ClaDB.pm +++ b/QueryApp/lib/OpenSSL/Query/ClaDB.pm @@ -14,7 +14,7 @@ use Carp; use Moo; use OpenSSL::Query qw(-register-cla OpenSSL::Query::ClaDB -priority 0); -with q(OpenSSL::Query::Role::Bureau); +with q(OpenSSL::Query::Role::OMC); has clafile => ( is => 'ro', default => 'cladb.txt' ); has _cladb => ( is => 'lazy', builder => 1 ); diff --git a/QueryApp/lib/OpenSSL/Query/PersonDB.pm b/QueryApp/lib/OpenSSL/Query/PersonDB.pm index ab5507b..c26164b 100644 --- a/QueryApp/lib/OpenSSL/Query/PersonDB.pm +++ b/QueryApp/lib/OpenSSL/Query/PersonDB.pm @@ -16,7 +16,7 @@ use Clone qw(clone); use Moo; use OpenSSL::Query qw(-register-person OpenSSL::Query::PersonDB -priority 0); -with q(OpenSSL::Query::Role::Bureau); +with q(OpenSSL::Query::Role::OMC); has personfile => ( is => 'ro', default => 'persondb.yaml' ); has _persondb => ( is => 'lazy', builder => 1 ); diff --git a/QueryApp/lib/OpenSSL/Query/Role/Bureau.pm b/QueryApp/lib/OpenSSL/Query/Role/OMC.pm similarity index 81% rename from QueryApp/lib/OpenSSL/Query/Role/Bureau.pm rename to QueryApp/lib/OpenSSL/Query/Role/OMC.pm index f4771b5..9410084 100644 --- a/QueryApp/lib/OpenSSL/Query/Role/Bureau.pm +++ b/QueryApp/lib/OpenSSL/Query/Role/OMC.pm @@ -10,22 +10,22 @@ use strict; use warnings; -package OpenSSL::Query::Role::Bureau; +package OpenSSL::Query::Role::OMC; use Carp; use File::Spec::Functions; use Moo::Role; -has bureau => ( is => 'ro' ); +has omc => ( is => 'ro' ); sub _find_file { my $self = shift; my $filename = shift; my $envvar = shift; - my $bureau = $ENV{BUREAU} // $self->bureau; + my $omc = $ENV{OMC} // $ENV{BUREAU} // $self->omc; my @paths = ( $ENV{$envvar} // (), - $bureau ? catfile($bureau, $filename) : (), + $omc ? catfile($omc, $filename) : (), catfile('.', $filename) ); foreach (@paths) { return $_ if -r $_; From levitte at openssl.org Mon May 7 07:39:47 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 May 2018 07:39:47 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1525678787.678827.4923.nullmailer@dev.openssl.org> The branch master has been updated via 232417f8a0c556b5325d14ebc7630b776b2f1dfd (commit) via 73ef6aa692b56c1602abcb4fd090077cb7234d95 (commit) from ba63b292f904eca32e6c707575af3bee1a238172 (commit) - Log ----------------------------------------------------------------- commit 232417f8a0c556b5325d14ebc7630b776b2f1dfd Author: Richard Levitte Date: Mon May 7 09:39:37 2018 +0200 release-tools, review-tools: bureau => omc rename commit 73ef6aa692b56c1602abcb4fd090077cb7234d95 Author: Richard Levitte Date: Mon May 7 09:38:52 2018 +0200 clacheck: bureau => omc rename ----------------------------------------------------------------------- Summary of changes: clacheck/clacheck.py | 2 +- release-tools/README.md | 2 +- review-tools/README | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/clacheck/clacheck.py b/clacheck/clacheck.py index f63d9b2..afa09f0 100755 --- a/clacheck/clacheck.py +++ b/clacheck/clacheck.py @@ -18,7 +18,7 @@ Trivial = re.compile("^\s*CLA\s*:\s*TRIVIAL", re.IGNORECASE) URLpattern = re.compile("https?://([^/]*)/(.*)") SUCCESS = 'success' FAILURE = 'failure' -CLAFILE = "/var/cache/openssl/checkouts/bureau/cladb.txt" # +CLAFILE = "/var/cache/openssl/checkouts/omc/cladb.txt" # null_actions = ( 'assigned', 'unassigned', 'labeled', 'unlabeled', 'closed', diff --git a/release-tools/README.md b/release-tools/README.md index c10cb75..5376eec 100644 --- a/release-tools/README.md +++ b/release-tools/README.md @@ -221,7 +221,7 @@ Unfreeze the repository. ssh openssl-git at git.openssl.org unfreeze openssl If this release includes security fixes with a CVE then you should inform -MITRE about them. See the instructions at the top of cvepool.txt in bureau. +MITRE about them. See the instructions at the top of cvepool.txt in omc. Check mailing lists over the next few hours for reports of any success or failure. If necessary fix these and in the worst case make another diff --git a/review-tools/README b/review-tools/README index e601cc6..83f7802 100644 --- a/review-tools/README +++ b/review-tools/README @@ -13,7 +13,7 @@ Environment Some of the scripts use the information REST API on https://api.openssl.org. If you have direct access to the databases and want to use that instead, set -the environment variable BUREAU to the directory where they are located. +the environment variable OMC to the directory where they are located. The scripts =========== From levitte at openssl.org Mon May 7 07:53:50 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 May 2018 07:53:50 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1525679630.042493.7740.nullmailer@dev.openssl.org> The branch master has been updated via f37c4f5e3a9ef27283a395ffd0975e78067121ea (commit) from 232417f8a0c556b5325d14ebc7630b776b2f1dfd (commit) - Log ----------------------------------------------------------------- commit f37c4f5e3a9ef27283a395ffd0975e78067121ea Author: Richard Levitte Date: Mon May 7 09:53:44 2018 +0200 QueryApp: keep the bureau parameter key for backward compatibility ----------------------------------------------------------------------- Summary of changes: QueryApp/lib/OpenSSL/Query/Role/OMC.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/QueryApp/lib/OpenSSL/Query/Role/OMC.pm b/QueryApp/lib/OpenSSL/Query/Role/OMC.pm index 9410084..6cce602 100644 --- a/QueryApp/lib/OpenSSL/Query/Role/OMC.pm +++ b/QueryApp/lib/OpenSSL/Query/Role/OMC.pm @@ -17,13 +17,14 @@ use File::Spec::Functions; use Moo::Role; has omc => ( is => 'ro' ); +has bureau => ( is => 'ro' ); # Backward compat, omc takes precedense sub _find_file { my $self = shift; my $filename = shift; my $envvar = shift; - my $omc = $ENV{OMC} // $ENV{BUREAU} // $self->omc; + my $omc = $ENV{OMC} // $self->omc // $ENV{BUREAU} // $self->bureau; my @paths = ( $ENV{$envvar} // (), $omc ? catfile($omc, $filename) : (), catfile('.', $filename) ); From openssl at openssl.org Mon May 7 09:31:25 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 May 2018 09:31:25 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1525685485.078488.9453.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 781fb90 Cleanup 717f308 Configure: fix Mac OS X builds that still require makedepend 41d6e0f Configure: pass more suitable argument to compiler_predefined(). 0ad4078 Configure: move --noexecstack probe to Configure. 0d94212 BIO_s_mem() write: Skip early when input length is zero c16ab9d docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1261, 179 wallclock secs ( 1.75 usr 0.33 sys + 155.08 cusr 9.23 csys = 166.39 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon May 7 10:04:46 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 May 2018 10:04:46 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1525687486.571049.30110.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 781fb90 Cleanup 717f308 Configure: fix Mac OS X builds that still require makedepend 41d6e0f Configure: pass more suitable argument to compiler_predefined(). 0ad4078 Configure: move --noexecstack probe to Configure. 0d94212 BIO_s_mem() write: Skip early when input length is zero c16ab9d docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1261, 173 wallclock secs ( 1.51 usr 0.23 sys + 151.82 cusr 8.11 csys = 161.67 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From appro at openssl.org Mon May 7 15:14:12 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 07 May 2018 15:14:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525706052.575936.21209.nullmailer@dev.openssl.org> The branch master has been updated via a602decedb8d91385992d8e50cd1bb4bde111c33 (commit) via 9a96626ef478fe8037fc6c8e02f2f05bdf8d5c4e (commit) from 781fb90cd7ec28a0d4e94cbb4a95fecb72020c2d (commit) - Log ----------------------------------------------------------------- commit a602decedb8d91385992d8e50cd1bb4bde111c33 Author: Andy Polyakov Date: Sun May 6 18:36:09 2018 +0200 .travis.yml: temporarily mask gcc-5 ubsan build. Linking fails with "unrecognized option '--push-state--no-as-needed'", which is beyond our control. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6185) commit 9a96626ef478fe8037fc6c8e02f2f05bdf8d5c4e Author: Andy Polyakov Date: Sun May 6 18:30:59 2018 +0200 .travis.yml: minor facelift Apparently trusty image has newer clang, there is no need to pull clang-3.9 packages. It's clang-5.0.0, installation is a bit quirky, as it fails to compile for example strcmp(s,"-") without warning, and complains about unreferred -I flags. But it's argued that benefits of exercising newer sanitizer outweights the inconvenience of additional -D__NO_STRING_INLINE and -Wno-unused-command-line-argument. Also pull golang when actually needed. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6185) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/.travis.yml b/.travis.yml index 33c3751..d5147f1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,12 +16,6 @@ before_install: git submodule update --init --recursive; fi; -addons: - apt: - packages: - - ccache - - golang-1.6 - os: - linux - osx @@ -48,8 +42,8 @@ matrix: compiler: gcc-5 env: CONFIG_OPTS="--strict-warnings" COMMENT="Move to the BORINGTEST build when interoperable" - os: linux - compiler: clang-3.9 - env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes" + compiler: clang + env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES no-deprecated" BUILDONLY="yes" - os: linux addons: apt: @@ -64,6 +58,7 @@ matrix: packages: - gcc-5 - g++-5 + - golang-1.6 sources: - ubuntu-toolchain-r-test compiler: gcc-5 @@ -74,29 +69,30 @@ matrix: packages: - gcc-5 - g++-5 + - golang-1.6 sources: - ubuntu-toolchain-r-test compiler: gcc-5 env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-external-tests" BORINGSSL_TESTS="yes" CXX="g++-5" TESTS=95 - os: linux - compiler: clang-3.9 - env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan" - - os: linux - compiler: clang-3.9 - env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg -fno-sanitize=alignment no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" + compiler: clang + env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan -D__NO_STRING_INLINES -Wno-unused-command-line-argument" - os: linux - compiler: clang-3.9 - env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" + compiler: clang + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg no-shared -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" - os: linux - addons: - apt: - packages: - - gcc-5 - - g++-5 - sources: - - ubuntu-toolchain-r-test - compiler: gcc-5 - env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 + compiler: clang + env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" + #- os: linux + # addons: + # apt: + # packages: + # - gcc-5 + # - g++-5 + # sources: + # - ubuntu-toolchain-r-test + # compiler: gcc-5 + # env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 - os: linux addons: apt: From appro at openssl.org Mon May 7 15:17:39 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 07 May 2018 15:17:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525706259.884505.22534.nullmailer@dev.openssl.org> The branch master has been updated via 4ffc1842fa7da63b42da0e9553ebee33e2e173aa (commit) from a602decedb8d91385992d8e50cd1bb4bde111c33 (commit) - Log ----------------------------------------------------------------- commit 4ffc1842fa7da63b42da0e9553ebee33e2e173aa Author: FdaSilvaYY Date: Sun May 6 17:34:04 2018 +0200 windows-makefile.tmpl: rearrange cleanup commands to avoid ... deletion of *.exp files in krb5 sub-module. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6186) ----------------------------------------------------------------------- Summary of changes: Configurations/windows-makefile.tmpl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 0fe6ca2..0752bbe 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -362,9 +362,10 @@ clean: libclean -del /Q /F $(SCRIPTS) -del /Q /F $(GENERATED_MANDATORY) -del /Q /F $(GENERATED) - -del /Q /S /F *.d *.obj *.pdb *.exp *.ilk *.manifest - -del /Q /S /F engines\*.lib - -del /Q /S /F apps\*.lib apps\*.rc apps\*.res + -del /Q /S /F *.d *.obj *.pdb *.ilk *.manifest + -del /Q /S /F engines\*.lib engines\*.exp + -del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp + -del /Q /S /F test\*.exp -rmdir /Q /S test\test-runs distclean: clean From openssl at openssl.org Mon May 7 23:34:23 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 May 2018 23:34:23 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-chacha Message-ID: <1525736063.702989.9819.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-chacha Commit log since last time: 4ffc184 windows-makefile.tmpl: rearrange cleanup commands to avoid ... a602dec .travis.yml: temporarily mask gcc-5 ubsan build. 9a96626 .travis.yml: minor facelift Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1335, 213 wallclock secs ( 3.24 usr 0.35 sys + 178.30 cusr 11.51 csys = 193.40 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-chacha' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue May 8 01:31:57 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 May 2018 01:31:57 +0000 Subject: [openssl-commits] Build failed: openssl master.17882 Message-ID: <20180508013157.1.93F02DF1586C3FEB@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue May 8 05:56:03 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 May 2018 05:56:03 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-poly1305 Message-ID: <1525758963.990199.32529.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-poly1305 Commit log since last time: 4ffc184 windows-makefile.tmpl: rearrange cleanup commands to avoid ... a602dec .travis.yml: temporarily mask gcc-5 ubsan build. 9a96626 .travis.yml: minor facelift Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1336, 213 wallclock secs ( 3.00 usr 0.30 sys + 177.00 cusr 11.44 csys = 191.74 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-poly1305' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Tue May 8 07:47:50 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 08 May 2018 07:47:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525765670.670656.5589.nullmailer@dev.openssl.org> The branch master has been updated via e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 (commit) via 3d551b20df1acd01f80d3ae00d37177e0fdf344a (commit) from 4ffc1842fa7da63b42da0e9553ebee33e2e173aa (commit) - Log ----------------------------------------------------------------- commit e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 Author: Matt Caswell Date: Tue May 1 09:32:30 2018 +0100 Add a CMS API test Previous tests only invoked CMS via the command line app. This test uses the CMS API directly to do and encrypt and decrypt operation. This test would have caught the memory leak fixed by the previous commit (when building with enable-crypto-mdebug). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6142) commit 3d551b20df1acd01f80d3ae00d37177e0fdf344a Author: Matt Caswell Date: Tue May 1 09:29:17 2018 +0100 Fix a mem leak in CMS The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6142) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_env.c | 1 + crypto/cms/cms_smime.c | 1 + test/build.info | 6 +- test/cmsapitest.c | 93 ++++++++++++++++++++++ .../{90-test_tls13ccs.t => 80-test_cmsapi.t} | 13 ++- 5 files changed, 106 insertions(+), 8 deletions(-) create mode 100644 test/cmsapitest.c copy test/recipes/{90-test_tls13ccs.t => 80-test_cmsapi.t} (52%) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 6ca3be7..7c2d420 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } + EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 7e7b6e5..76883bf 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { + EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); diff --git a/test/build.info b/test/build.info index 1708e94..535c5aa 100644 --- a/test/build.info +++ b/test/build.info @@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ - sysdefaulttest + sysdefaulttest cmsapitest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -373,6 +373,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[servername_test]=../include DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a + SOURCE[cmsapitest]=cmsapitest.c + INCLUDE[cmsapitest]=../include + DEPEND[cmsapitest]=../libcrypto libtestutil.a + IF[{- !$disabled{psk} -}] PROGRAMS_NO_INST=dtls_mtu_test SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c diff --git a/test/cmsapitest.c b/test/cmsapitest.c new file mode 100644 index 0000000..a79ae8c --- /dev/null +++ b/test/cmsapitest.c @@ -0,0 +1,93 @@ +#include + +#include +#include +#include +#include + +#include "testutil.h" + +static X509 *cert = NULL; +static EVP_PKEY *privkey = NULL; + +static int test_encrypt_decrypt(void) +{ + int testresult = 0; + STACK_OF(X509) *certstack = sk_X509_new_null(); + const char *msg = "Hello world"; + BIO *msgbio = BIO_new_mem_buf(msg, strlen(msg)); + BIO *outmsgbio = BIO_new(BIO_s_mem()); + CMS_ContentInfo* content = NULL; + char buf[80]; + + if (!TEST_ptr(certstack) || !TEST_ptr(msgbio) || !TEST_ptr(outmsgbio)) + goto end; + + if (!TEST_int_gt(sk_X509_push(certstack, cert), 0)) + goto end; + + content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); + if (!TEST_ptr(content)) + goto end; + + if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, + CMS_TEXT))) + goto end; + + /* Check we got the message we first started with */ + if (!TEST_int_eq(BIO_gets(outmsgbio, buf, sizeof(buf)), strlen(msg)) + || !TEST_int_eq(strcmp(buf, msg), 0)) + goto end; + + testresult = 1; + end: + sk_X509_free(certstack); + BIO_free(msgbio); + BIO_free(outmsgbio); + CMS_ContentInfo_free(content); + + return testresult; +} + +int setup_tests(void) +{ + char *certin = NULL, *privkeyin = NULL; + BIO *certbio = NULL, *privkeybio = NULL; + + if (!TEST_ptr(certin = test_get_argument(0)) + || !TEST_ptr(privkeyin = test_get_argument(1))) + return 0; + + certbio = BIO_new_file(certin, "r"); + if (!TEST_ptr(certbio)) + return 0; + if (!TEST_true(PEM_read_bio_X509(certbio, &cert, NULL, NULL))) { + BIO_free(certbio); + return 0; + } + BIO_free(certbio); + + privkeybio = BIO_new_file(privkeyin, "r"); + if (!TEST_ptr(privkeybio)) { + X509_free(cert); + cert = NULL; + return 0; + } + if (!TEST_true(PEM_read_bio_PrivateKey(privkeybio, &privkey, NULL, NULL))) { + BIO_free(privkeybio); + X509_free(cert); + cert = NULL; + return 0; + } + BIO_free(privkeybio); + + ADD_TEST(test_encrypt_decrypt); + + return 1; +} + +void cleanup_tests(void) +{ + X509_free(cert); + EVP_PKEY_free(privkey); +} diff --git a/test/recipes/90-test_tls13ccs.t b/test/recipes/80-test_cmsapi.t similarity index 52% copy from test/recipes/90-test_tls13ccs.t copy to test/recipes/80-test_cmsapi.t index 2ec28ce..990f8a7 100644 --- a/test/recipes/90-test_tls13ccs.t +++ b/test/recipes/80-test_cmsapi.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,13 +10,12 @@ use OpenSSL::Test::Utils; use OpenSSL::Test qw/:DEFAULT srctop_file/; -my $test_name = "test_tls13ccs"; -setup($test_name); +setup("test_cmsapi"); -plan skip_all => "$test_name is not supported in this build" - if disabled("tls1_3"); +plan skip_all => "CMS is disabled in this build" if disabled("cms"); plan tests => 1; -ok(run(test(["tls13ccstest", srctop_file("apps", "server.pem"), - srctop_file("apps", "server.pem")])), "tls13ccstest"); +ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"), + srctop_file("test", "certs", "serverkey.pem")])), + "running cmsapitest"); From matt at openssl.org Tue May 8 07:50:53 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 08 May 2018 07:50:53 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1525765853.697185.6969.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2ddfe60be50bfeebd64e01b123fd7176e7226c87 (commit) from 414d19d0341407b211c64729df37889e2c572e12 (commit) - Log ----------------------------------------------------------------- commit 2ddfe60be50bfeebd64e01b123fd7176e7226c87 Author: Matt Caswell Date: Tue May 1 09:29:17 2018 +0100 Fix a mem leak in CMS The function CMS_RecipientInfo_set0_pkey() is a "set0" and therefore memory management passes to OpenSSL. If the same function is called again then we should ensure that any previous value that was set is freed first before we set it again. Fixes #5052 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6142) (cherry picked from commit 3d551b20df1acd01f80d3ae00d37177e0fdf344a) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_env.c | 1 + crypto/cms/cms_smime.c | 1 + 2 files changed, 2 insertions(+) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 8d45943..3ecda30 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } + EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 7e7b6e5..76883bf 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { + EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); From no-reply at appveyor.com Tue May 8 08:31:10 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 May 2018 08:31:10 +0000 Subject: [openssl-commits] Build completed: openssl master.17883 Message-ID: <20180508083110.1.30B3C393DF623702@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Tue May 8 08:44:38 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 08 May 2018 08:44:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525769078.512176.17263.nullmailer@dev.openssl.org> The branch master has been updated via 61e96557f9eae0258074c9cec7ad6aa1b9dde1df (commit) via f7506416b1311e65d5c440defdbcfe176f633c50 (commit) via ad962252857aac4350139fdbb6c8e3e6b0bdad7b (commit) via 6f6da2fe1710842c37c73ed2b114cf6942221db6 (commit) via f20404fce90919b614b737d07cc75d9e1c019fb8 (commit) from e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 (commit) - Log ----------------------------------------------------------------- commit 61e96557f9eae0258074c9cec7ad6aa1b9dde1df Author: Matt Caswell Date: Thu May 3 12:06:38 2018 +0100 Add a DTLS test for dropped records Drop a record from a handshake and check that we can still complete the handshake. Repeat for all records in the handshake. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) commit f7506416b1311e65d5c440defdbcfe176f633c50 Author: Matt Caswell Date: Thu May 3 16:00:51 2018 +0100 Keep the DTLS timer running after the end of the handshake if appropriate During a full handshake the server is the last one to "speak". The timer should continue to run until we know that the client has received our last flight (e.g. because we receive some application data). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) commit ad962252857aac4350139fdbb6c8e3e6b0bdad7b Author: Matt Caswell Date: Thu May 3 16:00:05 2018 +0100 Only auto-retry for DTLS if configured to do so Otherwise we may end up in a hang when using blocking sockets Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) commit 6f6da2fe1710842c37c73ed2b114cf6942221db6 Author: Matt Caswell Date: Thu May 3 15:59:31 2018 +0100 Fix s_client and s_server so that they correctly handle the DTLS timer Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) commit f20404fce90919b614b737d07cc75d9e1c019fb8 Author: Matt Caswell Date: Thu May 3 12:07:47 2018 +0100 Don't fail on an out-of-order CCS in DTLS Fixes #4929 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6170) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 7 +-- apps/s_server.c | 7 +-- ssl/record/rec_layer_d1.c | 25 ++++++++++ ssl/statem/statem.c | 4 +- ssl/statem/statem_clnt.c | 14 ++++++ ssl/statem/statem_lib.c | 18 +++++++ ssl/statem/statem_srvr.c | 14 ++++++ test/dtlstest.c | 121 +++++++++++++++++++++++++++++++++++++++++++++- test/ssltestlib.c | 83 ++++++++++++++++++++++++++++--- test/ssltestlib.h | 8 +++ 10 files changed, 281 insertions(+), 20 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 9d463f6..96f9da6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2703,8 +2703,7 @@ int s_client_main(int argc, char **argv) FD_ZERO(&readfds); FD_ZERO(&writefds); - if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; @@ -2815,10 +2814,8 @@ int s_client_main(int argc, char **argv) } } - if ((SSL_version(con) == DTLS1_VERSION) - && DTLSv1_handle_timeout(con) > 0) { + if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); - } if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); diff --git a/apps/s_server.c b/apps/s_server.c index ef39a4f..b0e9659 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2398,18 +2398,15 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) if ((i < 0) || (!i && !read_from_terminal)) continue; #else - if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; i = select(width, (void *)&readfds, NULL, NULL, timeoutp); - if ((SSL_version(con) == DTLS1_VERSION) - && DTLSv1_handle_timeout(con) > 0) { + if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); - } if (i <= 0) continue; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 97943d4..37a2eb1 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -444,6 +444,19 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && SSL3_RECORD_get_length(rr) != 0) s->rlayer.alert_count = 0; + if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE + && SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC + && !SSL_in_init(s) + && (s->d1->next_timeout.tv_sec != 0 + || s->d1->next_timeout.tv_usec != 0)) { + /* + * The timer is still running but we've received something that isn't + * handshake data - so the peer must have finished processing our + * last handshake flight. Stop the timer. + */ + dtls1_stop_timer(s); + } + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -664,6 +677,18 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } SSL3_RECORD_set_length(rr, 0); + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { + if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { + /* no read-ahead left? */ + BIO *bio; + + s->rwstate = SSL_READING; + bio = SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return -1; + } + } goto start; } diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 1f221e7..e836769 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -589,10 +589,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) * Validate that we are allowed to move to the new state and move * to that state if so */ - if (!transition(s, mt)) { - check_fatal(s, SSL_F_READ_STATE_MACHINE); + if (!transition(s, mt)) return SUB_STATE_ERROR; - } if (s->s3->tmp.message_size > max_message_size(s)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 91b986f..60e987a 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -375,6 +375,20 @@ int ossl_statem_client_read_transition(SSL *s, int mt) err: /* No valid transition found */ + if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + BIO *rbio; + + /* + * CCS messages don't have a message sequence number so this is probably + * because of an out-of-order CCS. We'll just drop it. + */ + s->init_num = 0; + s->rwstate = SSL_READING; + rbio = SSL_get_rbio(s); + BIO_clear_retry_flags(rbio); + BIO_set_retry_read(rbio); + return 0; + } SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE, SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE); diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 49b4443..74ad6e8 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1057,6 +1057,15 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) CRYPTO_atomic_add(&s->ctx->stats.sess_accept_good, 1, &discard, s->ctx->lock); s->handshake_func = ossl_statem_accept; + + if (SSL_IS_DTLS(s) && !s->hit) { + /* + * We are finishing after the client. We start the timer going + * in case there are any retransmits of our final flight + * required. + */ + dtls1_start_timer(s); + } } else { /* * In TLSv1.3 we update the cache as part of processing the @@ -1071,6 +1080,15 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) s->handshake_func = ossl_statem_connect; CRYPTO_atomic_add(&s->session_ctx->stats.sess_connect_good, 1, &discard, s->session_ctx->lock); + + if (SSL_IS_DTLS(s) && s->hit) { + /* + * We are finishing after the server. We start the timer going + * in case there are any retransmits of our final flight + * required. + */ + dtls1_start_timer(s); + } } if (SSL_IS_DTLS(s)) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index aa38fad..018daaa 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -277,6 +277,20 @@ int ossl_statem_server_read_transition(SSL *s, int mt) err: /* No valid transition found */ + if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + BIO *rbio; + + /* + * CCS messages don't have a message sequence number so this is probably + * because of an out-of-order CCS. We'll just drop it. + */ + s->init_num = 0; + s->rwstate = SSL_READING; + rbio = SSL_get_rbio(s); + BIO_clear_retry_flags(rbio); + BIO_set_retry_read(rbio); + return 0; + } SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE); diff --git a/test/dtlstest.c b/test/dtlstest.c index 16d4e0f..859ec6b 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -46,7 +46,7 @@ static unsigned int timer_cb(SSL *s, unsigned int timer_us) ++timer_cb_count; if (timer_us == 0) - return 1000000; + return 50000; else return 2 * timer_us; } @@ -114,6 +114,123 @@ static int test_dtls_unprocessed(int testidx) return testresult; } +#define CLI_TO_SRV_EPOCH_0_RECS 3 +#define CLI_TO_SRV_EPOCH_1_RECS 1 +#define SRV_TO_CLI_EPOCH_0_RECS 12 +#define SRV_TO_CLI_EPOCH_1_RECS 1 +#define TOTAL_FULL_HAND_RECORDS \ + (CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \ + SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS) + +#define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3 +#define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1 +#define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2 +#define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1 +#define TOTAL_RESUME_HAND_RECORDS \ + (CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \ + SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS) + +#define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS) + +static int test_dtls_drop_records(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + BIO *c_to_s_fbio, *mempackbio; + int testresult = 0; + int epoch = 0; + SSL_SESSION *sess = NULL; + int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0; + + if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + return 0; + + if (idx >= TOTAL_FULL_HAND_RECORDS) { + /* We're going to do a resumption handshake. Get a session first. */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_ptr(sess = SSL_get1_session(clientssl))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS; + cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS; + srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS; + idx -= TOTAL_FULL_HAND_RECORDS; + } else { + cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS; + cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS; + srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS; + } + + c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); + if (!TEST_ptr(c_to_s_fbio)) + goto end; + + /* BIO is freed by create_ssl_connection on error */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, c_to_s_fbio))) + goto end; + + if (sess != NULL) { + if (!TEST_true(SSL_set_session(clientssl, sess))) + goto end; + } + + DTLS_set_timer_cb(clientssl, timer_cb); + DTLS_set_timer_cb(serverssl, timer_cb); + + /* Work out which record to drop based on the test number */ + if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) { + mempackbio = SSL_get_wbio(serverssl); + idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1; + if (idx >= srv_to_cli_epoch0) { + epoch = 1; + idx -= srv_to_cli_epoch0; + } + } else { + mempackbio = SSL_get_wbio(clientssl); + if (idx >= cli_to_srv_epoch0) { + epoch = 1; + idx -= cli_to_srv_epoch0; + } + mempackbio = BIO_next(mempackbio); + } + BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL); + BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (sess != NULL && !TEST_true(SSL_session_reused(clientssl))) + goto end; + + /* If the test did what we planned then it should have dropped a record */ + if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0, + NULL), -1)) + goto end; + + testresult = 1; + end: + SSL_SESSION_free(sess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) @@ -121,6 +238,8 @@ int setup_tests(void) return 0; ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS); + ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS); + return 1; } diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 959e329..041ae26 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -12,6 +12,34 @@ #include "internal/nelem.h" #include "ssltestlib.h" #include "testutil.h" +#include "e_os.h" + +#ifdef OPENSSL_SYS_UNIX +# include + +static ossl_inline void ossl_sleep(unsigned int millis) { + usleep(millis * 1000); +} +#elif defined(_WIN32) +# include + +static ossl_inline void ossl_sleep(unsigned int millis) { + Sleep(millis); +} +#else +/* Fallback to a busy wait */ +static ossl_inline void ossl_sleep(unsigned int millis) { + struct timeval start, now; + unsigned int elapsedms; + + gettimeofday(&start, NULL); + do { + gettimeofday(&now, NULL); + elapsedms = (((now.tv_sec - start.tv_sec) * 1000000) + + now.tv_usec - start.tv_usec) / 1000; + } while (elapsedms < millis); +} +#endif static int tls_dump_new(BIO *bi); static int tls_dump_free(BIO *a); @@ -252,7 +280,10 @@ typedef struct mempacket_test_ctx_st { unsigned int currrec; unsigned int currpkt; unsigned int lastpkt; + unsigned int injected; unsigned int noinject; + unsigned int dropepoch; + int droprec; } MEMPACKET_TEST_CTX; static int mempacket_test_new(BIO *bi); @@ -295,6 +326,8 @@ static int mempacket_test_new(BIO *bio) OPENSSL_free(ctx); return 0; } + ctx->dropepoch = 0; + ctx->droprec = -1; BIO_set_init(bio, 1); BIO_set_data(bio, ctx); return 1; @@ -312,8 +345,8 @@ static int mempacket_test_free(BIO *bio) } /* Record Header values */ -#define EPOCH_HI 4 -#define EPOCH_LO 5 +#define EPOCH_HI 3 +#define EPOCH_LO 4 #define RECORD_SEQUENCE 10 #define RECORD_LEN_HI 11 #define RECORD_LEN_LO 12 @@ -341,15 +374,15 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) if (outl > thispkt->len) outl = thispkt->len; - if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ) { + if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ + && (ctx->injected || ctx->droprec >= 0)) { /* * Overwrite the record sequence number. We strictly number them in * the order received. Since we are actually a reliable transport * we know that there won't be any re-ordering. We overwrite to deal * with any packets that have been injected */ - for (rem = thispkt->len, rec = thispkt->data - ; rem > 0; rec += len, rem -= len) { + for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len) { if (rem < DTLS1_RT_HEADER_LENGTH) return -1; epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; @@ -364,10 +397,23 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) seq >>= 8; offset++; } while (seq > 0); - ctx->currrec++; len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) + DTLS1_RT_HEADER_LENGTH; + if (rem < (int)len) + return -1; + if (ctx->droprec == (int)ctx->currrec && ctx->dropepoch == epoch) { + if (rem > (int)len) + memmove(rec, rec + len, rem - len); + outl -= len; + ctx->droprec = -1; + if (outl == 0) + BIO_set_retry_read(bio); + } else { + rec += len; + } + + ctx->currrec++; } } @@ -390,6 +436,7 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, if (pktnum >= 0) { if (ctx->noinject) return -1; + ctx->injected = 1; } else { ctx->noinject = 1; } @@ -488,6 +535,15 @@ static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: ret = 1; break; + case MEMPACKET_CTRL_SET_DROP_EPOCH: + ctx->dropepoch = (unsigned int)num; + break; + case MEMPACKET_CTRL_SET_DROP_REC: + ctx->droprec = (int)num; + break; + case MEMPACKET_CTRL_GET_DROP_REC: + ret = ctx->droprec; + break; case BIO_CTRL_RESET: case BIO_CTRL_DUP: case BIO_CTRL_PUSH: @@ -627,6 +683,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) int clienterr = 0, servererr = 0; unsigned char buf; size_t readbytes; + int isdtls = SSL_is_dtls(serverssl); do { err = SSL_ERROR_WANT_WRITE; @@ -658,10 +715,24 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) return 0; if (clienterr && servererr) return 0; + if (isdtls) { + if (rets > 0 && retc <= 0) + DTLSv1_handle_timeout(serverssl); + if (retc > 0 && rets <= 0) + DTLSv1_handle_timeout(clientssl); + } if (++abortctr == MAXLOOPS) { TEST_info("No progress made"); return 0; } + if (isdtls && abortctr <= 50 && (abortctr % 10) == 0) { + /* + * It looks like we're just spinning. Pause for a short period to + * give the DTLS timer a chance to do something. We only do this for + * the first few times to prevent hangs. + */ + ossl_sleep(50); + } } while (retc <=0 || rets <= 0); /* diff --git a/test/ssltestlib.h b/test/ssltestlib.h index 353699d..c96dff5 100644 --- a/test/ssltestlib.h +++ b/test/ssltestlib.h @@ -32,6 +32,14 @@ void bio_s_mempacket_test_free(void); #define INJECT_PACKET 1 #define INJECT_PACKET_IGNORE_REC_SEQ 2 +/* + * Mempacket BIO ctrls. We make them large enough to not clash with standard BIO + * ctrl codes. + */ +#define MEMPACKET_CTRL_SET_DROP_EPOCH (1 << 15) +#define MEMPACKET_CTRL_SET_DROP_REC (2 << 15) +#define MEMPACKET_CTRL_GET_DROP_REC (3 << 15) + int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, int type); From openssl at openssl.org Tue May 8 09:37:27 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 May 2018 09:37:27 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1525772247.055780.13671.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 4ffc184 windows-makefile.tmpl: rearrange cleanup commands to avoid ... a602dec .travis.yml: temporarily mask gcc-5 ubsan build. 9a96626 .travis.yml: minor facelift Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1261, 180 wallclock secs ( 1.77 usr 0.29 sys + 152.50 cusr 9.78 csys = 164.34 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 8 10:11:14 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 May 2018 10:11:14 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1525774274.562968.1876.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 4ffc184 windows-makefile.tmpl: rearrange cleanup commands to avoid ... a602dec .travis.yml: temporarily mask gcc-5 ubsan build. 9a96626 .travis.yml: minor facelift Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=146, Tests=1261, 187 wallclock secs ( 1.72 usr 0.29 sys + 160.89 cusr 10.00 csys = 172.90 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From appro at openssl.org Tue May 8 10:44:56 2018 From: appro at openssl.org (Andy Polyakov) Date: Tue, 08 May 2018 10:44:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525776296.851153.5227.nullmailer@dev.openssl.org> The branch master has been updated via 7d859d1c8868b81c5d810021af0b40f355af4e1f (commit) from 61e96557f9eae0258074c9cec7ad6aa1b9dde1df (commit) - Log ----------------------------------------------------------------- commit 7d859d1c8868b81c5d810021af0b40f355af4e1f Author: Andy Polyakov Date: Mon May 7 10:27:45 2018 +0200 ec/ec_mult.c: get BN_CTX_start,end sequence right. Triggered by Coverity analysis. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6190) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_mult.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 4f6689a..6b5553c 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -140,7 +140,9 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, int ret = 0; if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) - goto err; + return 0; + + BN_CTX_start(ctx); order_bits = BN_num_bits(group->order); @@ -158,7 +160,6 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); - BN_CTX_start(ctx); lambda = BN_CTX_get(ctx); k = BN_CTX_get(ctx); if (k == NULL) From bernd.edlinger at hotmail.de Tue May 8 13:15:15 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 08 May 2018 13:15:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525785315.256749.2821.nullmailer@dev.openssl.org> The branch master has been updated via 8c8fbca92dc95bb8672dea194bbe414059a874d2 (commit) from 7d859d1c8868b81c5d810021af0b40f355af4e1f (commit) - Log ----------------------------------------------------------------- commit 8c8fbca92dc95bb8672dea194bbe414059a874d2 Author: Bernd Edlinger Date: Mon May 7 16:10:02 2018 +0200 Fix --strict-warnings build of ppc-linux target Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6191) ----------------------------------------------------------------------- Summary of changes: crypto/ppccap.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 2f7cd8e..48c6b83 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -28,6 +28,9 @@ #endif #include #include +#include +#include +#include "bn/bn_lcl.h" #include "ppc_arch.h" @@ -64,6 +67,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, void sha256_block_p8(void *ctx, const void *inp, size_t len); void sha256_block_ppc(void *ctx, const void *inp, size_t len); +void sha256_block_data_order(void *ctx, const void *inp, size_t len); void sha256_block_data_order(void *ctx, const void *inp, size_t len) { OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) : @@ -72,6 +76,7 @@ void sha256_block_data_order(void *ctx, const void *inp, size_t len) void sha512_block_p8(void *ctx, const void *inp, size_t len); void sha512_block_ppc(void *ctx, const void *inp, size_t len); +void sha512_block_data_order(void *ctx, const void *inp, size_t len); void sha512_block_data_order(void *ctx, const void *inp, size_t len) { OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) : @@ -106,16 +111,17 @@ void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len, unsigned int padbit); void poly1305_emit_fpu(void *ctx, unsigned char mac[16], const unsigned int nonce[4]); +int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]); int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]) { if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) { poly1305_init_fpu(ctx, key); - func[0] = poly1305_blocks_fpu; - func[1] = poly1305_emit_fpu; + func[0] = (void*)(uintptr_t)poly1305_blocks_fpu; + func[1] = (void*)(uintptr_t)poly1305_emit_fpu; } else { poly1305_init_int(ctx, key); - func[0] = poly1305_blocks; - func[1] = poly1305_emit; + func[0] = (void*)(uintptr_t)poly1305_blocks; + func[1] = (void*)(uintptr_t)poly1305_emit; } return 1; } From levitte at openssl.org Tue May 8 18:56:40 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 May 2018 18:56:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525805800.764775.26103.nullmailer@dev.openssl.org> The branch master has been updated via 06e0950d20d3110849dea28eb78cac4127618b48 (commit) from 8c8fbca92dc95bb8672dea194bbe414059a874d2 (commit) - Log ----------------------------------------------------------------- commit 06e0950d20d3110849dea28eb78cac4127618b48 Author: Richard Levitte Date: Tue May 8 20:15:27 2018 +0200 VMS rand: assign before check, not the other way around items->ile3$w_code was checked before it was assigned its value... Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6200) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_vms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index 0037466..b263f94 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -277,13 +277,13 @@ static size_t prepare_item_list(const struct item_st *items_input, for (; items_input_num-- > 0; items_input++, items++) { + items->ile3$w_code = items_input->code; /* Special treatment of JPI$_FINALEXC */ if (items->ile3$w_code == JPI$_FINALEXC) items->ile3$w_length = 4; else items->ile3$w_length = items_input->length; - items->ile3$w_code = items_input->code; items->ile3$ps_bufaddr = databuffer; items->ile3$ps_retlen_addr = 0; From openssl at openssl.org Tue May 8 23:35:09 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 May 2018 23:35:09 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-chacha Message-ID: <1525822509.434455.20068.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-chacha Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1336, 221 wallclock secs ( 3.05 usr 0.30 sys + 186.00 cusr 10.98 csys = 200.33 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-chacha' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue May 8 23:41:52 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 May 2018 23:41:52 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1525822912.096830.29688.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sm2 > test/buildtest_sm2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c ../openssl/test/cmsapitest.c:20:5: error: use of undeclared identifier 'CMS_ContentInfo' CMS_ContentInfo* content = NULL; ^ ../openssl/test/cmsapitest.c:20:22: error: use of undeclared identifier 'content' CMS_ContentInfo* content = NULL; ^ ../openssl/test/cmsapitest.c:29:5: error: use of undeclared identifier 'content' content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); ^ ../openssl/test/cmsapitest.c:29:15: error: implicit declaration of function 'CMS_encrypt' is invalid in C99 [-Werror,-Wimplicit-function-declaration] content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); ^ ../openssl/test/cmsapitest.c:29:65: error: use of undeclared identifier 'CMS_TEXT' content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); ^ ../openssl/test/cmsapitest.c:30:19: error: use of undeclared identifier 'content' if (!TEST_ptr(content)) ^ ../openssl/test/cmsapitest.c:33:20: error: implicit declaration of function 'CMS_decrypt' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, ^ ../openssl/test/cmsapitest.c:33:20: note: did you mean 'CMS_encrypt'? ../openssl/test/cmsapitest.c:29:15: note: 'CMS_encrypt' declared here content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); ^ ../openssl/test/cmsapitest.c:33:32: error: use of undeclared identifier 'content' if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, ^ ../openssl/test/cmsapitest.c:34:32: error: use of undeclared identifier 'CMS_TEXT' CMS_TEXT))) ^ ../openssl/test/cmsapitest.c:47:5: error: implicit declaration of function 'CMS_ContentInfo_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] CMS_ContentInfo_free(content); ^ ../openssl/test/cmsapitest.c:47:26: error: use of undeclared identifier 'content' CMS_ContentInfo_free(content); ^ 11 errors generated. Makefile:8173: recipe for target 'test/cmsapitest.o' failed make[1]: *** [test/cmsapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Wed May 9 05:51:08 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 May 2018 05:51:08 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-poly1305 Message-ID: <1525845068.282697.14806.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-poly1305 Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1337, 209 wallclock secs ( 3.03 usr 0.36 sys + 173.21 cusr 11.62 csys = 188.22 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-poly1305' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed May 9 08:19:13 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 May 2018 08:19:13 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1525853953.460414.13058.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1338, 415 wallclock secs ( 3.08 usr 0.30 sys + 366.78 cusr 24.54 csys = 394.70 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed May 9 09:32:37 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 May 2018 09:32:37 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1525858357.436708.25025.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1262, 186 wallclock secs ( 1.73 usr 0.33 sys + 160.14 cusr 9.34 csys = 171.54 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed May 9 10:06:20 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 May 2018 10:06:20 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1525860380.067928.13590.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1262, 181 wallclock secs ( 1.65 usr 0.30 sys + 154.84 cusr 9.36 csys = 166.15 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From appro at openssl.org Wed May 9 11:30:58 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 09 May 2018 11:30:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525865459.003655.3358.nullmailer@dev.openssl.org> The branch master has been updated via 60845a0aa4e54f2973bc178daa5ed475ea4e148d (commit) via 0dae8bafceabc8966383aa1f11ee8622f7dbde2f (commit) via a7b0b69c6e9fa172aeb1ac0ede5ef306315dd80c (commit) via fe2d3975880e6a89702f18ec58881307bf862542 (commit) from 06e0950d20d3110849dea28eb78cac4127618b48 (commit) - Log ----------------------------------------------------------------- commit 60845a0aa4e54f2973bc178daa5ed475ea4e148d Author: Nicola Tuveri Date: Wed Apr 25 15:27:59 2018 +0300 Add CHANGES entry for PR#6009 Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6070) commit 0dae8bafceabc8966383aa1f11ee8622f7dbde2f Author: Billy Brumley Date: Tue Apr 24 16:03:42 2018 +0300 Add blinding in BN_GF2m_mod_inv for binary field inversions Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6070) commit a7b0b69c6e9fa172aeb1ac0ede5ef306315dd80c Author: Billy Brumley Date: Tue Apr 24 16:01:53 2018 +0300 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6070) commit fe2d3975880e6a89702f18ec58881307bf862542 Author: Billy Brumley Date: Tue Apr 24 16:00:08 2018 +0300 ECDSA: remove nonce padding (delegated to EC_POINT_mul) * EC_POINT_mul is now responsible for constant time point multiplication (for single fixed or variable point multiplication, when the scalar is in the range [0,group_order), so we need to strip the nonce padding from ECDSA. * Entry added to CHANGES * Updated EC_POINT_mul documentation - Integrate existing EC_POINT_mul and EC_POINTs_mul entries in the manpage to reflect the shift in constant-time expectations when performing a single fixed or variable point multiplication; - Add documentation to ec_method_st to reflect the updated "contract" between callers and implementations of ec_method_st.mul. Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6070) ----------------------------------------------------------------------- Summary of changes: CHANGES | 20 +++ crypto/bn/bn_gf2m.c | 132 +++++---------- crypto/ec/build.info | 2 +- crypto/ec/ec2_mult.c | 404 ---------------------------------------------- crypto/ec/ec2_smpl.c | 11 +- crypto/ec/ec_lcl.h | 25 ++- crypto/ec/ec_mult.c | 4 +- crypto/ec/ecdsa_ossl.c | 17 -- doc/man3/EC_POINT_add.pod | 8 +- 9 files changed, 90 insertions(+), 533 deletions(-) delete mode 100644 crypto/ec/ec2_mult.c diff --git a/CHANGES b/CHANGES index a13183f..e8b92cc 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,26 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Apply blinding to binary field modular inversion and remove patent + pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation. + [Billy Bob Brumley] + + *) Deprecate ec2_mult.c and unify scalar multiplication code paths for + binary and prime elliptic curves. + [Billy Bob Brumley] + + *) Remove ECDSA nonce padding: EC_POINT_mul is now responsible for + constant time fixed point multiplication. + [Billy Bob Brumley] + + *) Revise elliptic curve scalar multiplication with timing attack + defenses: ec_wNAF_mul redirects to a constant time implementation + when computing fixed point and variable point multiplication (which + in OpenSSL are mostly used with secret scalars in keygen, sign, + ECDH derive operations). + [Billy Bob Brumley, Nicola Tuveri, Cesar Pereida Garc?a, + Sohaib ul Hassan] + *) Updated CONTRIBUTING [Rich Salz] diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 16868f7..287adf3 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -547,7 +547,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic * Curve Cryptography Over Binary Fields". */ -int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, BN_CTX *ctx) { BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; int ret = 0; @@ -713,6 +714,46 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) return ret; } +/*- + * Wrapper for BN_GF2m_mod_inv_vartime that blinds the input before calling. + * This is not constant time. + * But it does eliminate first order deduction on the input. + */ +int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +{ + BIGNUM *b = NULL; + int ret = 0; + + BN_CTX_start(ctx); + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; + + /* generate blinding value */ + do { + if (!BN_priv_rand(b, BN_num_bits(p) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + goto err; + } while (BN_is_zero(b)); + + /* r := a * b */ + if (!BN_GF2m_mod_mul(r, a, b, p, ctx)) + goto err; + + /* r := 1/(a * b) */ + if (!BN_GF2m_mod_inv_vartime(r, r, p, ctx)) + goto err; + + /* r := b/(a * b) = 1/a */ + if (!BN_GF2m_mod_mul(r, r, b, p, ctx)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + /* * Invert xx, reduce modulo p, and store the result in r. r could be xx. * This function calls down to the BN_GF2m_mod_inv implementation; this @@ -740,7 +781,6 @@ int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], return ret; } -# ifndef OPENSSL_SUN_GF2M_DIV /* * Divide y by x, reduce modulo p, and store the result in r. r could be x * or y, x could equal y. @@ -771,94 +811,6 @@ int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, BN_CTX_end(ctx); return ret; } -# else -/* - * Divide y by x, reduce modulo p, and store the result in r. r could be x - * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from - * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to the - * Great Divide". - */ -int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, - const BIGNUM *p, BN_CTX *ctx) -{ - BIGNUM *a, *b, *u, *v; - int ret = 0; - - bn_check_top(y); - bn_check_top(x); - bn_check_top(p); - - BN_CTX_start(ctx); - - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - u = BN_CTX_get(ctx); - v = BN_CTX_get(ctx); - if (v == NULL) - goto err; - - /* reduce x and y mod p */ - if (!BN_GF2m_mod(u, y, p)) - goto err; - if (!BN_GF2m_mod(a, x, p)) - goto err; - if (!BN_copy(b, p)) - goto err; - - while (!BN_is_odd(a)) { - if (!BN_rshift1(a, a)) - goto err; - if (BN_is_odd(u)) - if (!BN_GF2m_add(u, u, p)) - goto err; - if (!BN_rshift1(u, u)) - goto err; - } - - do { - if (BN_GF2m_cmp(b, a) > 0) { - if (!BN_GF2m_add(b, b, a)) - goto err; - if (!BN_GF2m_add(v, v, u)) - goto err; - do { - if (!BN_rshift1(b, b)) - goto err; - if (BN_is_odd(v)) - if (!BN_GF2m_add(v, v, p)) - goto err; - if (!BN_rshift1(v, v)) - goto err; - } while (!BN_is_odd(b)); - } else if (BN_abs_is_word(a, 1)) - break; - else { - if (!BN_GF2m_add(a, a, b)) - goto err; - if (!BN_GF2m_add(u, u, v)) - goto err; - do { - if (!BN_rshift1(a, a)) - goto err; - if (BN_is_odd(u)) - if (!BN_GF2m_add(u, u, p)) - goto err; - if (!BN_rshift1(u, u)) - goto err; - } while (!BN_is_odd(a)); - } - } while (1); - - if (!BN_copy(r, u)) - goto err; - bn_check_top(r); - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} -# endif /* * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx diff --git a/crypto/ec/build.info b/crypto/ec/build.info index 1e7814f..db506c5 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -2,7 +2,7 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c \ - ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c \ + ec2_smpl.c ec_ameth.c ec_pmeth.c eck_prn.c \ ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \ ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \ ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \ diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c deleted file mode 100644 index 891e810..0000000 --- a/crypto/ec/ec2_mult.c +++ /dev/null @@ -1,404 +0,0 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "internal/bn_int.h" -#include "ec_lcl.h" - -#ifndef OPENSSL_NO_EC2M - -/*- - * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective - * coordinates. - * Uses algorithm Mdouble in appendix of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation" (CHES '99, LNCS 1717). - * modified to not require precomputation of c=b^{2^{m-1}}. - */ -static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, - BN_CTX *ctx) -{ - BIGNUM *t1; - int ret = 0; - - /* Since Mdouble is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - if (t1 == NULL) - goto err; - - if (!group->meth->field_sqr(group, x, x, ctx)) - goto err; - if (!group->meth->field_sqr(group, t1, z, ctx)) - goto err; - if (!group->meth->field_mul(group, z, x, t1, ctx)) - goto err; - if (!group->meth->field_sqr(group, x, x, ctx)) - goto err; - if (!group->meth->field_sqr(group, t1, t1, ctx)) - goto err; - if (!group->meth->field_mul(group, t1, group->b, t1, ctx)) - goto err; - if (!BN_GF2m_add(x, x, t1)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery - * projective coordinates. - * Uses algorithm Madd in appendix of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation" (CHES '99, LNCS 1717). - */ -static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, - BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2, - BN_CTX *ctx) -{ - BIGNUM *t1, *t2; - int ret = 0; - - /* Since Madd is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t2 == NULL) - goto err; - - if (!BN_copy(t1, x)) - goto err; - if (!group->meth->field_mul(group, x1, x1, z2, ctx)) - goto err; - if (!group->meth->field_mul(group, z1, z1, x2, ctx)) - goto err; - if (!group->meth->field_mul(group, t2, x1, z1, ctx)) - goto err; - if (!BN_GF2m_add(z1, z1, x1)) - goto err; - if (!group->meth->field_sqr(group, z1, z1, ctx)) - goto err; - if (!group->meth->field_mul(group, x1, z1, t1, ctx)) - goto err; - if (!BN_GF2m_add(x1, x1, t2)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) - * using Montgomery point multiplication algorithm Mxy() in appendix of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation" (CHES '99, LNCS 1717). - * Returns: - * 0 on error - * 1 if return value should be the point at infinity - * 2 otherwise - */ -static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, - BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, - BN_CTX *ctx) -{ - BIGNUM *t3, *t4, *t5; - int ret = 0; - - if (BN_is_zero(z1)) { - BN_zero(x2); - BN_zero(z2); - return 1; - } - - if (BN_is_zero(z2)) { - if (!BN_copy(x2, x)) - return 0; - if (!BN_GF2m_add(z2, x, y)) - return 0; - return 2; - } - - /* Since Mxy is static we can guarantee that ctx != NULL. */ - BN_CTX_start(ctx); - t3 = BN_CTX_get(ctx); - t4 = BN_CTX_get(ctx); - t5 = BN_CTX_get(ctx); - if (t5 == NULL) - goto err; - - if (!BN_one(t5)) - goto err; - - if (!group->meth->field_mul(group, t3, z1, z2, ctx)) - goto err; - - if (!group->meth->field_mul(group, z1, z1, x, ctx)) - goto err; - if (!BN_GF2m_add(z1, z1, x1)) - goto err; - if (!group->meth->field_mul(group, z2, z2, x, ctx)) - goto err; - if (!group->meth->field_mul(group, x1, z2, x1, ctx)) - goto err; - if (!BN_GF2m_add(z2, z2, x2)) - goto err; - - if (!group->meth->field_mul(group, z2, z2, z1, ctx)) - goto err; - if (!group->meth->field_sqr(group, t4, x, ctx)) - goto err; - if (!BN_GF2m_add(t4, t4, y)) - goto err; - if (!group->meth->field_mul(group, t4, t4, t3, ctx)) - goto err; - if (!BN_GF2m_add(t4, t4, z2)) - goto err; - - if (!group->meth->field_mul(group, t3, t3, x, ctx)) - goto err; - if (!group->meth->field_div(group, t3, t5, t3, ctx)) - goto err; - if (!group->meth->field_mul(group, t4, t3, t4, ctx)) - goto err; - if (!group->meth->field_mul(group, x2, x1, t3, ctx)) - goto err; - if (!BN_GF2m_add(z2, x2, x)) - goto err; - - if (!group->meth->field_mul(group, z2, z2, t4, ctx)) - goto err; - if (!BN_GF2m_add(z2, z2, y)) - goto err; - - ret = 2; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Computes scalar*point and stores the result in r. - * point can not equal r. - * Uses a modified algorithm 2P of - * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over - * GF(2^m) without precomputation" (CHES '99, LNCS 1717). - * - * To protect against side-channel attack the function uses constant time swap, - * avoiding conditional branches. - */ -static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, - EC_POINT *r, - const BIGNUM *scalar, - const EC_POINT *point, - BN_CTX *ctx) -{ - BIGNUM *x1, *x2, *z1, *z2; - int ret = 0, i, group_top; - BN_ULONG mask, word; - - if (r == point) { - ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); - return 0; - } - - /* if result should be point at infinity */ - if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || - EC_POINT_is_at_infinity(group, point)) { - return EC_POINT_set_to_infinity(group, r); - } - - /* only support affine coordinates */ - if (!point->Z_is_one) - return 0; - - /* - * Since point_multiply is static we can guarantee that ctx != NULL. - */ - BN_CTX_start(ctx); - x1 = BN_CTX_get(ctx); - z1 = BN_CTX_get(ctx); - if (z1 == NULL) - goto err; - - x2 = r->X; - z2 = r->Y; - - group_top = bn_get_top(group->field); - if (bn_wexpand(x1, group_top) == NULL - || bn_wexpand(z1, group_top) == NULL - || bn_wexpand(x2, group_top) == NULL - || bn_wexpand(z2, group_top) == NULL) - goto err; - - if (!BN_GF2m_mod_arr(x1, point->X, group->poly)) - goto err; /* x1 = x */ - if (!BN_one(z1)) - goto err; /* z1 = 1 */ - if (!group->meth->field_sqr(group, z2, x1, ctx)) - goto err; /* z2 = x1^2 = x^2 */ - if (!group->meth->field_sqr(group, x2, z2, ctx)) - goto err; - if (!BN_GF2m_add(x2, x2, group->b)) - goto err; /* x2 = x^4 + b */ - - /* find top most bit and go one past it */ - i = bn_get_top(scalar) - 1; - mask = BN_TBIT; - word = bn_get_words(scalar)[i]; - while (!(word & mask)) - mask >>= 1; - mask >>= 1; - /* if top most bit was at word break, go to next word */ - if (!mask) { - i--; - mask = BN_TBIT; - } - - for (; i >= 0; i--) { - word = bn_get_words(scalar)[i]; - while (mask) { - BN_consttime_swap(word & mask, x1, x2, group_top); - BN_consttime_swap(word & mask, z1, z2, group_top); - if (!gf2m_Madd(group, point->X, x2, z2, x1, z1, ctx)) - goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) - goto err; - BN_consttime_swap(word & mask, x1, x2, group_top); - BN_consttime_swap(word & mask, z1, z2, group_top); - mask >>= 1; - } - mask = BN_TBIT; - } - - /* convert out of "projective" coordinates */ - i = gf2m_Mxy(group, point->X, point->Y, x1, z1, x2, z2, ctx); - if (i == 0) - goto err; - else if (i == 1) { - if (!EC_POINT_set_to_infinity(group, r)) - goto err; - } else { - if (!BN_one(r->Z)) - goto err; - r->Z_is_one = 1; - } - - /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ - BN_set_negative(r->X, 0); - BN_set_negative(r->Y, 0); - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Computes the sum - * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] - * gracefully ignoring NULL scalar values. - */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - int ret = 0; - size_t i; - EC_POINT *p = NULL; - EC_POINT *acc = NULL; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } - - /* - * This implementation is more efficient than the wNAF implementation for - * 2 or fewer points. Use the ec_wNAF_mul implementation for 3 or more - * points, or if we can perform a fast multiplication based on - * precomputation. - */ - if ((scalar && (num > 1)) || (num > 2) - || (num == 0 && EC_GROUP_have_precompute_mult(group))) { - ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - goto err; - } - - if ((p = EC_POINT_new(group)) == NULL) - goto err; - if ((acc = EC_POINT_new(group)) == NULL) - goto err; - - if (!EC_POINT_set_to_infinity(group, acc)) - goto err; - - if (scalar) { - if (!ec_GF2m_montgomery_point_multiply - (group, p, scalar, group->generator, ctx)) - goto err; - if (BN_is_negative(scalar)) - if (!group->meth->invert(group, p, ctx)) - goto err; - if (!group->meth->add(group, acc, acc, p, ctx)) - goto err; - } - - for (i = 0; i < num; i++) { - if (!ec_GF2m_montgomery_point_multiply - (group, p, scalars[i], points[i], ctx)) - goto err; - if (BN_is_negative(scalars[i])) - if (!group->meth->invert(group, p, ctx)) - goto err; - if (!group->meth->add(group, acc, acc, p, ctx)) - goto err; - } - - if (!EC_POINT_copy(r, acc)) - goto err; - - ret = 1; - - err: - EC_POINT_free(p); - EC_POINT_free(acc); - BN_CTX_free(new_ctx); - return ret; -} - -/* - * Precomputation for point multiplication: fall back to wNAF methods because - * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate - */ - -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -{ - return ec_wNAF_precompute_mult(group, ctx); -} - -int ec_GF2m_have_precompute_mult(const EC_GROUP *group) -{ - return ec_wNAF_have_precompute_mult(group); -} - -#endif diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 6bd5f9d..b73805a 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -47,14 +47,9 @@ const EC_METHOD *EC_GF2m_simple_method(void) ec_GF2m_simple_cmp, ec_GF2m_simple_make_affine, ec_GF2m_simple_points_make_affine, - - /* - * the following three method functions are defined in ec2_mult.c - */ - ec_GF2m_simple_mul, - ec_GF2m_precompute_mult, - ec_GF2m_have_precompute_mult, - + 0 /* mul */, + 0 /* precompute_mul */, + 0 /* have_precompute_mul */, ec_GF2m_simple_field_mul, ec_GF2m_simple_field_sqr, ec_GF2m_simple_field_div, diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 413a906..36c65c5 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -120,6 +120,23 @@ struct ec_method_st { * EC_POINT_have_precompute_mult (default implementations are used if the * 'mul' pointer is 0): */ + /*- + * mul() calculates the value + * + * r := generator * scalar + * + points[0] * scalars[0] + * + ... + * + points[num-1] * scalars[num-1]. + * + * For a fixed point multiplication (scalar != NULL, num == 0) + * or a variable point multiplication (scalar == NULL, num == 1), + * mul() must use a constant time algorithm: in both cases callers + * should provide an input scalar (either scalar or scalars[0]) + * in the range [0, ec_group_order); for robustness, implementers + * should handle the case when the scalar has not been reduced, but + * may treat it as an unusual input, without any constant-timeness + * guarantee. + */ int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); @@ -426,14 +443,6 @@ int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -/* method functions in ec2_mult.c */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GF2m_have_precompute_mult(const EC_GROUP *group); - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* method functions in ecp_nistp224.c */ int ec_GFp_nistp224_group_init(EC_GROUP *group); diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 6b5553c..1f34329 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -113,9 +113,9 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) * * At a high level, it is Montgomery ladder with conditional swaps. * - * It performs either a fixed scalar point multiplication + * It performs either a fixed point multiplication * (scalar * generator) - * when point is NULL, or a generic scalar point multiplication + * when point is NULL, or a variable point multiplication * (scalar * point) * when point is not NULL. * diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 2c9e5a8..7842851 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -105,23 +105,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } while (BN_is_zero(k)); - /* - * We do not want timing information to leak the length of k, so we - * compute G*k using an equivalent scalar of fixed bit-length. - * - * We unconditionally perform both of these additions to prevent a - * small timing information leakage. We then choose the sum that is - * one bit longer than the order. This guarantees the code - * path used in the constant time implementations elsewhere. - * - * TODO: revisit the BN_copy aiming for a memory access agnostic - * conditional copy. - */ - if (!BN_add(r, k, order) - || !BN_add(X, r, order) - || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X)) - goto err; - /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod index 3c047e1..21abf46 100644 --- a/doc/man3/EC_POINT_add.pod +++ b/doc/man3/EC_POINT_add.pod @@ -43,10 +43,12 @@ The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal co-ordinate system. In the case of EC_POINTs_make_affine the value B provides the number of points in the array B to be forced. -EC_POINT_mul calculates the value generator * B + B * B and stores the result in B. The value B may be NULL in which case the result is just B * B. +EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * B + B * B and stores the result in B. +The value B may be NULL in which case the result is just B * B (variable point multiplication). Alternatively, both B and B may be NULL, and B non-NULL, in which case the result is just generator * B (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either B or B) is in the range [0, ec_group_order). -EC_POINTs_mul calculates the value generator * B + B * B + ... + B * B. As for EC_POINT_mul the value -B may be NULL. +EC_POINTs_mul calculates the value generator * B + B * B + ... + B * B. As for EC_POINT_mul the value B may be NULL or B may be zero. +When performing a fixed point multiplication (B is non-NULL and B is 0) or a variable point multiplication (B is NULL and B is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either B or B) is in the range [0, ec_group_order). The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L for information From matthias.st.pierre at ncp-e.com Wed May 9 15:17:17 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 09 May 2018 15:17:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525879037.976411.9731.nullmailer@dev.openssl.org> The branch master has been updated via 7f35627c7943c213f7f8555d13b83288cccd5fc9 (commit) from 60845a0aa4e54f2973bc178daa5ed475ea4e148d (commit) - Log ----------------------------------------------------------------- commit 7f35627c7943c213f7f8555d13b83288cccd5fc9 Author: Dr. Matthias St. Pierre Date: Tue May 8 12:32:12 2018 +0200 Fix typos in x509 documentation Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6207) ----------------------------------------------------------------------- Summary of changes: doc/man3/X509_NAME_get_index_by_NID.pod | 2 +- doc/man3/X509_cmp_time.pod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/X509_NAME_get_index_by_NID.pod b/doc/man3/X509_NAME_get_index_by_NID.pod index 5579dab..283d0f2 100644 --- a/doc/man3/X509_NAME_get_index_by_NID.pod +++ b/doc/man3/X509_NAME_get_index_by_NID.pod @@ -49,7 +49,7 @@ of space needed in B (excluding the final null) is returned. =head1 NOTES X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() should be -considered deprecaated because they +considered deprecated because they have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can diff --git a/doc/man3/X509_cmp_time.pod b/doc/man3/X509_cmp_time.pod index 911814e..4b5cb67 100644 --- a/doc/man3/X509_cmp_time.pod +++ b/doc/man3/X509_cmp_time.pod @@ -46,7 +46,7 @@ X509_cmp_time() and X509_cmp_current_time() return -1 if B is earlier than, or equal to, B (resp. current time), and 1 otherwise. These methods return 0 on error. -X509_time_ad() and X509_time_adj_ex() return a pointer to the updated +X509_time_adj() and X509_time_adj_ex() return a pointer to the updated ASN1_TIME structure, and NULL on error. =head1 COPYRIGHT From matt at openssl.org Wed May 9 22:27:23 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 09 May 2018 22:27:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525904843.964058.16665.nullmailer@dev.openssl.org> The branch master has been updated via a01b9cd5a76ea45e083dbf2ca002ca44ce3f525f (commit) via 60155b9ae1bcf8490a193b2c1cf8ae57f8746321 (commit) from 7f35627c7943c213f7f8555d13b83288cccd5fc9 (commit) - Log ----------------------------------------------------------------- commit a01b9cd5a76ea45e083dbf2ca002ca44ce3f525f Author: Matt Caswell Date: Wed May 9 12:05:39 2018 +0100 Fix no-cms Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6205) commit 60155b9ae1bcf8490a193b2c1cf8ae57f8746321 Author: Matt Caswell Date: Wed May 9 11:49:02 2018 +0100 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6205) ----------------------------------------------------------------------- Summary of changes: test/build.info | 11 +++++++---- test/sslapitest.c | 15 ++++++++++++++- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/test/build.info b/test/build.info index 535c5aa..c3a0904 100644 --- a/test/build.info +++ b/test/build.info @@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ - sysdefaulttest cmsapitest + sysdefaulttest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -373,9 +373,12 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[servername_test]=../include DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a - SOURCE[cmsapitest]=cmsapitest.c - INCLUDE[cmsapitest]=../include - DEPEND[cmsapitest]=../libcrypto libtestutil.a + IF[{- !$disabled{cms} -}] + PROGRAMS_NO_INST=cmsapitest + SOURCE[cmsapitest]=cmsapitest.c + INCLUDE[cmsapitest]=../include + DEPEND[cmsapitest]=../libcrypto libtestutil.a + ENDIF IF[{- !$disabled{psk} -}] PROGRAMS_NO_INST=dtls_mtu_test diff --git a/test/sslapitest.c b/test/sslapitest.c index 0aac80b..0a3d515 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4460,6 +4460,11 @@ static struct { const char *srvrtls13ciphers; const char *shared; } shared_ciphers_data[] = { +/* + * We can't establish a connection (even in TLSv1.1) with these ciphersuites if + * TLSv1.3 is enabled but TLSv1.2 is disabled. + */ +#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) { TLS1_2_VERSION, "AES128-SHA:AES256-SHA", @@ -4484,7 +4489,13 @@ static struct { NULL, "AES128-SHA" }, -#ifndef OPENSSL_NO_TLS1_3 +#endif +/* + * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be + * enabled. + */ +#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \ + && !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) { TLS1_3_VERSION, "AES128-SHA:AES256-SHA", @@ -4494,6 +4505,8 @@ static struct { "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:" "TLS_AES_128_GCM_SHA256:AES256-SHA" }, +#endif +#ifndef OPENSSL_NO_TLS1_3 { TLS1_3_VERSION, "AES128-SHA", From openssl at openssl.org Wed May 9 23:45:42 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 May 2018 23:45:42 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-chacha Message-ID: <1525909542.078653.30481.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-chacha Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1336, 252 wallclock secs ( 3.11 usr 0.31 sys + 215.50 cusr 11.36 csys = 230.28 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-chacha' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed May 9 23:52:55 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 May 2018 23:52:55 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1525909975.598412.7783.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sm2 > test/buildtest_sm2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c ../openssl/test/cmsapitest.c:20:5: error: use of undeclared identifier 'CMS_ContentInfo' CMS_ContentInfo* content = NULL; ^ ../openssl/test/cmsapitest.c:20:22: error: use of undeclared identifier 'content' CMS_ContentInfo* content = NULL; ^ ../openssl/test/cmsapitest.c:29:5: error: use of undeclared identifier 'content' content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); ^ ../openssl/test/cmsapitest.c:29:15: error: implicit declaration of function 'CMS_encrypt' is invalid in C99 [-Werror,-Wimplicit-function-declaration] content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); ^ ../openssl/test/cmsapitest.c:29:65: error: use of undeclared identifier 'CMS_TEXT' content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); ^ ../openssl/test/cmsapitest.c:30:19: error: use of undeclared identifier 'content' if (!TEST_ptr(content)) ^ ../openssl/test/cmsapitest.c:33:20: error: implicit declaration of function 'CMS_decrypt' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, ^ ../openssl/test/cmsapitest.c:33:20: note: did you mean 'CMS_encrypt'? ../openssl/test/cmsapitest.c:29:15: note: 'CMS_encrypt' declared here content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); ^ ../openssl/test/cmsapitest.c:33:32: error: use of undeclared identifier 'content' if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, ^ ../openssl/test/cmsapitest.c:34:32: error: use of undeclared identifier 'CMS_TEXT' CMS_TEXT))) ^ ../openssl/test/cmsapitest.c:47:5: error: implicit declaration of function 'CMS_ContentInfo_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] CMS_ContentInfo_free(content); ^ ../openssl/test/cmsapitest.c:47:26: error: use of undeclared identifier 'content' CMS_ContentInfo_free(content); ^ 11 errors generated. Makefile:8165: recipe for target 'test/cmsapitest.o' failed make[1]: *** [test/cmsapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Thu May 10 06:53:33 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 May 2018 06:53:33 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-poly1305 Message-ID: <1525935213.419222.28670.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-poly1305 Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1337, 277 wallclock secs ( 2.97 usr 0.32 sys + 244.58 cusr 10.42 csys = 258.29 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-poly1305' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 10 09:34:07 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 May 2018 09:34:07 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1525944847.524997.25245.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1338, 544 wallclock secs ( 3.05 usr 0.32 sys + 494.90 cusr 24.36 csys = 522.63 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From appro at openssl.org Thu May 10 09:42:12 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 10 May 2018 09:42:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525945332.381766.15090.nullmailer@dev.openssl.org> The branch master has been updated via 41b77d54472b4aac709bd0699dc64d85ae529a94 (commit) from a01b9cd5a76ea45e083dbf2ca002ca44ce3f525f (commit) - Log ----------------------------------------------------------------- commit 41b77d54472b4aac709bd0699dc64d85ae529a94 Author: Andy Polyakov Date: Mon May 7 21:56:04 2018 +0200 .travis.yml: add pair of linux-ppc64le targets. One is clang --strict-warnings and one gcc sanitizer extended test. Sanitizer build is quite expensive, can take >30 mins and is commented for occasions when there is reason to believe that PPC-specific problem can be diagnosed with sanitizer. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6192) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.travis.yml b/.travis.yml index d5147f1..f23f156 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,6 +31,10 @@ env: matrix: include: + - os: linux-ppc64le + sudo: false + compiler: clang + env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES" - os: linux addons: apt: @@ -52,6 +56,12 @@ matrix: - gcc-mingw-w64 compiler: i686-w64-mingw32-gcc env: CONFIG_OPTS="no-stdio" BUILDONLY="yes" + # Uncomment if there is reason to believe that PPC-specific problem + # can be diagnosed with this possibly >30 mins sanitizer build... + #- os: linux-ppc64le + # sudo: false + # compiler: gcc + # env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-ubsan no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES" - os: linux addons: apt: From appro at openssl.org Thu May 10 09:44:36 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 10 May 2018 09:44:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1525945476.568196.16303.nullmailer@dev.openssl.org> The branch master has been updated via 13f6857db107b1b6f68daa7fc4a6dd1293428bb1 (commit) from 41b77d54472b4aac709bd0699dc64d85ae529a94 (commit) - Log ----------------------------------------------------------------- commit 13f6857db107b1b6f68daa7fc4a6dd1293428bb1 Author: Andy Polyakov Date: Wed May 9 12:24:05 2018 +0200 PPC assembly pack: add POWER9 results. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 1 + crypto/chacha/asm/chacha-ppc.pl | 1 + crypto/modes/asm/ghashp8-ppc.pl | 1 + crypto/poly1305/asm/poly1305-ppc.pl | 1 + crypto/poly1305/asm/poly1305-ppcfp.pl | 1 + crypto/poly1305/poly1305_ieee754.c | 1 + crypto/sha/asm/keccak1600-ppc64.pl | 1 + crypto/sha/asm/keccak1600p8-ppc.pl | 2 +- crypto/sha/asm/sha512p8-ppc.pl | 6 +++--- 9 files changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index 7463df6..e1be23a 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -40,6 +40,7 @@ # CBC en-/decrypt CTR XTS # POWER8[le] 3.96/0.72 0.74 1.1 # POWER8[be] 3.75/0.65 0.66 1.0 +# POWER9[le] 3.05/0.65 0.65 0.80 $flavour = shift; diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl index f972ee4..af2f037 100755 --- a/crypto/chacha/asm/chacha-ppc.pl +++ b/crypto/chacha/asm/chacha-ppc.pl @@ -27,6 +27,7 @@ # PPC970/G5 9.29/+160% 4.60 # POWER7 8.62/+61% 4.27 # POWER8 8.70/+51% 3.96 +# POWER9 6.61/+29% 3.67 $flavour = shift; diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl index 45c6438..a1d5789 100755 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ b/crypto/modes/asm/ghashp8-ppc.pl @@ -30,6 +30,7 @@ # 2x aggregated reduction improves performance by 50% (resulting # performance on POWER8 is 1 cycle per processed byte), and 4x # aggregated reduction - by 170% or 2.7x (resulting in 0.55 cpb). +# POWER9 delivers 0.40 cpb. $flavour=shift; $output =shift; diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index ab65910..8e105d7 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -28,6 +28,7 @@ # PPC970 7.00/+114% 3.51/+205% # POWER7 3.75/+260% 1.93/+100% # POWER8 - 2.03/+200% +# POWER9 - 1.56/+150% # # Do we need floating-point implementation for PPC? Results presented # in poly1305_ieee754.c are tricky to compare to, because they are for diff --git a/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/poly1305/asm/poly1305-ppcfp.pl index 49f70a8..fc62baa 100755 --- a/crypto/poly1305/asm/poly1305-ppcfp.pl +++ b/crypto/poly1305/asm/poly1305-ppcfp.pl @@ -26,6 +26,7 @@ # PPC970 6.03/+80% # POWER7 3.50/+30% # POWER8 3.75/+10% +# POWER9 2.80/+12% $flavour = shift; diff --git a/crypto/poly1305/poly1305_ieee754.c b/crypto/poly1305/poly1305_ieee754.c index 995a02e..1a06e03 100644 --- a/crypto/poly1305/poly1305_ieee754.c +++ b/crypto/poly1305/poly1305_ieee754.c @@ -38,6 +38,7 @@ * POWER6 4.92 * POWER7 4.50 * POWER8 4.10 + * POWER9 3.14 * * z10 11.2 * z196+ 7.30 diff --git a/crypto/sha/asm/keccak1600-ppc64.pl b/crypto/sha/asm/keccak1600-ppc64.pl index f89f71c..60ed2f2 100755 --- a/crypto/sha/asm/keccak1600-ppc64.pl +++ b/crypto/sha/asm/keccak1600-ppc64.pl @@ -30,6 +30,7 @@ # PPC970/G5 14.6/+120% # POWER7 10.3/+100% # POWER8 11.5/+85% +# POWER9 7.2/+45% # # (*) Corresponds to SHA3-256. Percentage after slash is improvement # over gcc-4.x-generated KECCAK_1X_ALT code. Newer compilers do diff --git a/crypto/sha/asm/keccak1600p8-ppc.pl b/crypto/sha/asm/keccak1600p8-ppc.pl index feec688..95e6242 100755 --- a/crypto/sha/asm/keccak1600p8-ppc.pl +++ b/crypto/sha/asm/keccak1600p8-ppc.pl @@ -23,7 +23,7 @@ # buffer for r=1088, which matches SHA3-256. This is 17% better than # scalar PPC64 code. It probably should be noted that if POWER8's # successor can achieve higher scalar instruction issue rate, then -# this module will loose... +# this module will loose... And it does on POWER9 with 8.8 vs. 7.2. $flavour = shift; diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl index 93dfef2..e6e9467 100755 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/sha/asm/sha512p8-ppc.pl @@ -36,9 +36,9 @@ # little-endian system]. Numbers in square brackets are for 64-bit # build of sha512-ppc.pl, presented for reference. # -# POWER8 -# SHA256 9.9 [15.8] -# SHA512 6.3 [10.3] +# POWER8 POWER9 +# SHA256 9.9 [15.8] 9.2 [9.3] +# SHA512 6.3 [10.3] 5.8 [5.9] $flavour=shift; $output =shift; From openssl at openssl.org Thu May 10 10:57:09 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 May 2018 10:57:09 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1525949829.951873.423.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1262, 221 wallclock secs ( 1.65 usr 0.33 sys + 195.60 cusr 9.50 csys = 207.08 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 10 11:35:27 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 May 2018 11:35:27 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1525952127.339867.26299.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1262, 221 wallclock secs ( 1.66 usr 0.33 sys + 194.51 cusr 9.68 csys = 206.18 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu May 10 23:45:49 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 May 2018 23:45:49 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-chacha Message-ID: <1525995949.054975.4387.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-chacha Commit log since last time: 13f6857 PPC assembly pack: add POWER9 results. 41b77d5 .travis.yml: add pair of linux-ppc64le targets. a01b9cd Fix no-cms 60155b9 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 From openssl at openssl.org Thu May 10 23:58:15 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 May 2018 23:58:15 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1525996695.249062.10880.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 13f6857 PPC assembly pack: add POWER9 results. 41b77d5 .travis.yml: add pair of linux-ppc64le targets. a01b9cd Fix no-cms 60155b9 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 From openssl at openssl.org Fri May 11 06:59:55 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 May 2018 06:59:55 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-poly1305 Message-ID: <1526021995.738182.420.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-poly1305 Commit log since last time: 13f6857 PPC assembly pack: add POWER9 results. 41b77d5 .travis.yml: add pair of linux-ppc64le targets. a01b9cd Fix no-cms 60155b9 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 From matt at openssl.org Fri May 11 09:30:03 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 11 May 2018 09:30:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526031003.433840.18245.nullmailer@dev.openssl.org> The branch master has been updated via c3114a7732f423ec42a86392e12c8c3783c53aae (commit) from 13f6857db107b1b6f68daa7fc4a6dd1293428bb1 (commit) - Log ----------------------------------------------------------------- commit c3114a7732f423ec42a86392e12c8c3783c53aae Author: Matt Caswell Date: Thu May 10 15:31:00 2018 +0100 Set the ossl_shim to auto retry if not running asynchronously In certain circumstances in the DTLS code we have to drop a record (e.g. if it is a stale retransmit). We then have to move on to try and read the next record. Some applications using blocking sockets (e.g. s_server/s_client will hang if there isn't actually any data to be read from the socket yet). Others can tolerate this. Therefore SSL_read()/SSL_write() can sometimes return SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE even when using blocking sockets. Applications can use the mode SSL_MODE_AUTO_RETRY, to switch this behaviour off so that we never return unless we have read the data we wanted to. Commit ad96225285 fixed a DTLS problem where we always retried even if SSL_MODE_AUTO_RETRY was not set. However that fix caused the Boring ossl_shim to fail in some tests because it was relying on the previous (buggy) behaviour. The ossl_shim should be set into SSL_MODE_AUTO_RETRY if it is not operating asynchronously to avoid this problem. [extended tests] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6216) ----------------------------------------------------------------------- Summary of changes: test/ossl_shim/ossl_shim.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 739d1bd..b1067e8 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -985,6 +985,10 @@ static bool DoExchange(bssl::UniquePtr *out_session, SSL_set_max_cert_list(ssl.get(), config->max_cert_list); } + if (!config->async) { + SSL_set_mode(ssl.get(), SSL_MODE_AUTO_RETRY); + } + int sock = Connect(config->port); if (sock == -1) { return false; From openssl at openssl.org Fri May 11 09:44:41 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 May 2018 09:44:41 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1526031881.529072.26914.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 13f6857 PPC assembly pack: add POWER9 results. 41b77d5 .travis.yml: add pair of linux-ppc64le targets. a01b9cd Fix no-cms 60155b9 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/80-test_dtls.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=147, Tests=1338, 589 wallclock secs ( 3.09 usr 0.34 sys + 539.96 cusr 24.38 csys = 567.77 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri May 11 11:11:09 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 May 2018 11:11:09 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1526037069.212996.11580.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 13f6857 PPC assembly pack: add POWER9 results. 41b77d5 .travis.yml: add pair of linux-ppc64le targets. a01b9cd Fix no-cms 60155b9 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 From openssl at openssl.org Fri May 11 11:50:22 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 11 May 2018 11:50:22 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1526039422.350076.32544.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 13f6857 PPC assembly pack: add POWER9 results. 41b77d5 .travis.yml: add pair of linux-ppc64le targets. a01b9cd Fix no-cms 60155b9 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 From kurt at openssl.org Fri May 11 12:38:14 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Fri, 11 May 2018 12:38:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526042294.567885.17885.nullmailer@dev.openssl.org> The branch master has been updated via 3cb7c5cfef25463bd197b0c12ca7966f525ebf73 (commit) via d4a8ba77a4004b40890c4a9700ba959fd26af170 (commit) from c3114a7732f423ec42a86392e12c8c3783c53aae (commit) - Log ----------------------------------------------------------------- commit 3cb7c5cfef25463bd197b0c12ca7966f525ebf73 Author: Kurt Roeckx Date: Wed May 9 17:09:50 2018 +0200 Use void in all function definitions that do not take any arguments Reviewed-by: Rich Salz GH: #6208 commit d4a8ba77a4004b40890c4a9700ba959fd26af170 Author: Kurt Roeckx Date: Wed May 9 18:32:02 2018 +0200 rsaz_avx2_eligible doesn't take parameters Reviewed-by: Rich Salz GH: #6208 ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 2 +- apps/openssl.c | 6 +++--- crypto/bio/bio_meth.c | 2 +- crypto/bn/rsaz_exp.h | 2 +- crypto/conf/conf_def.c | 4 ++-- crypto/ct/ct_log.c | 2 +- crypto/engine/tb_cipher.c | 2 +- crypto/engine/tb_dh.c | 2 +- crypto/engine/tb_digest.c | 2 +- crypto/engine/tb_dsa.c | 2 +- crypto/engine/tb_eckey.c | 2 +- crypto/engine/tb_pkmeth.c | 2 +- crypto/engine/tb_rand.c | 2 +- crypto/engine/tb_rsa.c | 2 +- crypto/mem_sec.c | 8 ++++---- crypto/poly1305/poly1305.c | 2 +- crypto/rand/drbg_lib.c | 2 +- crypto/rand/rand_lib.c | 2 +- crypto/store/store_init.c | 2 +- crypto/ts/ts_rsp_sign.c | 2 +- crypto/x509/x509_lu.c | 2 +- ssl/pqueue.c | 2 +- test/asynciotest.c | 2 +- test/asynctest.c | 10 +++++----- test/cipherlist_test.c | 2 +- test/drbgtest.c | 2 +- test/dtls_mtu_test.c | 2 +- test/dtlsv1listentest.c | 2 +- test/evp_test.c | 2 +- test/exdatatest.c | 2 +- test/generate_buildtest.pl | 2 +- test/handshake_helper.c | 2 +- test/mdc2_internal_test.c | 2 +- test/modes_internal_test.c | 4 ++-- test/pkey_meth_kdf_test.c | 2 +- test/pkey_meth_test.c | 2 +- test/rdrand_sanitytest.c | 11 ++++++----- test/ssl_cert_table_internal_test.c | 2 +- test/ssl_test_ctx.c | 2 +- test/sslcorrupttest.c | 2 +- test/ssltest_old.c | 8 ++++---- test/time_offset_test.c | 2 +- test/tls13ccstest.c | 2 +- test/tls13secretstest.c | 2 +- test/v3nametest.c | 2 +- test/x509_internal_test.c | 2 +- test/x509_time_test.c | 2 +- 47 files changed, 66 insertions(+), 65 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index b35ea56..d5a6aea 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2486,7 +2486,7 @@ BIO *dup_bio_err(int format) return b; } -void destroy_prefix_method() +void destroy_prefix_method(void) { BIO_meth_free(prefix_method); prefix_method = NULL; diff --git a/apps/openssl.c b/apps/openssl.c index 8224ae3..a872e2c 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -74,7 +74,7 @@ static void calculate_columns(DISPLAY_COLUMNS *dc) dc->columns = (80 - 1) / dc->width; } -static int apps_startup() +static int apps_startup(void) { #ifdef SIGPIPE signal(SIGPIPE, SIG_IGN); @@ -90,13 +90,13 @@ static int apps_startup() return 1; } -static void apps_shutdown() +static void apps_shutdown(void) { destroy_ui_method(); destroy_prefix_method(); } -static char *make_config_name() +static char *make_config_name(void) { const char *t; size_t len; diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c index 21df94a..493ff63 100644 --- a/crypto/bio/bio_meth.c +++ b/crypto/bio/bio_meth.c @@ -19,7 +19,7 @@ DEFINE_RUN_ONCE_STATIC(do_bio_type_init) return bio_type_lock != NULL; } -int BIO_get_new_index() +int BIO_get_new_index(void) { static CRYPTO_REF_COUNT bio_count = BIO_TYPE_START; int newval; diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h index 1c5e618..488b136 100644 --- a/crypto/bn/rsaz_exp.h +++ b/crypto/bn/rsaz_exp.h @@ -28,7 +28,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], const BN_ULONG exponent[16], const BN_ULONG m_norm[16], const BN_ULONG RR[16], BN_ULONG k0); -int rsaz_avx2_eligible(); +int rsaz_avx2_eligible(void); void RSAZ_512_mod_exp(BN_ULONG result[8], const BN_ULONG base_norm[8], const BN_ULONG exponent[8], diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index aa9f2fa..7340a91 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -85,12 +85,12 @@ static CONF_METHOD WIN32_method = { def_load }; -CONF_METHOD *NCONF_default() +CONF_METHOD *NCONF_default(void) { return &default_method; } -CONF_METHOD *NCONF_WIN32() +CONF_METHOD *NCONF_WIN32(void) { return &WIN32_method; } diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c index d442322..4e5c109 100644 --- a/crypto/ct/ct_log.c +++ b/crypto/ct/ct_log.c @@ -54,7 +54,7 @@ static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(); */ static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx); -static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new() +static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void) { CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c index ac49141..45d754f 100644 --- a/crypto/engine/tb_cipher.c +++ b/crypto/engine/tb_cipher.c @@ -34,7 +34,7 @@ int ENGINE_register_ciphers(ENGINE *e) return 1; } -void ENGINE_register_all_ciphers() +void ENGINE_register_all_ciphers(void) { ENGINE *e; diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c index c6440df..427a3f0 100644 --- a/crypto/engine/tb_dh.c +++ b/crypto/engine/tb_dh.c @@ -31,7 +31,7 @@ int ENGINE_register_DH(ENGINE *e) return 1; } -void ENGINE_register_all_DH() +void ENGINE_register_all_DH(void) { ENGINE *e; diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c index 194b9c7..019adcf 100644 --- a/crypto/engine/tb_digest.c +++ b/crypto/engine/tb_digest.c @@ -34,7 +34,7 @@ int ENGINE_register_digests(ENGINE *e) return 1; } -void ENGINE_register_all_digests() +void ENGINE_register_all_digests(void) { ENGINE *e; diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c index fdb80cd..90d5476 100644 --- a/crypto/engine/tb_dsa.c +++ b/crypto/engine/tb_dsa.c @@ -31,7 +31,7 @@ int ENGINE_register_DSA(ENGINE *e) return 1; } -void ENGINE_register_all_DSA() +void ENGINE_register_all_DSA(void) { ENGINE *e; diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c index 75750b2..713fdc5 100644 --- a/crypto/engine/tb_eckey.c +++ b/crypto/engine/tb_eckey.c @@ -31,7 +31,7 @@ int ENGINE_register_EC(ENGINE *e) return 1; } -void ENGINE_register_all_EC() +void ENGINE_register_all_EC(void) { ENGINE *e; diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c index 2e82d85..e6c7ad2 100644 --- a/crypto/engine/tb_pkmeth.c +++ b/crypto/engine/tb_pkmeth.c @@ -35,7 +35,7 @@ int ENGINE_register_pkey_meths(ENGINE *e) return 1; } -void ENGINE_register_all_pkey_meths() +void ENGINE_register_all_pkey_meths(void) { ENGINE *e; diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c index 225e7c8..759d2f7 100644 --- a/crypto/engine/tb_rand.c +++ b/crypto/engine/tb_rand.c @@ -31,7 +31,7 @@ int ENGINE_register_RAND(ENGINE *e) return 1; } -void ENGINE_register_all_RAND() +void ENGINE_register_all_RAND(void) { ENGINE *e; diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c index e2cc680..5c523d6 100644 --- a/crypto/engine/tb_rsa.c +++ b/crypto/engine/tb_rsa.c @@ -31,7 +31,7 @@ int ENGINE_register_RSA(ENGINE *e) return 1; } -void ENGINE_register_all_RSA() +void ENGINE_register_all_RSA(void) { ENGINE *e; diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 1c13270..959c637 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -92,7 +92,7 @@ int CRYPTO_secure_malloc_init(size_t size, int minsize) #endif /* IMPLEMENTED */ } -int CRYPTO_secure_malloc_done() +int CRYPTO_secure_malloc_done(void) { #ifdef IMPLEMENTED if (secure_mem_used == 0) { @@ -106,7 +106,7 @@ int CRYPTO_secure_malloc_done() return 0; } -int CRYPTO_secure_malloc_initialized() +int CRYPTO_secure_malloc_initialized(void) { #ifdef IMPLEMENTED return secure_mem_initialized; @@ -209,7 +209,7 @@ int CRYPTO_secure_allocated(const void *ptr) #endif /* IMPLEMENTED */ } -size_t CRYPTO_secure_used() +size_t CRYPTO_secure_used(void) { #ifdef IMPLEMENTED return secure_mem_used; @@ -500,7 +500,7 @@ static int sh_init(size_t size, int minsize) return 0; } -static void sh_done() +static void sh_done(void) { OPENSSL_free(sh.freelist); OPENSSL_free(sh.bittable); diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c index e3eb5da..1d18236 100644 --- a/crypto/poly1305/poly1305.c +++ b/crypto/poly1305/poly1305.c @@ -14,7 +14,7 @@ #include "internal/poly1305.h" #include "poly1305_local.h" -size_t Poly1305_ctx_size () +size_t Poly1305_ctx_size(void) { return sizeof(struct poly1305_context); } diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 60ddd2f..729b49c 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -921,7 +921,7 @@ void rand_drbg_cleanup_int(void) } } -void drbg_delete_thread_state() +void drbg_delete_thread_state(void) { RAND_DRBG *drbg; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 050c9d2..1a9a7d2 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -303,7 +303,7 @@ void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen) OPENSSL_secure_clear_free(out, outlen); } -void rand_fork() +void rand_fork(void) { rand_fork_count++; } diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c index 4b53108..4d0ff01 100644 --- a/crypto/store/store_init.c +++ b/crypto/store/store_init.c @@ -18,7 +18,7 @@ DEFINE_RUN_ONCE_STATIC(do_store_init) && ossl_store_file_loader_init(); } -int ossl_store_init_once() +int ossl_store_init_once(void) { if (!RUN_ONCE(&store_init, do_store_init)) { OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INIT_ONCE, ERR_R_MALLOC_FAILURE); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index ed45c00..1b2b84e 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -117,7 +117,7 @@ static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, /* TS_RESP_CTX management functions. */ -TS_RESP_CTX *TS_RESP_CTX_new() +TS_RESP_CTX *TS_RESP_CTX_new(void) { TS_RESP_CTX *ctx; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index fbeed01..639a3df 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -391,7 +391,7 @@ X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a) return a->type; } -X509_OBJECT *X509_OBJECT_new() +X509_OBJECT *X509_OBJECT_new(void) { X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); diff --git a/ssl/pqueue.c b/ssl/pqueue.c index 29804ec..548a7a4 100644 --- a/ssl/pqueue.c +++ b/ssl/pqueue.c @@ -35,7 +35,7 @@ void pitem_free(pitem *item) OPENSSL_free(item); } -pqueue *pqueue_new() +pqueue *pqueue_new(void) { pqueue *pq = OPENSSL_zalloc(sizeof(*pq)); diff --git a/test/asynciotest.c b/test/asynciotest.c index 54961b2..73e415f 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -42,7 +42,7 @@ struct async_ctrs { unsigned int wctr; }; -static const BIO_METHOD *bio_f_async_filter() +static const BIO_METHOD *bio_f_async_filter(void) { if (methods_async == NULL) { methods_async = BIO_meth_new(BIO_TYPE_ASYNC_FILTER, "Async filter"); diff --git a/test/asynctest.c b/test/asynctest.c index eef3c32..c2740e6 100644 --- a/test/asynctest.c +++ b/test/asynctest.c @@ -87,7 +87,7 @@ static int blockpause(void *args) return 1; } -static int test_ASYNC_init_thread() +static int test_ASYNC_init_thread(void) { ASYNC_JOB *job1 = NULL, *job2 = NULL, *job3 = NULL; int funcret1, funcret2, funcret3; @@ -123,7 +123,7 @@ static int test_ASYNC_init_thread() return 1; } -static int test_ASYNC_start_job() +static int test_ASYNC_start_job(void) { ASYNC_JOB *job = NULL; int funcret; @@ -151,7 +151,7 @@ static int test_ASYNC_start_job() return 1; } -static int test_ASYNC_get_current_job() +static int test_ASYNC_get_current_job(void) { ASYNC_JOB *job = NULL; int funcret; @@ -178,7 +178,7 @@ static int test_ASYNC_get_current_job() return 1; } -static int test_ASYNC_WAIT_CTX_get_all_fds() +static int test_ASYNC_WAIT_CTX_get_all_fds(void) { ASYNC_JOB *job = NULL; int funcret; @@ -245,7 +245,7 @@ static int test_ASYNC_WAIT_CTX_get_all_fds() return 1; } -static int test_ASYNC_block_pause() +static int test_ASYNC_block_pause(void) { ASYNC_JOB *job = NULL; int funcret; diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index b224983..5023c1c 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -215,7 +215,7 @@ static int test_default_cipherlist_explicit(void) return result; } -int setup_tests() +int setup_tests(void) { ADD_TEST(test_default_cipherlist_implicit); ADD_TEST(test_default_cipherlist_explicit); diff --git a/test/drbgtest.c b/test/drbgtest.c index d69456b..c1887d6 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -554,7 +554,7 @@ static void reset_hook_ctx(HOOK_CTX *ctx) } /* Resets all drbg hook contexts */ -static void reset_drbg_hook_ctx() +static void reset_drbg_hook_ctx(void) { reset_hook_ctx(&master_ctx); reset_hook_ctx(&public_ctx); diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index dff65a7..8e385b0 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -189,7 +189,7 @@ static int run_mtu_tests(void) return ret; } -int setup_tests() +int setup_tests(void) { ADD_TEST(run_mtu_tests); return 1; diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c index 807bb6d..5331c3b 100644 --- a/test/dtlsv1listentest.c +++ b/test/dtlsv1listentest.c @@ -348,7 +348,7 @@ static int dtls_listen_test(int i) } #endif -int setup_tests() +int setup_tests(void) { #ifndef OPENSSL_NO_SOCK ADD_ALL_TESTS(dtls_listen_test, (int)OSSL_NELEM(testpackets)); diff --git a/test/evp_test.c b/test/evp_test.c index b36f25e..e2274d9 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2378,7 +2378,7 @@ static void free_key_list(KEY_LIST *lst) /* * Is the key type an unsupported algorithm? */ -static int key_unsupported() +static int key_unsupported(void) { long err = ERR_peek_error(); diff --git a/test/exdatatest.c b/test/exdatatest.c index 0ded7db..6e90752 100644 --- a/test/exdatatest.c +++ b/test/exdatatest.c @@ -127,7 +127,7 @@ typedef struct myobj_st { int st; } MYOBJ; -static MYOBJ *MYOBJ_new() +static MYOBJ *MYOBJ_new(void) { static int count = 0; MYOBJ *obj = OPENSSL_malloc(sizeof(*obj)); diff --git a/test/generate_buildtest.pl b/test/generate_buildtest.pl index 0a9d879..7d55362 100644 --- a/test/generate_buildtest.pl +++ b/test/generate_buildtest.pl @@ -27,7 +27,7 @@ print <<"_____"; # include #endif -int main() +int main(void) { return 0; } diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 9b781b0..fc5fcd6 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -22,7 +22,7 @@ #include "handshake_helper.h" #include "testutil.h" -HANDSHAKE_RESULT *HANDSHAKE_RESULT_new() +HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) { HANDSHAKE_RESULT *ret; diff --git a/test/mdc2_internal_test.c b/test/mdc2_internal_test.c index 64aa2dc..a5c4ebc 100644 --- a/test/mdc2_internal_test.c +++ b/test/mdc2_internal_test.c @@ -64,7 +64,7 @@ static int test_mdc2(int idx) return 1; } -int setup_tests() +int setup_tests(void) { ADD_ALL_TESTS(test_mdc2, OSSL_NELEM(tests)); return 1; diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c index 18c0977..e0f1adf 100644 --- a/test/modes_internal_test.c +++ b/test/modes_internal_test.c @@ -99,7 +99,7 @@ static const SIZED_DATA aes_cts128_vectors[] = { CTS128_TEST_VECTOR(64), }; -static AES_KEY *cts128_encrypt_key_schedule() +static AES_KEY *cts128_encrypt_key_schedule(void) { static int init_key = 1; static AES_KEY ks; @@ -111,7 +111,7 @@ static AES_KEY *cts128_encrypt_key_schedule() return &ks; } -static AES_KEY *cts128_decrypt_key_schedule() +static AES_KEY *cts128_decrypt_key_schedule(void) { static int init_key = 1; static AES_KEY ks; diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c index 5d4c468..98495b6 100644 --- a/test/pkey_meth_kdf_test.c +++ b/test/pkey_meth_kdf_test.c @@ -170,7 +170,7 @@ static int test_kdf_scrypt(void) } #endif -int setup_tests() +int setup_tests(void) { ADD_TEST(test_kdf_tls1_prf); ADD_TEST(test_kdf_hkdf); diff --git a/test/pkey_meth_test.c b/test/pkey_meth_test.c index 004bb30..0277013 100644 --- a/test/pkey_meth_test.c +++ b/test/pkey_meth_test.c @@ -75,7 +75,7 @@ static int test_pkey_meths(void) return good; } -int setup_tests() +int setup_tests(void) { ADD_TEST(test_asn1_meths); ADD_TEST(test_pkey_meths); diff --git a/test/rdrand_sanitytest.c b/test/rdrand_sanitytest.c index 1844d72..0e67b37 100644 --- a/test/rdrand_sanitytest.c +++ b/test/rdrand_sanitytest.c @@ -20,7 +20,7 @@ size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); -void OPENSSL_cpuid_setup(); +void OPENSSL_cpuid_setup(void); extern unsigned int OPENSSL_ia32cap_P[4]; @@ -81,12 +81,12 @@ end: return testresult; } -static int sanity_check_rdrand_bytes() +static int sanity_check_rdrand_bytes(void) { return sanity_check_bytes(OPENSSL_ia32_rdrand_bytes, 1000, 0, 10, 10); } -static int sanity_check_rdseed_bytes() +static int sanity_check_rdseed_bytes(void) { /*- * RDSEED may take many retries to succeed; note that this is effectively @@ -97,7 +97,8 @@ static int sanity_check_rdseed_bytes() return sanity_check_bytes(OPENSSL_ia32_rdseed_bytes, 1000, 1, 10000, 10); } -int setup_tests() { +int setup_tests(void) +{ OPENSSL_cpuid_setup(); int have_rdseed = (OPENSSL_ia32cap_P[2] & (1 << 18)) != 0; @@ -117,7 +118,7 @@ int setup_tests() { #else -int setup_tests() +int setup_tests(void) { return 1; } diff --git a/test/ssl_cert_table_internal_test.c b/test/ssl_cert_table_internal_test.c index 32ec4c8..2104e8c 100644 --- a/test/ssl_cert_table_internal_test.c +++ b/test/ssl_cert_table_internal_test.c @@ -76,7 +76,7 @@ static int test_ssl_cert_table(void) return 1; } -int setup_tests() +int setup_tests(void) { ADD_TEST(test_ssl_cert_table); return 1; diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 7676966..5b427e5 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -709,7 +709,7 @@ static const ssl_test_server_option ssl_test_server_options[] = { { "SessionTicketAppData", &parse_server_session_ticket_app_data }, }; -SSL_TEST_CTX *SSL_TEST_CTX_new() +SSL_TEST_CTX *SSL_TEST_CTX_new(void) { SSL_TEST_CTX *ret; diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index 30d3d3d..d06c8c7 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -137,7 +137,7 @@ static void bio_f_tls_corrupt_filter_free(void) */ static const char **cipher_list = NULL; -static int setup_cipher_list() +static int setup_cipher_list(void) { SSL_CTX *ctx = NULL; SSL *ssl = NULL; diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 34705c3..e974f6c 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -423,7 +423,7 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, return 1; } -static int verify_serverinfo() +static int verify_serverinfo(void) { if (serverinfo_sct != serverinfo_sct_seen) return -1; @@ -2836,7 +2836,7 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) * $ openssl dhparam -C -noout -dsaparam 1024 * (The third function has been renamed to avoid name conflicts.) */ -static DH *get_dh512() +static DH *get_dh512(void) { static unsigned char dh512_p[] = { 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, @@ -2870,7 +2870,7 @@ static DH *get_dh512() return dh; } -static DH *get_dh1024() +static DH *get_dh1024(void) { static unsigned char dh1024_p[] = { 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, @@ -2914,7 +2914,7 @@ static DH *get_dh1024() return dh; } -static DH *get_dh1024dsa() +static DH *get_dh1024dsa(void) { static unsigned char dh1024_p[] = { 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, diff --git a/test/time_offset_test.c b/test/time_offset_test.c index f3b20dd..8776559 100644 --- a/test/time_offset_test.c +++ b/test/time_offset_test.c @@ -106,7 +106,7 @@ static int test_offset(int idx) return 1; } -int setup_tests() +int setup_tests(void) { ADD_ALL_TESTS(test_offset, OSSL_NELEM(tests)); return 1; diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c index 25dc819..92e9d59 100644 --- a/test/tls13ccstest.c +++ b/test/tls13ccstest.c @@ -37,7 +37,7 @@ static int watchccs_puts(BIO *bp, const char *str); static BIO_METHOD *method_watchccs = NULL; -static const BIO_METHOD *bio_f_watchccs_filter() +static const BIO_METHOD *bio_f_watchccs_filter(void) { if (method_watchccs == NULL) { method_watchccs = BIO_meth_new(BIO_TYPE_WATCHCCS_FILTER, diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index 8b775b8..313ab56 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -399,7 +399,7 @@ static int test_handshake_secrets(void) return ret; } -int setup_tests() +int setup_tests(void) { ADD_TEST(test_handshake_secrets); return 1; diff --git a/test/v3nametest.c b/test/v3nametest.c index 08684ea..86f3829 100644 --- a/test/v3nametest.c +++ b/test/v3nametest.c @@ -251,7 +251,7 @@ static const struct set_name_fn name_fns[] = { {set_altname_email, "set rfc822Name", 0, 1}, }; -static X509 *make_cert() +static X509 *make_cert(void) { X509 *crt = NULL; diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c index 03bbcf2..9f351a4 100644 --- a/test/x509_internal_test.c +++ b/test/x509_internal_test.c @@ -57,7 +57,7 @@ static int test_standard_exts(void) return good; } -int setup_tests() +int setup_tests(void) { ADD_TEST(test_standard_exts); return 1; diff --git a/test/x509_time_test.c b/test/x509_time_test.c index 5983bdf..d672a9a 100644 --- a/test/x509_time_test.c +++ b/test/x509_time_test.c @@ -482,7 +482,7 @@ static int test_x509_time_print(int idx) return ret; } -int setup_tests() +int setup_tests(void) { ADD_TEST(test_x509_cmp_time_current); ADD_ALL_TESTS(test_x509_cmp_time, OSSL_NELEM(x509_cmp_tests)); From matt at openssl.org Fri May 11 12:51:40 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 11 May 2018 12:51:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526043100.372148.20761.nullmailer@dev.openssl.org> The branch master has been updated via 0d8da77908df1aa3186b00113aab1b338cba9b07 (commit) via 9e064bc1701599a15d0111a252b70fe45f2d2da8 (commit) via 48a03162db6d5c1b66fd18e2d92461716178d986 (commit) from 3cb7c5cfef25463bd197b0c12ca7966f525ebf73 (commit) - Log ----------------------------------------------------------------- commit 0d8da77908df1aa3186b00113aab1b338cba9b07 Author: Matt Caswell Date: Thu May 10 12:33:51 2018 +0100 Test an old style PSK callback with no cert will prefer SHA-256 If using an old style PSK callback and no certificate is configured for the server, we should prefer ciphersuites based on SHA-256, because that is the default hash for those callbacks as specified in the TLSv1.3 spec. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6215) commit 9e064bc1701599a15d0111a252b70fe45f2d2da8 Author: Matt Caswell Date: Thu May 10 12:01:06 2018 +0100 Provide documentation for the -psk_session option The s_client/s_server docs were missing documentation for this option. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6215) commit 48a03162db6d5c1b66fd18e2d92461716178d986 Author: Matt Caswell Date: Thu May 10 11:51:45 2018 +0100 Prefer SHA-256 ciphersuites if using old style PSKs If we have no certificate and we are using "old style" PSKs then we will always default to using SHA-256 for that PSK. However we may have selected a ciphersuite that is not based on SHA-256. Therefore if we see that there are no certificates and we have been configured for "old style" PSKs then we should prefer SHA-256 based ciphersuites during the selection process. Fixes #6197 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6215) ----------------------------------------------------------------------- Summary of changes: doc/man1/s_client.pod | 8 +++ doc/man1/s_server.pod | 6 ++ ssl/s3_lib.c | 33 ++++++++++- test/sslapitest.c | 156 ++++++++++++++++++++++++++++---------------------- test/ssltestlib.c | 15 +++-- 5 files changed, 142 insertions(+), 76 deletions(-) diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 5d33e1c..19a8139 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -71,6 +71,9 @@ B B [B<-crlf>] [B<-ign_eof>] [B<-no_ign_eof>] +[B<-psk_identity identity>] +[B<-psk key>] +[B<-psk_session file>] [B<-quiet>] [B<-ssl3>] [B<-tls1>] @@ -409,6 +412,11 @@ given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. This option must be provided in order to use a PSK cipher. +=item B<-psk_session file> + +Use the pem encoded SSL_SESSION data stored in B as the basis of a PSK. +Note that this will only work if TLSv1.3 is negotiated. + =item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> These options require or disable the use of the specified SSL or TLS protocols. diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 184ddc9..e577af8 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -157,6 +157,7 @@ B B [B<-psk_identity val>] [B<-psk_hint val>] [B<-psk val>] +[B<-psk_session file>] [B<-srpvfile infile>] [B<-srpuserseed val>] [B<-ssl3>] @@ -597,6 +598,11 @@ given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. This option must be provided in order to use a PSK cipher. +=item B<-psk_session file> + +Use the pem encoded SSL_SESSION data stored in B as the basis of a PSK. +Note that this will only work if TLSv1.3 is negotiated. + =item B<-listen> This option can only be used in conjunction with one of the DTLS options above. diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f797497..c5f2235 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4108,8 +4108,9 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, { const SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; - int i, ii, ok; + int i, ii, ok, prefer_sha256 = 0; unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0; + const EVP_MD *mdsha256 = EVP_sha256(); #ifndef OPENSSL_NO_CHACHA STACK_OF(SSL_CIPHER) *prio_chacha = NULL; #endif @@ -4190,7 +4191,24 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, allow = srvr; } - if (!SSL_IS_TLS13(s)) { + if (SSL_IS_TLS13(s)) { + int j; + + /* + * If we allow "old" style PSK callbacks, and we have no certificate (so + * we're not going to succeed without a PSK anyway), and we're in + * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the + * TLSv1.3 spec). Therefore we should prioritise ciphersuites using + * that. + */ + if (s->psk_server_callback != NULL) { + for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++); + if (j == SSL_PKEY_NUM) { + /* There are no certificates */ + prefer_sha256 = 1; + } + } + } else { tls1_set_cert_validity(s); ssl_set_masks(s); } @@ -4262,6 +4280,17 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, continue; } #endif + if (prefer_sha256) { + const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); + + if (ssl_md(tmp->algorithm2) == mdsha256) { + ret = tmp; + break; + } + if (ret == NULL) + ret = tmp; + continue; + } ret = sk_SSL_CIPHER_value(allow, ii); break; } diff --git a/test/sslapitest.c b/test/sslapitest.c index 0a3d515..bce15db 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -2781,6 +2781,13 @@ static int test_ciphersuite_change(void) return testresult; } +/* + * Test TLSv1.3 PSKs + * Test 0 = Test new style callbacks + * Test 1 = Test both new and old style callbacks + * Test 2 = Test old style callbacks + * Test 3 = Test old style callbacks with no certificate + */ static int test_tls13_psk(int idx) { SSL_CTX *sctx = NULL, *cctx = NULL; @@ -2796,15 +2803,21 @@ static int test_tls13_psk(int idx) if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), TLS1_VERSION, TLS_MAX_VERSION, - &sctx, &cctx, cert, privkey))) + &sctx, &cctx, idx == 3 ? NULL : cert, + idx == 3 ? NULL : privkey))) goto end; - /* - * We use a ciphersuite with SHA256 to ease testing old style PSK callbacks - * which will always default to SHA256 - */ - if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))) - goto end; + if (idx != 3) { + /* + * We use a ciphersuite with SHA256 to ease testing old style PSK + * callbacks which will always default to SHA256. This should not be + * necessary if we have no cert/priv key. In that case the server should + * prefer SHA256 automatically. + */ + if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_GCM_SHA256"))) + goto end; + } /* * Test 0: New style callbacks only @@ -2816,7 +2829,7 @@ static int test_tls13_psk(int idx) SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb); } #ifndef OPENSSL_NO_PSK - if (idx == 1 || idx == 2) { + if (idx >= 1) { SSL_CTX_set_psk_client_callback(cctx, psk_client_cb); SSL_CTX_set_psk_server_callback(sctx, psk_server_cb); } @@ -2827,36 +2840,41 @@ static int test_tls13_psk(int idx) psk_client_cb_cnt = 0; psk_server_cb_cnt = 0; - /* Check we can create a connection if callback decides not to send a PSK */ - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_false(SSL_session_reused(clientssl)) - || !TEST_false(SSL_session_reused(serverssl))) - goto end; - - if (idx == 0 || idx == 1) { - if (!TEST_true(use_session_cb_cnt == 1) - || !TEST_true(find_session_cb_cnt == 0) - /* - * If no old style callback then below should be 0 - * otherwise 1 - */ - || !TEST_true(psk_client_cb_cnt == idx) - || !TEST_true(psk_server_cb_cnt == 0)) - goto end; - } else { - if (!TEST_true(use_session_cb_cnt == 0) - || !TEST_true(find_session_cb_cnt == 0) - || !TEST_true(psk_client_cb_cnt == 1) - || !TEST_true(psk_server_cb_cnt == 0)) + if (idx != 3) { + /* + * Check we can create a connection if callback decides not to send a + * PSK + */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl))) goto end; - } - shutdown_ssl_connection(serverssl, clientssl); - serverssl = clientssl = NULL; - use_session_cb_cnt = psk_client_cb_cnt = 0; + if (idx == 0 || idx == 1) { + if (!TEST_true(use_session_cb_cnt == 1) + || !TEST_true(find_session_cb_cnt == 0) + /* + * If no old style callback then below should be 0 + * otherwise 1 + */ + || !TEST_true(psk_client_cb_cnt == idx) + || !TEST_true(psk_server_cb_cnt == 0)) + goto end; + } else { + if (!TEST_true(use_session_cb_cnt == 0) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 1) + || !TEST_true(psk_server_cb_cnt == 0)) + goto end; + } + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + use_session_cb_cnt = psk_client_cb_cnt = 0; + } if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) @@ -2937,39 +2955,41 @@ static int test_tls13_psk(int idx) use_session_cb_cnt = find_session_cb_cnt = 0; psk_client_cb_cnt = psk_server_cb_cnt = 0; - /* - * Check that if the server rejects the PSK we can still connect, but with - * a full handshake - */ - srvid = "Dummy Identity"; - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_false(SSL_session_reused(clientssl)) - || !TEST_false(SSL_session_reused(serverssl))) - goto end; - - if (idx == 0 || idx == 1) { - if (!TEST_true(use_session_cb_cnt == 1) - || !TEST_true(find_session_cb_cnt == 1) - || !TEST_true(psk_client_cb_cnt == 0) - /* - * If no old style callback then below should be 0 - * otherwise 1 - */ - || !TEST_true(psk_server_cb_cnt == idx)) - goto end; - } else { - if (!TEST_true(use_session_cb_cnt == 0) - || !TEST_true(find_session_cb_cnt == 0) - || !TEST_true(psk_client_cb_cnt == 1) - || !TEST_true(psk_server_cb_cnt == 1)) + if (idx != 3) { + /* + * Check that if the server rejects the PSK we can still connect, but with + * a full handshake + */ + srvid = "Dummy Identity"; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_false(SSL_session_reused(clientssl)) + || !TEST_false(SSL_session_reused(serverssl))) goto end; - } - shutdown_ssl_connection(serverssl, clientssl); - serverssl = clientssl = NULL; + if (idx == 0 || idx == 1) { + if (!TEST_true(use_session_cb_cnt == 1) + || !TEST_true(find_session_cb_cnt == 1) + || !TEST_true(psk_client_cb_cnt == 0) + /* + * If no old style callback then below should be 0 + * otherwise 1 + */ + || !TEST_true(psk_server_cb_cnt == idx)) + goto end; + } else { + if (!TEST_true(use_session_cb_cnt == 0) + || !TEST_true(find_session_cb_cnt == 0) + || !TEST_true(psk_client_cb_cnt == 1) + || !TEST_true(psk_server_cb_cnt == 1)) + goto end; + } + + shutdown_ssl_connection(serverssl, clientssl); + serverssl = clientssl = NULL; + } testresult = 1; end: @@ -4640,7 +4660,7 @@ int setup_tests(void) #ifdef OPENSSL_NO_PSK ADD_ALL_TESTS(test_tls13_psk, 1); #else - ADD_ALL_TESTS(test_tls13_psk, 3); + ADD_ALL_TESTS(test_tls13_psk, 4); #endif /* OPENSSL_NO_PSK */ ADD_ALL_TESTS(test_custom_exts, 5); ADD_TEST(test_stateless); diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 041ae26..c768963 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -594,12 +594,15 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, max_proto_version))))) goto err; - if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, - SSL_FILETYPE_PEM), 1) - || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, - SSL_FILETYPE_PEM), 1) - || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) - goto err; + if (certfile != NULL && privkeyfile != NULL) { + if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, + privkeyfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) + goto err; + } #ifndef OPENSSL_NO_DH SSL_CTX_set_dh_auto(serverctx, 1); From matt at openssl.org Fri May 11 12:57:49 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 11 May 2018 12:57:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526043469.175755.22701.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via c47d1d7130c8cd3f601fc9648c6a26eb666edb44 (commit) via eb49905e605241dd1369d54df264976f8ea7f823 (commit) via 960e7bfb32af0ff3586ae2b4953d1228fa43ea16 (commit) via 4771f23e28eb5d11460d72dc35c6ac2fd30f9093 (commit) from 2ddfe60be50bfeebd64e01b123fd7176e7226c87 (commit) - Log ----------------------------------------------------------------- commit c47d1d7130c8cd3f601fc9648c6a26eb666edb44 Author: Matt Caswell Date: Thu May 3 16:00:51 2018 +0100 Keep the DTLS timer running after the end of the handshake if appropriate During a full handshake the server is the last one to "speak". The timer should continue to run until we know that the client has received our last flight (e.g. because we receive some application data). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6196) commit eb49905e605241dd1369d54df264976f8ea7f823 Author: Matt Caswell Date: Thu May 3 16:00:05 2018 +0100 Only auto-retry for DTLS if configured to do so Otherwise we may end up in a hang when using blocking sockets Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6196) commit 960e7bfb32af0ff3586ae2b4953d1228fa43ea16 Author: Matt Caswell Date: Thu May 3 15:59:31 2018 +0100 Fix s_client and s_server so that they correctly handle the DTLS timer Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6196) commit 4771f23e28eb5d11460d72dc35c6ac2fd30f9093 Author: Matt Caswell Date: Thu May 3 12:07:47 2018 +0100 Don't fail on an out-of-order CCS in DTLS Fixes #4929 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6196) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 7 ++----- apps/s_server.c | 7 ++----- ssl/record/rec_layer_d1.c | 25 +++++++++++++++++++++++++ ssl/statem/statem.c | 4 +--- ssl/statem/statem_clnt.c | 15 +++++++++++++++ ssl/statem/statem_lib.c | 18 ++++++++++++++++++ ssl/statem/statem_srvr.c | 15 +++++++++++++++ 7 files changed, 78 insertions(+), 13 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 81669d0..3c0c73e 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2115,8 +2115,7 @@ int s_client_main(int argc, char **argv) FD_ZERO(&readfds); FD_ZERO(&writefds); - if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; @@ -2236,10 +2235,8 @@ int s_client_main(int argc, char **argv) } } - if ((SSL_version(con) == DTLS1_VERSION) - && DTLSv1_handle_timeout(con) > 0) { + if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); - } if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); diff --git a/apps/s_server.c b/apps/s_server.c index 96a74c4..e8aa323 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2155,18 +2155,15 @@ static int sv_body(int s, int stype, unsigned char *context) if ((i < 0) || (!i && !read_from_terminal)) continue; #else - if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; i = select(width, (void *)&readfds, NULL, NULL, timeoutp); - if ((SSL_version(con) == DTLS1_VERSION) - && DTLSv1_handle_timeout(con) > 0) { + if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); - } if (i <= 0) continue; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index c753a54..0eeed4f 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -444,6 +444,19 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, && SSL3_RECORD_get_length(rr) != 0) s->rlayer.alert_count = 0; + if (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE + && SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC + && !SSL_in_init(s) + && (s->d1->next_timeout.tv_sec != 0 + || s->d1->next_timeout.tv_usec != 0)) { + /* + * The timer is still running but we've received something that isn't + * handshake data - so the peer must have finished processing our + * last handshake flight. Stop the timer. + */ + dtls1_stop_timer(s); + } + /* we now have a packet which can be read and processed */ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, @@ -849,6 +862,18 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, dtls1_retransmit_buffered_messages(s); SSL3_RECORD_set_length(rr, 0); + if (!(s->mode & SSL_MODE_AUTO_RETRY)) { + if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { + /* no read-ahead left? */ + BIO *bio; + + s->rwstate = SSL_READING; + bio = SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return -1; + } + } goto start; } diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index b91ec0a..69bb40f 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -556,10 +556,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) * Validate that we are allowed to move to the new state and move * to that state if so */ - if (!transition(s, mt)) { - ossl_statem_set_error(s); + if (!transition(s, mt)) return SUB_STATE_ERROR; - } if (s->s3->tmp.message_size > max_message_size(s)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6fa3f1d..7ffc634 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -265,6 +265,21 @@ int ossl_statem_client_read_transition(SSL *s, int mt) err: /* No valid transition found */ + if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + BIO *rbio; + + /* + * CCS messages don't have a message sequence number so this is probably + * because of an out-of-order CCS. We'll just drop it. + */ + s->init_num = 0; + s->rwstate = SSL_READING; + rbio = SSL_get_rbio(s); + BIO_clear_retry_flags(rbio); + BIO_set_retry_read(rbio); + return 0; + } + ossl_statem_set_error(s); ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE); SSLerr(SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE); return 0; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c4d4f26..eba4c6f 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -299,6 +299,15 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst) s->ctx->stats.sess_accept_good++; s->handshake_func = ossl_statem_accept; + + if (SSL_IS_DTLS(s) && !s->hit) { + /* + * We are finishing after the client. We start the timer going + * in case there are any retransmits of our final flight + * required. + */ + dtls1_start_timer(s); + } } else { ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); if (s->hit) @@ -306,6 +315,15 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst) s->handshake_func = ossl_statem_connect; s->ctx->stats.sess_connect_good++; + + if (SSL_IS_DTLS(s) && s->hit) { + /* + * We are finishing after the server. We start the timer going + * in case there are any retransmits of our final flight + * required. + */ + dtls1_start_timer(s); + } } if (s->info_callback != NULL) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index f216db7..5591e1e 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -213,6 +213,21 @@ int ossl_statem_server_read_transition(SSL *s, int mt) } /* No valid transition found */ + if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + BIO *rbio; + + /* + * CCS messages don't have a message sequence number so this is probably + * because of an out-of-order CCS. We'll just drop it. + */ + s->init_num = 0; + s->rwstate = SSL_READING; + rbio = SSL_get_rbio(s); + BIO_clear_retry_flags(rbio); + BIO_set_retry_read(rbio); + return 0; + } + ossl_statem_set_error(s); ssl3_send_alert(s, SSL3_AL_FATAL, SSL3_AD_UNEXPECTED_MESSAGE); SSLerr(SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, SSL_R_UNEXPECTED_MESSAGE); return 0; From matt at openssl.org Fri May 11 13:30:21 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 11 May 2018 13:30:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526045421.532487.29246.nullmailer@dev.openssl.org> The branch master has been updated via e825109236f6795fbe24c0c6a489ef89ca05a906 (commit) via f478c8a7c0229feb9f446df68e9940e8782edd91 (commit) via 66fab92316c913c781b2a274900d9d1e6a206ed0 (commit) from 0d8da77908df1aa3186b00113aab1b338cba9b07 (commit) - Log ----------------------------------------------------------------- commit e825109236f6795fbe24c0c6a489ef89ca05a906 Author: Matt Caswell Date: Wed May 2 16:08:07 2018 +0100 Add some more SSL_pending() and SSL_has_pending() tests Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6159) commit f478c8a7c0229feb9f446df68e9940e8782edd91 Author: Matt Caswell Date: Wed May 2 16:08:27 2018 +0100 Don't set TCP_NODELAY on a UDP socket This was preventing DTLS connections from being made from the command line. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6159) commit 66fab92316c913c781b2a274900d9d1e6a206ed0 Author: Matt Caswell Date: Wed May 2 16:07:13 2018 +0100 Mark DTLS records as read when we have finished with them The TLS code marks records as read when its finished using a record. The DTLS code did not do that. However SSL_has_pending() relies on it. So we should make DTLS consistent. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6159) ----------------------------------------------------------------------- Summary of changes: apps/s_socket.c | 3 ++- ssl/record/rec_layer_d1.c | 27 +++++++++++++++++++++++---- ssl/record/ssl3_record.c | 13 ++++++++++++- test/sslapitest.c | 9 +++++++-- 4 files changed, 44 insertions(+), 8 deletions(-) diff --git a/apps/s_socket.c b/apps/s_socket.c index 69f0f4f..d16108c 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -146,7 +146,8 @@ int init_client(int *sock, const char *host, const char *port, } #endif - if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), BIO_SOCK_NODELAY)) { + if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), + type == SOCK_STREAM ? BIO_SOCK_NODELAY : 0)) { BIO_closesocket(*sock); *sock = INVALID_SOCKET; continue; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 37a2eb1..43e1f98 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -363,8 +363,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } - if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) - { + if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) { /* type == SSL3_RT_APPLICATION_DATA */ i = s->handshake_func(s); /* SSLfatal() already called if appropriate */ @@ -473,6 +472,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); goto start; } @@ -482,6 +482,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); s->rwstate = SSL_NOTHING; return 0; } @@ -508,8 +509,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len == 0) + if (len == 0) { + /* + * Mark a zero length record as read. This ensures multiple calls to + * SSL_read() with a zero length buffer will eventually cause + * SSL_pending() to report data as being available. + */ + if (SSL3_RECORD_get_length(rr) == 0) + SSL3_RECORD_set_read(rr); return 0; + } if (len > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); @@ -517,12 +526,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, n = len; memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); - if (!peek) { + if (peek) { + if (SSL3_RECORD_get_length(rr) == 0) + SSL3_RECORD_set_read(rr); + } else { SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_add_off(rr, n); if (SSL3_RECORD_get_length(rr) == 0) { s->rlayer.rstate = SSL_ST_READ_HEADER; SSL3_RECORD_set_off(rr, 0); + SSL3_RECORD_set_read(rr); } } #ifndef OPENSSL_NO_SCTP @@ -578,6 +591,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + SSL3_RECORD_set_read(rr); s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { @@ -615,6 +629,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; + SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); return 0; } else { @@ -630,6 +645,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * shutdown */ s->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); return 0; } @@ -639,6 +655,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * are still missing, so just drop it. */ SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); goto start; } @@ -656,6 +673,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) { SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); goto start; } @@ -677,6 +695,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { /* no read-ahead left? */ diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index c21a478..ae510b2 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1882,6 +1882,7 @@ int dtls1_get_record(SSL *s) p += 6; n2s(p, rr->length); + rr->read = 0; /* * Lets check the version. We tolerate alerts that don't have the exact @@ -1891,6 +1892,7 @@ int dtls1_get_record(SSL *s) if (version != s->version) { /* unexpected version, silently discard */ rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1899,6 +1901,7 @@ int dtls1_get_record(SSL *s) if ((version & 0xff00) != (s->version & 0xff00)) { /* wrong version, silently discard record */ rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1906,6 +1909,7 @@ int dtls1_get_record(SSL *s) if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { /* record too long, silently discard it */ rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1915,6 +1919,7 @@ int dtls1_get_record(SSL *s) && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { /* record too long, silently discard it */ rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1936,6 +1941,7 @@ int dtls1_get_record(SSL *s) return -1; } rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1966,6 +1972,7 @@ int dtls1_get_record(SSL *s) */ if (!dtls1_record_replay_check(s, bitmap)) { rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } @@ -1974,8 +1981,10 @@ int dtls1_get_record(SSL *s) #endif /* just read a 0 length packet */ - if (rr->length == 0) + if (rr->length == 0) { + rr->read = 1; goto again; + } /* * If this record is from the next epoch (either HM or ALERT), and a @@ -1992,6 +2001,7 @@ int dtls1_get_record(SSL *s) } } rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -2002,6 +2012,7 @@ int dtls1_get_record(SSL *s) return -1; } rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } diff --git a/test/sslapitest.c b/test/sslapitest.c index bce15db..26ef435 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4454,11 +4454,16 @@ static int test_ssl_pending(int tst) SSL_ERROR_NONE))) goto end; - if (!TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) + if (!TEST_int_eq(SSL_pending(clientssl), 0) + || !TEST_false(SSL_has_pending(clientssl)) + || !TEST_int_eq(SSL_pending(serverssl), 0) + || !TEST_false(SSL_has_pending(serverssl)) + || !TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) || !TEST_size_t_eq(written, sizeof(msg)) || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) || !TEST_size_t_eq(readbytes, sizeof(buf)) - || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes))) + || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes)) + || !TEST_true(SSL_has_pending(clientssl))) goto end; testresult = 1; From matt at openssl.org Fri May 11 14:05:08 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 11 May 2018 14:05:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526047508.420727.3606.nullmailer@dev.openssl.org> The branch master has been updated via 61fb59238dad6452a37ec14513fae617a4faef29 (commit) via c20e3b282c26205f39a89a23664245475d4d7cbc (commit) via d0191fe059fc73ff70af31de1fb99f2d2298242c (commit) via 2448bb8cf71b383d39433f8af891232c60392868 (commit) via c0638adeec58327f79d4bf549766f4cb094a1e2e (commit) via 5fe371570770e46f2d9e19e8b81c8bc0d47ec0d6 (commit) from e825109236f6795fbe24c0c6a489ef89ca05a906 (commit) - Log ----------------------------------------------------------------- commit 61fb59238dad6452a37ec14513fae617a4faef29 Author: Matt Caswell Date: Wed May 9 18:22:36 2018 +0100 Rework the decrypt ticket callback Don't call the decrypt ticket callback if we've already encountered a fatal error. Do call it if we have an empty ticket present. Change the return code to have 5 distinct returns codes and separate it from the input status value. Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6198) commit c20e3b282c26205f39a89a23664245475d4d7cbc Author: Matt Caswell Date: Wed May 9 10:45:46 2018 +0100 Fix mem leak in sslapi test The recent change in behaviour where you do not get a NewSessionTicket message sent if you established the connection using a PSK caused a mem leak to be triggered in sslapitest. It was actually a latent bug and we were just lucky we never hit it before. The problem is due to complexity with the way PSK sessions were set up in the early_data tests. PSK session reference counting was handled differently to normal session reference counting. This meant there were lots of special cases in the code where we don't free a session if it is a PSK. It makes things easier if we just handle PSK reference counts in the same way as other session reference counts, and then we can remove all of the special case code. Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6198) commit d0191fe059fc73ff70af31de1fb99f2d2298242c Author: Matt Caswell Date: Tue May 8 16:29:02 2018 +0100 Add a test for the ticket callbacks Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6198) commit 2448bb8cf71b383d39433f8af891232c60392868 Author: Matt Caswell Date: Tue May 8 16:28:44 2018 +0100 Document when a new session ticket gets created on resumption Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6198) commit c0638adeec58327f79d4bf549766f4cb094a1e2e Author: Matt Caswell Date: Tue May 8 14:50:17 2018 +0100 Fix ticket callbacks in TLSv1.3 The return value from the ticket_key callback was not properly handled in TLSv1.3, so that a ticket was *always* renewed even if the callback requested that it should not be. Also the ticket decrypt callback was not being called at all in TLSv1.3. Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6198) commit 5fe371570770e46f2d9e19e8b81c8bc0d47ec0d6 Author: Matt Caswell Date: Tue May 8 14:34:27 2018 +0100 Flush server side unauthenticated writes When a server call SSL_write_early_data() to write to an unauthenticated client the buffering BIO is still in place, so we should ensure we flush the write. Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6198) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_session_ticket_cb.pod | 127 +++++++++----- include/openssl/ssl.h | 21 ++- ssl/ssl_lib.c | 3 + ssl/ssl_locl.h | 4 +- ssl/ssl_sess.c | 7 +- ssl/statem/extensions_srvr.c | 17 +- ssl/statem/statem_lib.c | 1 + ssl/statem/statem_srvr.c | 11 +- ssl/t1_lib.c | 247 +++++++++++++++------------ test/handshake_helper.c | 22 ++- test/sslapitest.c | 263 +++++++++++++++++++++++++++-- 11 files changed, 537 insertions(+), 186 deletions(-) diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index c7b51dd..8f98c6f 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -16,7 +16,7 @@ SSL_CTX_decrypt_session_ticket_fn - manage session ticket application data typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, const unsigned char *keyname, size_t keyname_len, - SSL_TICKET_RETURN retv, + SSL_TICKET_STATUS status, void *arg); int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, SSL_CTX_generate_session_ticket_fn gen_cb, @@ -39,13 +39,13 @@ is the same as that given to SSL_CTX_set_session_ticket_cb(). The B callback is defined as type B. B is the application defined callback invoked after session ticket -decryption has been attempted and any session ticket application data is available. -The application can call SSL_SESSION_get_ticket_appdata() at this time to retrieve -the application data. The value of B is the same as that given to -SSL_CTX_set_session_ticket_cb(). The B argument is the result of the ticket -decryption. The B and B identify the key used to decrypt the -session ticket. The B callback is defined as type -B. +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the B argument contains +the session data. The B and B arguments identify the key +used to decrypt the session ticket. The B argument is the result of the +ticket decryption. See the L section below for further details. The value +of B is the same as that given to SSL_CTX_set_session_ticket_cb(). The +B callback is defined as type B. SSL_SESSION_set1_ticket_appdata() sets the application data specified by B and B into B which is then placed into any generated session @@ -66,67 +66,110 @@ application that a session ticket has just been decrypted. =head1 NOTES When the B callback is invoked, the SSL_SESSION B has not yet been -assigned to the SSL B. The B indicates the result of the ticket -decryption which can be modified by the callback before being returned. The -callback must check the B value before performing any action, as it's -called even if ticket decryption fails. +assigned to the SSL B. The B indicates the result of the ticket +decryption. The callback must check the B value before performing any +action, as it is called even if ticket decryption fails. The B and B arguments to B may be used to identify the key that was used to encrypt the session ticket. -When the B callback is invoked, the SSL_get_session() function can be -used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata(). +The B argument can be any of these values: -=head1 RETURN VALUES +=over 4 -The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and -SSL_SESSION_get0_ticket_appdata() functions return 1 on success and 0 on -failure. +=item SSL_TICKET_EMPTY -The B callback must return 1 to continue the connection. A return of 0 -will terminate the connection with an INTERNAL_ERROR alert. +Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket. -The B callback must return one of the following B -values. Under normal circumstances the B value is returned unmodified, -but the callback can change the behavior of the post-ticket decryption code -by returning something different. The B callback must check the B -value before performing any action. +=item SSL_TICKET_NO_DECRYPT - typedef int SSL_TICKET_RETURN; +The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client. -=over 4 +=item SSL_TICKET_SUCCESS -=item SSL_TICKET_FATAL_ERR_MALLOC +A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client. -Fatal error, malloc failure. +=item SSL_TICKET_SUCCESS_RENEW -=item SSL_TICKET_FATAL_ERR_OTHER +Same as B, but a new ticket should be sent to the client. -Fatal error, either from parsing or decrypting the ticket. +=back -=item SSL_TICKET_NONE +The return value can be any of these values: -No ticket present. +=over 4 -=item SSL_TICKET_EMPTY +=item SSL_TICKET_RETURN_ABORT -Empty ticket present. +The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution. -=item SSL_TICKET_NO_DECRYPT +=item SSL_TICKET_RETURN_IGNORE -The ticket couldn't be decrypted. +Do not use a ticket (if one was available). Do not send a renewed ticket to the +client. -=item SSL_TICKET_SUCCESS +=item SSL_TICKET_RETURN_IGNORE_RENEW -A ticket was successfully decrypted, any session ticket application data should -be available. +Do not use a ticket (if one was available). Send a renewed ticket to the client. -=item TICKET_SUCCESS_RENEW +If the callback does not wish to change the default ticket behaviour then it +should return this value if B is B or +B. -Same as B, but the ticket needs to be renewed. +=item SSL_TICKET_RETURN_USE + +Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if B has a value other than +B or B. + +If the callback does not wish to change the default ticket behaviour then it +should return this value if B is B. + +=item SSL_TICKET_RETURN_USE_RENEW + +Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if B has a value other than +B or B. + +If the callback does not wish to change the default ticket behaviour then it +should return this value if B is B. =back +If B has the value B or B then +no session data will be available and the callback must not use the B +argument. If B has the value B or +B then the application can call +SSL_SESSION_get0_ticket_appdata() using the session provided in the B +argument to retrieve the application data. + +When the B callback is invoked, the SSL_get_session() function can be +used to retrieve the SSL_SESSION for SSL_SESSION_set1_ticket_appdata(). + +By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore B will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +L). + +=head1 RETURN VALUES + +The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and +SSL_SESSION_get0_ticket_appdata() functions return 1 on success and 0 on +failure. + +The B callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an INTERNAL_ERROR alert. + +The B callback must return a value as described in L above. + =head1 SEE ALSO L, diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 4bd53fc..1f4f261 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2330,8 +2330,9 @@ __owur const struct openssl_ssl_test_functions *SSL_test_functions(void); __owur int SSL_free_buffers(SSL *ssl); __owur int SSL_alloc_buffers(SSL *ssl); -/* Return codes for tls_get_ticket_from_client() and tls_decrypt_ticket() */ -typedef int SSL_TICKET_RETURN; +/* Status codes passed to the decrypt session ticket callback. Some of these + * are for internal use only and are never passed to the callback. */ +typedef int SSL_TICKET_STATUS; /* Support for ticket appdata */ /* fatal error, malloc failure */ @@ -2349,11 +2350,25 @@ typedef int SSL_TICKET_RETURN; /* same as above but the ticket needs to be renewed */ # define SSL_TICKET_SUCCESS_RENEW 6 +/* Return codes for the decrypt session ticket callback */ +typedef int SSL_TICKET_RETURN; + +/* An error occurred */ +#define SSL_TICKET_RETURN_ABORT 0 +/* Do not use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE 1 +/* Do not use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_IGNORE_RENEW 2 +/* Use the ticket, do not send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE 3 +/* Use the ticket, send a renewed ticket to the client */ +#define SSL_TICKET_RETURN_USE_RENEW 4 + typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, const unsigned char *keyname, size_t keyname_length, - SSL_TICKET_RETURN retv, + SSL_TICKET_STATUS status, void *arg); int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, SSL_CTX_generate_session_ticket_fn gen_cb, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3aefa34..41574c4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2023,6 +2023,9 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) /* We are a server writing to an unauthenticated client */ s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING; ret = SSL_write_ex(s, buf, num, written); + /* The buffering BIO is still in place */ + if (ret) + (void)BIO_flush(s->wbio); s->early_data_state = early_data_state; return ret; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b32b23b..c066e14 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2473,9 +2473,9 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, __owur int tls1_set_server_sigalgs(SSL *s); -__owur SSL_TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, +__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, SSL_SESSION **ret); -__owur SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, +__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, size_t eticklen, const unsigned char *sess_id, size_t sesslen, SSL_SESSION **psess); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index f936cb6..541f82a 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -485,9 +485,14 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) SSL_SESSION *ret = NULL; int fatal = 0, discard; int try_session_cache = 0; - SSL_TICKET_RETURN r; + SSL_TICKET_STATUS r; if (SSL_IS_TLS13(s)) { + /* + * By default we will send a new ticket. This can be overridden in the + * ticket processing. + */ + s->ext.ticket_expected = 1; if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes, SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts, NULL, 0) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index adf63d8..ec4e1b8 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1030,6 +1030,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } + s->ext.ticket_expected = 0; for (id = 0; PACKET_remaining(&identities) != 0; id++) { PACKET identity; unsigned long ticket_agel; @@ -1127,9 +1128,17 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->ext.early_data_ok = 1; } else { uint32_t ticket_age = 0, now, agesec, agems; - int ret = tls_decrypt_ticket(s, PACKET_data(&identity), - PACKET_remaining(&identity), NULL, 0, - &sess); + int ret; + + ret = tls_decrypt_ticket(s, PACKET_data(&identity), + PACKET_remaining(&identity), NULL, 0, + &sess); + + if (ret == SSL_TICKET_EMPTY) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, + SSL_R_BAD_EXTENSION); + return 0; + } if (ret == SSL_TICKET_FATAL_ERR_MALLOC || ret == SSL_TICKET_FATAL_ERR_OTHER) { @@ -1137,7 +1146,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); return 0; } - if (ret == SSL_TICKET_NO_DECRYPT) + if (ret == SSL_TICKET_NONE || ret == SSL_TICKET_NO_DECRYPT) continue; /* Check for replay */ diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 74ad6e8..5db5c80 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1042,6 +1042,7 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) s->renegotiate = 0; s->new_session = 0; s->statem.cleanuphand = 0; + s->ext.ticket_expected = 0; ssl3_cleanup_key_block(s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 018daaa..22786be 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -486,9 +486,16 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) * and give the application the opportunity to delay sending the * session ticket? */ - if (s->post_handshake_auth == SSL_PHA_REQUESTED) - s->post_handshake_auth = SSL_PHA_EXT_RECEIVED; st->hand_state = TLS_ST_SW_SESSION_TICKET; + if (s->post_handshake_auth == SSL_PHA_REQUESTED) { + s->post_handshake_auth = SSL_PHA_EXT_RECEIVED; + } else if (!s->ext.ticket_expected) { + /* + * If we're not going to renew the ticket then we just finish the + * handshake at this point. + */ + st->hand_state = TLS_ST_OK; + } return WRITE_TRAN_CONTINUE; case TLS_ST_SR_KEY_UPDATE: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 6f4923d..b312a14 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1194,32 +1194,10 @@ int tls1_set_server_sigalgs(SSL *s) * hello: The parsed ClientHello data * ret: (output) on return, if a ticket was decrypted, then this is set to * point to the resulting session. - * - * If s->tls_session_secret_cb is set then we are expecting a pre-shared key - * ciphersuite, in which case we have no use for session tickets and one will - * never be decrypted, nor will s->ext.ticket_expected be set to 1. - * - * Returns: - * -1: fatal error, either from parsing or decrypting the ticket. - * 0: no ticket was found (or was ignored, based on settings). - * 1: a zero length extension was found, indicating that the client supports - * session tickets but doesn't currently have one to offer. - * 2: either s->tls_session_secret_cb was set, or a ticket was offered but - * couldn't be decrypted because of a non-fatal error. - * 3: a ticket was successfully decrypted and *ret was set. - * - * Side effects: - * Sets s->ext.ticket_expected to 1 if the server will have to issue - * a new session ticket to the client because the client indicated support - * (and s->tls_session_secret_cb is NULL) but the client either doesn't have - * a session ticket or we couldn't use the one it gave us, or if - * s->ctx->ext.ticket_key_cb asked to renew the client's ticket. - * Otherwise, s->ext.ticket_expected is set to 0. */ -SSL_TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, +SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, SSL_SESSION **ret) { - int retv; size_t size; RAW_EXTENSION *ticketext; @@ -1239,70 +1217,27 @@ SSL_TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, return SSL_TICKET_NONE; size = PACKET_remaining(&ticketext->data); - if (size == 0) { - /* - * The client will accept a ticket but doesn't currently have - * one. - */ - s->ext.ticket_expected = 1; - return SSL_TICKET_EMPTY; - } - if (s->ext.session_secret_cb) { - /* - * Indicate that the ticket couldn't be decrypted rather than - * generating the session from ticket now, trigger - * abbreviated handshake based on external mechanism to - * calculate the master secret later. - */ - return SSL_TICKET_NO_DECRYPT; - } - retv = tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size, + return tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size, hello->session_id, hello->session_id_len, ret); - - /* - * If set, the decrypt_ticket_cb() is always called regardless of the - * return from tls_decrypt_ticket(). The callback is responsible for - * checking |retv| before it performs any action - */ - if (s->session_ctx->decrypt_ticket_cb != NULL) { - size_t keyname_len = size; - - if (keyname_len > TLSEXT_KEYNAME_LENGTH) - keyname_len = TLSEXT_KEYNAME_LENGTH; - retv = s->session_ctx->decrypt_ticket_cb(s, *ret, - PACKET_data(&ticketext->data), - keyname_len, - retv, s->session_ctx->ticket_cb_data); - } - - switch (retv) { - case SSL_TICKET_NO_DECRYPT: - s->ext.ticket_expected = 1; - return SSL_TICKET_NO_DECRYPT; - - case SSL_TICKET_SUCCESS: - return SSL_TICKET_SUCCESS; - - case SSL_TICKET_SUCCESS_RENEW: - s->ext.ticket_expected = 1; - return SSL_TICKET_SUCCESS; - - case SSL_TICKET_EMPTY: - s->ext.ticket_expected = 1; - return SSL_TICKET_EMPTY; - - case SSL_TICKET_NONE: - return SSL_TICKET_NONE; - - default: - return SSL_TICKET_FATAL_ERR_OTHER; - } } /*- * tls_decrypt_ticket attempts to decrypt a session ticket. * + * If s->tls_session_secret_cb is set and we're not doing TLSv1.3 then we are + * expecting a pre-shared key ciphersuite, in which case we have no use for + * session tickets and one will never be decrypted, nor will + * s->ext.ticket_expected be set to 1. + * + * Side effects: + * Sets s->ext.ticket_expected to 1 if the server will have to issue + * a new session ticket to the client because the client indicated support + * (and s->tls_session_secret_cb is NULL) but the client either doesn't have + * a session ticket or we couldn't use the one it gave us, or if + * s->ctx->ext.ticket_key_cb asked to renew the client's ticket. + * Otherwise, s->ext.ticket_expected is set to 0. + * * etick: points to the body of the session ticket extension. * eticklen: the length of the session tickets extension. * sess_id: points at the session ID. @@ -1310,46 +1245,69 @@ SSL_TICKET_RETURN tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello, * psess: (output) on return, if a ticket was decrypted, then this is set to * point to the resulting session. */ -SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, +SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, size_t eticklen, const unsigned char *sess_id, size_t sesslen, SSL_SESSION **psess) { - SSL_SESSION *sess; + SSL_SESSION *sess = NULL; unsigned char *sdec; const unsigned char *p; int slen, renew_ticket = 0, declen; - SSL_TICKET_RETURN ret = SSL_TICKET_FATAL_ERR_OTHER; + SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER; size_t mlen; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; HMAC_CTX *hctx = NULL; EVP_CIPHER_CTX *ctx = NULL; SSL_CTX *tctx = s->session_ctx; + if (eticklen == 0) { + /* + * The client will accept a ticket but doesn't currently have + * one (TLSv1.2 and below), or treated as a fatal error in TLSv1.3 + */ + ret = SSL_TICKET_EMPTY; + goto end; + } + if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) { + /* + * Indicate that the ticket couldn't be decrypted rather than + * generating the session from ticket now, trigger + * abbreviated handshake based on external mechanism to + * calculate the master secret later. + */ + ret = SSL_TICKET_NO_DECRYPT; + goto end; + } + /* Need at least keyname + iv */ if (eticklen < TLSEXT_KEYNAME_LENGTH + EVP_MAX_IV_LENGTH) { ret = SSL_TICKET_NO_DECRYPT; - goto err; + goto end; } /* Initialize session ticket encryption and HMAC contexts */ hctx = HMAC_CTX_new(); - if (hctx == NULL) - return SSL_TICKET_FATAL_ERR_MALLOC; + if (hctx == NULL) { + ret = SSL_TICKET_FATAL_ERR_MALLOC; + goto end; + } ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) { ret = SSL_TICKET_FATAL_ERR_MALLOC; - goto err; + goto end; } if (tctx->ext.ticket_key_cb) { unsigned char *nctick = (unsigned char *)etick; int rv = tctx->ext.ticket_key_cb(s, nctick, nctick + TLSEXT_KEYNAME_LENGTH, ctx, hctx, 0); - if (rv < 0) - goto err; + if (rv < 0) { + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; + } if (rv == 0) { ret = SSL_TICKET_NO_DECRYPT; - goto err; + goto end; } if (rv == 2) renew_ticket = 1; @@ -1358,7 +1316,7 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, if (memcmp(etick, tctx->ext.tick_key_name, TLSEXT_KEYNAME_LENGTH) != 0) { ret = SSL_TICKET_NO_DECRYPT; - goto err; + goto end; } if (HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key, sizeof(tctx->ext.secure->tick_hmac_key), @@ -1366,8 +1324,11 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, tctx->ext.secure->tick_aes_key, etick + TLSEXT_KEYNAME_LENGTH) <= 0) { - goto err; + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; } + if (SSL_IS_TLS13(s)) + renew_ticket = 1; } /* * Attempt to process session ticket, first conduct sanity and integrity @@ -1375,24 +1336,27 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, */ mlen = HMAC_size(hctx); if (mlen == 0) { - goto err; + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; } + /* Sanity check ticket length: must exceed keyname + IV + HMAC */ if (eticklen <= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) { ret = SSL_TICKET_NO_DECRYPT; - goto err; + goto end; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ if (HMAC_Update(hctx, etick, eticklen) <= 0 || HMAC_Final(hctx, tick_hmac, NULL) <= 0) { - goto err; + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; } - HMAC_CTX_free(hctx); + if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { - EVP_CIPHER_CTX_free(ctx); - return SSL_TICKET_NO_DECRYPT; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ @@ -1401,18 +1365,16 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, sdec = OPENSSL_malloc(eticklen); if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { - EVP_CIPHER_CTX_free(ctx); OPENSSL_free(sdec); - return SSL_TICKET_FATAL_ERR_OTHER; + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; } if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) { - EVP_CIPHER_CTX_free(ctx); OPENSSL_free(sdec); - return SSL_TICKET_NO_DECRYPT; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } slen += declen; - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; p = sdec; sess = d2i_SSL_SESSION(NULL, &p, slen); @@ -1422,7 +1384,8 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Some additional consistency checks */ if (slen != 0) { SSL_SESSION_free(sess); - return SSL_TICKET_NO_DECRYPT; + ret = SSL_TICKET_NO_DECRYPT; + goto end; } /* * The session ID, if non-empty, is used by some clients to detect @@ -1434,20 +1397,84 @@ SSL_TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, memcpy(sess->session_id, sess_id, sesslen); sess->session_id_length = sesslen; } - *psess = sess; if (renew_ticket) - return SSL_TICKET_SUCCESS_RENEW; + ret = SSL_TICKET_SUCCESS_RENEW; else - return SSL_TICKET_SUCCESS; + ret = SSL_TICKET_SUCCESS; + goto end; } ERR_clear_error(); /* * For session parse failure, indicate that we need to send a new ticket. */ - return SSL_TICKET_NO_DECRYPT; - err: + ret = SSL_TICKET_NO_DECRYPT; + + end: EVP_CIPHER_CTX_free(ctx); HMAC_CTX_free(hctx); + + /* + * If set, the decrypt_ticket_cb() is called unless a fatal error was + * detected above. The callback is responsible for checking |ret| before it + * performs any action + */ + if (s->session_ctx->decrypt_ticket_cb != NULL + && (ret == SSL_TICKET_EMPTY + || ret == SSL_TICKET_NO_DECRYPT + || ret == SSL_TICKET_SUCCESS + || ret == SSL_TICKET_SUCCESS_RENEW)) { + size_t keyname_len = eticklen; + int retcb; + + if (keyname_len > TLSEXT_KEYNAME_LENGTH) + keyname_len = TLSEXT_KEYNAME_LENGTH; + retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len, + ret, + s->session_ctx->ticket_cb_data); + switch (retcb) { + case SSL_TICKET_RETURN_ABORT: + ret = SSL_TICKET_FATAL_ERR_OTHER; + break; + + case SSL_TICKET_RETURN_IGNORE: + ret = SSL_TICKET_NONE; + SSL_SESSION_free(sess); + sess = NULL; + break; + + case SSL_TICKET_RETURN_IGNORE_RENEW: + if (ret != SSL_TICKET_EMPTY && ret != SSL_TICKET_NO_DECRYPT) + ret = SSL_TICKET_NO_DECRYPT; + /* else the value of |ret| will already do the right thing */ + SSL_SESSION_free(sess); + sess = NULL; + break; + + case SSL_TICKET_RETURN_USE: + case SSL_TICKET_RETURN_USE_RENEW: + if (ret != SSL_TICKET_SUCCESS + && ret != SSL_TICKET_SUCCESS_RENEW) + ret = SSL_TICKET_FATAL_ERR_OTHER; + else if (retcb == SSL_TICKET_RETURN_USE) + ret = SSL_TICKET_SUCCESS; + else + ret = SSL_TICKET_SUCCESS_RENEW; + break; + + default: + ret = SSL_TICKET_FATAL_ERR_OTHER; + } + } + + switch (ret) { + case SSL_TICKET_NO_DECRYPT: + case SSL_TICKET_SUCCESS_RENEW: + case SSL_TICKET_EMPTY: + s->ext.ticket_expected = 1; + } + + *psess = sess; + return ret; } diff --git a/test/handshake_helper.c b/test/handshake_helper.c index fc5fcd6..b3d94bb 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -469,12 +469,24 @@ static int generate_session_ticket_cb(SSL *s, void *arg) return SSL_SESSION_set1_ticket_appdata(ss, app_data, strlen(app_data)); } -static SSL_TICKET_RETURN decrypt_session_ticket_cb(SSL *s, SSL_SESSION *ss, - const unsigned char *keyname, - size_t keyname_len, - SSL_TICKET_RETURN retv, void *arg) +static int decrypt_session_ticket_cb(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_len, + SSL_TICKET_STATUS status, + void *arg) { - return retv; + switch (status) { + case SSL_TICKET_EMPTY: + case SSL_TICKET_NO_DECRYPT: + return SSL_TICKET_RETURN_IGNORE_RENEW; + case SSL_TICKET_SUCCESS: + return SSL_TICKET_RETURN_USE; + case SSL_TICKET_SUCCESS_RENEW: + return SSL_TICKET_RETURN_USE_RENEW; + default: + break; + } + return SSL_TICKET_RETURN_ABORT; } /* diff --git a/test/sslapitest.c b/test/sslapitest.c index 26ef435..fc7288d 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "ssltestlib.h" #include "testutil.h" @@ -1768,8 +1769,15 @@ static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, } serverpsk = clientpsk; - if (sess != NULL) + if (sess != NULL) { + if (!TEST_true(SSL_SESSION_up_ref(clientpsk))) { + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + return 0; + } *sess = clientpsk; + } return 1; } @@ -1938,9 +1946,7 @@ static int test_early_data_read_write(int idx) || !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7))) goto end; - /* We keep the PSK session around if using PSK */ - if (idx != 2) - SSL_SESSION_free(sess); + SSL_SESSION_free(sess); sess = SSL_get1_session(clientssl); use_session_cb_cnt = 0; find_session_cb_cnt = 0; @@ -1990,8 +1996,7 @@ static int test_early_data_read_write(int idx) testresult = 1; end: - if (sess != clientpsk) - SSL_SESSION_free(sess); + SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; @@ -2042,8 +2047,7 @@ static int test_early_data_replay(int idx) testresult = 1; end: - if (sess != clientpsk) - SSL_SESSION_free(sess); + SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; @@ -2130,8 +2134,7 @@ static int early_data_skip_helper(int hrr, int idx) testresult = 1; end: - if (sess != clientpsk) - SSL_SESSION_free(clientpsk); + SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; SSL_SESSION_free(sess); @@ -2204,9 +2207,9 @@ static int test_early_data_not_sent(int idx) /* * Should block due to the NewSessionTicket arrival unless we're using - * read_ahead + * read_ahead, or PSKs */ - if (idx != 1) { + if (idx != 1 && idx != 2) { if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))) goto end; } @@ -2218,8 +2221,8 @@ static int test_early_data_not_sent(int idx) testresult = 1; end: - /* If using PSK then clientpsk and sess are the same */ SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; SSL_free(serverssl); @@ -2427,6 +2430,7 @@ static int test_early_data_psk(int idx) testresult = 1; end: + SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; @@ -2484,8 +2488,8 @@ static int test_early_data_not_expected(int idx) testresult = 1; end: - /* If using PSK then clientpsk and sess are the same */ SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; SSL_free(serverssl); @@ -2558,7 +2562,6 @@ static int test_early_data_tls1_2(int idx) testresult = 1; end: - /* If using PSK then clientpsk and sess are the same */ SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; @@ -3704,8 +3707,7 @@ static int test_export_key_mat_early(int idx) testresult = 1; end: - if (sess != clientpsk) - SSL_SESSION_free(sess); + SSL_SESSION_free(sess); SSL_SESSION_free(clientpsk); SSL_SESSION_free(serverpsk); clientpsk = serverpsk = NULL; @@ -4593,6 +4595,232 @@ static int test_ssl_get_shared_ciphers(int tst) return testresult; } +static const char *appdata = "Hello World"; +static int gen_tick_called, dec_tick_called, tick_key_cb_called; +static int tick_key_renew = 0; +static SSL_TICKET_RETURN tick_dec_ret = SSL_TICKET_RETURN_ABORT; + +static int gen_tick_cb(SSL *s, void *arg) +{ + gen_tick_called = 1; + + return SSL_SESSION_set1_ticket_appdata(SSL_get_session(s), appdata, + strlen(appdata)); +} + +static SSL_TICKET_RETURN dec_tick_cb(SSL *s, SSL_SESSION *ss, + const unsigned char *keyname, + size_t keyname_length, + SSL_TICKET_STATUS status, + void *arg) +{ + void *tickdata; + size_t tickdlen; + + dec_tick_called = 1; + + if (status == SSL_TICKET_EMPTY) + return SSL_TICKET_RETURN_IGNORE_RENEW; + + if (!TEST_true(status == SSL_TICKET_SUCCESS + || status == SSL_TICKET_SUCCESS_RENEW)) + return SSL_TICKET_RETURN_ABORT; + + if (!TEST_true(SSL_SESSION_get0_ticket_appdata(ss, &tickdata, + &tickdlen)) + || !TEST_size_t_eq(tickdlen, strlen(appdata)) + || !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0)) + return SSL_TICKET_RETURN_ABORT; + + if (tick_key_cb_called) { + /* Don't change what the ticket key callback wanted to do */ + switch (status) { + case SSL_TICKET_NO_DECRYPT: + return SSL_TICKET_RETURN_IGNORE_RENEW; + + case SSL_TICKET_SUCCESS: + return SSL_TICKET_RETURN_USE; + + case SSL_TICKET_SUCCESS_RENEW: + return SSL_TICKET_RETURN_USE_RENEW; + + default: + return SSL_TICKET_RETURN_ABORT; + } + } + return tick_dec_ret; + +} + +static int tick_key_cb(SSL *s, unsigned char key_name[16], + unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx, + HMAC_CTX *hctx, int enc) +{ + const unsigned char tick_aes_key[16] = "0123456789abcdef"; + const unsigned char tick_hmac_key[16] = "0123456789abcdef"; + + tick_key_cb_called = 1; + memset(iv, 0, AES_BLOCK_SIZE); + memset(key_name, 0, 16); + if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc) + || !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key), + EVP_sha256(), NULL)) + return -1; + + return tick_key_renew ? 2 : 1; +} + +/* + * Test the various ticket callbacks + * Test 0: TLSv1.2, no ticket key callback, no ticket, no renewal + * Test 1: TLSv1.3, no ticket key callback, no ticket, no renewal + * Test 2: TLSv1.2, no ticket key callback, no ticket, renewal + * Test 3: TLSv1.3, no ticket key callback, no ticket, renewal + * Test 4: TLSv1.2, no ticket key callback, ticket, no renewal + * Test 5: TLSv1.3, no ticket key callback, ticket, no renewal + * Test 6: TLSv1.2, no ticket key callback, ticket, renewal + * Test 7: TLSv1.3, no ticket key callback, ticket, renewal + * Test 8: TLSv1.2, ticket key callback, ticket, no renewal + * Test 9: TLSv1.3, ticket key callback, ticket, no renewal + * Test 10: TLSv1.2, ticket key callback, ticket, renewal + * Test 11: TLSv1.3, ticket key callback, ticket, renewal + */ +static int test_ticket_callbacks(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + SSL_SESSION *clntsess = NULL; + int testresult = 0; + +#ifdef OPENSSL_NO_TLS1_2 + if (tst % 2 == 0); + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_3 + if (tst % 2 == 1); + return 1; +#endif + + gen_tick_called = dec_tick_called = tick_key_cb_called = 0; + + /* Which tests the ticket key callback should request renewal for */ + if (tst == 10 || tst == 11) + tick_key_renew = 1; + else + tick_key_renew = 0; + + /* Which tests the decrypt ticket callback should request renewal for */ + switch (tst) { + case 0: + case 1: + tick_dec_ret = SSL_TICKET_RETURN_IGNORE; + break; + + case 2: + case 3: + tick_dec_ret = SSL_TICKET_RETURN_IGNORE_RENEW; + break; + + case 4: + case 5: + tick_dec_ret = SSL_TICKET_RETURN_USE; + break; + + case 6: + case 7: + tick_dec_ret = SSL_TICKET_RETURN_USE_RENEW; + break; + + default: + tick_dec_ret = SSL_TICKET_RETURN_ABORT; + } + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + ((tst % 2) == 0) ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + + /* + * We only want sessions to resume from tickets - not the session cache. So + * switch the cache off. + */ + if (!TEST_true(SSL_CTX_set_session_cache_mode(sctx, SSL_SESS_CACHE_OFF))) + goto end; + + if (!TEST_true(SSL_CTX_set_session_ticket_cb(sctx, gen_tick_cb, dec_tick_cb, + NULL))) + goto end; + + if (tst >= 8 + && !TEST_true(SSL_CTX_set_tlsext_ticket_key_cb(sctx, tick_key_cb))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* + * The decrypt ticket key callback in TLSv1.2 should be called even though + * we have no ticket yet, because it gets called with a status of + * SSL_TICKET_EMPTY (the client indicates support for tickets but does not + * actually send any ticket data). This does not happen in TLSv1.3 because + * it is not valid to send empty ticket data in TLSv1.3. + */ + if (!TEST_int_eq(gen_tick_called, 1) + || !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0)) + goto end; + + gen_tick_called = dec_tick_called = 0; + + clntsess = SSL_get1_session(clientssl); + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Now do a resumption */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL)) + || !TEST_true(SSL_set_session(clientssl, clntsess)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE + || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) { + if (!TEST_false(SSL_session_reused(clientssl))) + goto end; + } else { + if (!TEST_true(SSL_session_reused(clientssl))) + goto end; + } + + if (!TEST_int_eq(gen_tick_called, + (tick_key_renew + || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW + || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW) + ? 1 : 0) + || !TEST_int_eq(dec_tick_called, 1)) + goto end; + + testresult = 1; + + end: + SSL_SESSION_free(clntsess); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) @@ -4686,6 +4914,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_info_callback, 6); ADD_ALL_TESTS(test_ssl_pending, 2); ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); + ADD_ALL_TESTS(test_ticket_callbacks, 12); return 1; } From matthias.st.pierre at ncp-e.com Fri May 11 16:09:45 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 11 May 2018 16:09:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526054985.198961.23286.nullmailer@dev.openssl.org> The branch master has been updated via 34e4a964afacb48414e37a5b205ce9a349259e6b (commit) from 61fb59238dad6452a37ec14513fae617a4faef29 (commit) - Log ----------------------------------------------------------------- commit 34e4a964afacb48414e37a5b205ce9a349259e6b Author: Dr. Matthias St. Pierre Date: Fri May 11 16:54:43 2018 +0200 Fix typo: 'is an error occurred' in documentation Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6229) ----------------------------------------------------------------------- Summary of changes: doc/man3/CMS_get0_SignerInfos.pod | 2 +- doc/man3/CMS_get1_ReceiptRequest.pod | 2 +- doc/man3/OBJ_nid2obj.pod | 2 +- doc/man3/SMIME_read_PKCS7.pod | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/man3/CMS_get0_SignerInfos.pod b/doc/man3/CMS_get0_SignerInfos.pod index 7abe39f..18237dc 100644 --- a/doc/man3/CMS_get0_SignerInfos.pod +++ b/doc/man3/CMS_get0_SignerInfos.pod @@ -55,7 +55,7 @@ CMS_SignerInfo_set1_signer_cert(). Once all signer certificates have been set CMS_verify() can be used. -Although CMS_get0_SignerInfos() can return NULL is an error occur B if +Although CMS_get0_SignerInfos() can return NULL if an error occurs B if there are no signers this is not a problem in practice because the only error which can occur is if the B structure is not of type signedData due to application error. diff --git a/doc/man3/CMS_get1_ReceiptRequest.pod b/doc/man3/CMS_get1_ReceiptRequest.pod index 4f7f245..ba70480 100644 --- a/doc/man3/CMS_get1_ReceiptRequest.pod +++ b/doc/man3/CMS_get1_ReceiptRequest.pod @@ -54,7 +54,7 @@ CMS_verify(). CMS_ReceiptRequest_create0() returns a signed receipt request structure or NULL if an error occurred. -CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred. +CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred. CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and -1 if diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index 6c1aa13..6d85c11 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -54,7 +54,7 @@ constants. OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B to an ASN1_OBJECT structure, its long name and its short name respectively, -or B is an error occurred. +or B if an error occurred. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID for the object B, the long name or the short name respectively diff --git a/doc/man3/SMIME_read_PKCS7.pod b/doc/man3/SMIME_read_PKCS7.pod index 3eb8bbc..40973d3 100644 --- a/doc/man3/SMIME_read_PKCS7.pod +++ b/doc/man3/SMIME_read_PKCS7.pod @@ -57,7 +57,7 @@ streaming single pass option should be available. =head1 RETURN VALUES SMIME_read_PKCS7() returns a valid B structure or B -is an error occurred. The error can be obtained from ERR_get_error(3). +if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO From matthias.st.pierre at ncp-e.com Fri May 11 16:10:43 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 11 May 2018 16:10:43 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526055043.257552.24460.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via f47bf4dab8c7b7063fbedff63ec8fe8cf8c3b15c (commit) from c47d1d7130c8cd3f601fc9648c6a26eb666edb44 (commit) - Log ----------------------------------------------------------------- commit f47bf4dab8c7b7063fbedff63ec8fe8cf8c3b15c Author: Dr. Matthias St. Pierre Date: Fri May 11 16:58:44 2018 +0200 Fix typo 'is an error occurred' in documentation Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6230) ----------------------------------------------------------------------- Summary of changes: doc/crypto/CMS_get0_SignerInfos.pod | 2 +- doc/crypto/CMS_get1_ReceiptRequest.pod | 2 +- doc/crypto/OBJ_nid2obj.pod | 2 +- doc/crypto/SMIME_read_PKCS7.pod | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod index e5532c9..70232cd 100644 --- a/doc/crypto/CMS_get0_SignerInfos.pod +++ b/doc/crypto/CMS_get0_SignerInfos.pod @@ -54,7 +54,7 @@ CMS_SignerInfo_set1_signer_cert(). Once all signer certificates have been set CMS_verify() can be used. -Although CMS_get0_SignerInfos() can return NULL is an error occur B if +Although CMS_get0_SignerInfos() can return NULL if an error occurs B if there are no signers this is not a problem in practice because the only error which can occur is if the B structure is not of type signedData due to application error. diff --git a/doc/crypto/CMS_get1_ReceiptRequest.pod b/doc/crypto/CMS_get1_ReceiptRequest.pod index 79f5f42..9a49bf6 100644 --- a/doc/crypto/CMS_get1_ReceiptRequest.pod +++ b/doc/crypto/CMS_get1_ReceiptRequest.pod @@ -48,7 +48,7 @@ CMS_verify(). CMS_ReceiptRequest_create0() returns a signed receipt request structure or NULL if an error occurred. -CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred. +CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred. CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and -1 if diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod index 3ada667..82e5bcd 100644 --- a/doc/crypto/OBJ_nid2obj.pod +++ b/doc/crypto/OBJ_nid2obj.pod @@ -54,7 +54,7 @@ constants. OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B to an ASN1_OBJECT structure, its long name and its short name respectively, -or B is an error occurred. +or B if an error occurred. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID for the object B, the long name or the short name respectively diff --git a/doc/crypto/SMIME_read_PKCS7.pod b/doc/crypto/SMIME_read_PKCS7.pod index 3eb8bbc..40973d3 100644 --- a/doc/crypto/SMIME_read_PKCS7.pod +++ b/doc/crypto/SMIME_read_PKCS7.pod @@ -57,7 +57,7 @@ streaming single pass option should be available. =head1 RETURN VALUES SMIME_read_PKCS7() returns a valid B structure or B -is an error occurred. The error can be obtained from ERR_get_error(3). +if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO From matthias.st.pierre at ncp-e.com Fri May 11 16:11:24 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 11 May 2018 16:11:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526055084.044711.25538.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0602a140aa22c7b695fcef4f5ae614dd612c3b7d (commit) from 7b6cfcd6dd99a86ecc3a1c51eef539494e191754 (commit) - Log ----------------------------------------------------------------- commit 0602a140aa22c7b695fcef4f5ae614dd612c3b7d Author: Dr. Matthias St. Pierre Date: Fri May 11 16:58:44 2018 +0200 Fix typo 'is an error occurred' in documentation Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6231) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BIO_s_fd.pod | 2 +- doc/crypto/CMS_get0_SignerInfos.pod | 2 +- doc/crypto/CMS_get1_ReceiptRequest.pod | 2 +- doc/crypto/OBJ_nid2obj.pod | 2 +- doc/crypto/SMIME_read_PKCS7.pod | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/crypto/BIO_s_fd.pod b/doc/crypto/BIO_s_fd.pod index b1de1d1..2830134 100644 --- a/doc/crypto/BIO_s_fd.pod +++ b/doc/crypto/BIO_s_fd.pod @@ -60,7 +60,7 @@ BIO_s_fd() returns the file descriptor BIO method. BIO_reset() returns zero for success and -1 if an error occurred. BIO_seek() and BIO_tell() return the current file position or -1 -is an error occurred. These values reflect the underlying lseek() +if an error occurred. These values reflect the underlying lseek() behaviour. BIO_set_fd() always returns 1. diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod index b46c0e0..69fde81 100644 --- a/doc/crypto/CMS_get0_SignerInfos.pod +++ b/doc/crypto/CMS_get0_SignerInfos.pod @@ -51,7 +51,7 @@ CMS_SignerInfo_set1_signer_cert(). Once all signer certificates have been set CMS_verify() can be used. -Although CMS_get0_SignerInfos() can return NULL is an error occur B if +Although CMS_get0_SignerInfos() can return NULL if an error occurs B if there are no signers this is not a problem in practice because the only error which can occur is if the B structure is not of type signedData due to application error. diff --git a/doc/crypto/CMS_get1_ReceiptRequest.pod b/doc/crypto/CMS_get1_ReceiptRequest.pod index f546376..7a483ec 100644 --- a/doc/crypto/CMS_get1_ReceiptRequest.pod +++ b/doc/crypto/CMS_get1_ReceiptRequest.pod @@ -48,7 +48,7 @@ CMS_verify(). CMS_ReceiptRequest_create0() returns a signed receipt request structure or NULL if an error occurred. -CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred. +CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred. CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and -1 if diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod index b8d2896..c870bd4 100644 --- a/doc/crypto/OBJ_nid2obj.pod +++ b/doc/crypto/OBJ_nid2obj.pod @@ -42,7 +42,7 @@ constants. OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B to an ASN1_OBJECT structure, its long name and its short name respectively, -or B is an error occurred. +or B if an error occurred. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID for the object B, the long name or the short name respectively diff --git a/doc/crypto/SMIME_read_PKCS7.pod b/doc/crypto/SMIME_read_PKCS7.pod index 9d46715..7cdca1e 100644 --- a/doc/crypto/SMIME_read_PKCS7.pod +++ b/doc/crypto/SMIME_read_PKCS7.pod @@ -57,7 +57,7 @@ streaming single pass option should be available. =head1 RETURN VALUES SMIME_read_PKCS7() returns a valid B structure or B -is an error occurred. The error can be obtained from ERR_get_error(3). +if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO From no-reply at appveyor.com Fri May 11 18:51:08 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 11 May 2018 18:51:08 +0000 Subject: [openssl-commits] Build failed: openssl master.17950 Message-ID: <20180511185108.1.EE5B282AAB45C64E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 12 06:43:05 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 12 May 2018 06:43:05 +0000 Subject: [openssl-commits] Build completed: openssl master.17951 Message-ID: <20180512064305.1.A238385B1A3A9109@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Sat May 12 08:19:56 2018 From: levitte at openssl.org (Richard Levitte) Date: Sat, 12 May 2018 08:19:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526113196.647800.19672.nullmailer@dev.openssl.org> The branch master has been updated via c82c3462267afdbbaa53e11da0508ce4e03c02b3 (commit) from 34e4a964afacb48414e37a5b205ce9a349259e6b (commit) - Log ----------------------------------------------------------------- commit c82c3462267afdbbaa53e11da0508ce4e03c02b3 Author: Richard Levitte Date: Fri May 4 14:19:44 2018 +0200 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length Fixes #4716 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6173) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++++ crypto/pem/pem_lib.c | 2 +- crypto/pem/pem_pk8.c | 2 +- crypto/pem/pem_pkey.c | 2 +- crypto/pem/pvkfmt.c | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index e8b92cc..c67a9c6 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + *) Apply blinding to binary field modular inversion and remove patent pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation. [Billy Bob Brumley] diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 5000f26..7c82561 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -430,7 +430,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else keylen = callback(buf, PEM_BUFSIZE, 0, u); - if (keylen <= 0) { + if (keylen < 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return 0; } diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index e2c0f3d..ebc7fad 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -124,7 +124,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 8730a78..aa032d2 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -60,7 +60,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 72ae5ab..281c6cd 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -686,7 +686,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = cb(psbuf, PEM_BUFSIZE, 0, u); else inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen <= 0) { + if (inlen < 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); goto err; } From levitte at openssl.org Sat May 12 08:22:40 2018 From: levitte at openssl.org (Richard Levitte) Date: Sat, 12 May 2018 08:22:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526113360.151545.21104.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 36d2517a97f6020049116492b4d5491d177e629c (commit) from f47bf4dab8c7b7063fbedff63ec8fe8cf8c3b15c (commit) - Log ----------------------------------------------------------------- commit 36d2517a97f6020049116492b4d5491d177e629c Author: Richard Levitte Date: Fri May 4 14:19:44 2018 +0200 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length Fixes #4716 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6173) (cherry picked from commit c82c3462267afdbbaa53e11da0508ce4e03c02b3) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++++ crypto/pem/pem_lib.c | 2 +- crypto/pem/pem_pk8.c | 2 +- crypto/pem/pem_pkey.c | 2 +- crypto/pem/pvkfmt.c | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index e8cd361..bfd0bcd 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + *) Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index fdf2b00..33c03ee 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -408,7 +408,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else keylen = callback(buf, PEM_BUFSIZE, 0, u); - if (keylen <= 0) { + if (keylen < 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return 0; } diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 5caad9f..5e57dc3 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -124,7 +124,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 671b374..2cce5be 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -59,7 +59,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index d0a4239..63ce925 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -685,7 +685,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = cb(psbuf, PEM_BUFSIZE, 0, u); else inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen <= 0) { + if (inlen < 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); goto err; } From levitte at openssl.org Sat May 12 08:25:38 2018 From: levitte at openssl.org (Richard Levitte) Date: Sat, 12 May 2018 08:25:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526113538.466083.22330.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 18026c0215e942f0ad33a6012cb8cad2f51f841b (commit) from 0602a140aa22c7b695fcef4f5ae614dd612c3b7d (commit) - Log ----------------------------------------------------------------- commit 18026c0215e942f0ad33a6012cb8cad2f51f841b Author: Richard Levitte Date: Fri May 4 14:19:44 2018 +0200 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length Fixes #4716 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6173) (cherry picked from commit c82c3462267afdbbaa53e11da0508ce4e03c02b3) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++++ crypto/pem/pem_lib.c | 2 +- crypto/pem/pem_pk8.c | 2 +- crypto/pem/pem_pkey.c | 2 +- crypto/pem/pvkfmt.c | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 25b453e..f17fbbf 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + *) Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 119cb4a..eb59050 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -447,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else klen = callback(buf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return (0); } diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index daf210f..ae18d26 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index e8b3a1b..a189cd2 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 1ce5a1e..659b463 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = cb(psbuf, PEM_BUFSIZE, 0, u); else inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen <= 0) { + if (inlen < 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); goto err; } From matt at openssl.org Sat May 12 09:03:42 2018 From: matt at openssl.org (Matt Caswell) Date: Sat, 12 May 2018 09:03:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526115822.396599.26863.nullmailer@dev.openssl.org> The branch master has been updated via a925e7dbf4c3bb01365c961df86da3ebfa1a6c27 (commit) from c82c3462267afdbbaa53e11da0508ce4e03c02b3 (commit) - Log ----------------------------------------------------------------- commit a925e7dbf4c3bb01365c961df86da3ebfa1a6c27 Author: Matt Caswell Date: Fri May 11 10:28:47 2018 +0100 Don't memcpy the contents of an empty fragment In DTLS if we have buffered a fragment for a zero length message (e.g. ServerHelloDone) then, when we unbuffered the fragment, we were attempting to memcpy the contents of the fragment which is zero length and a NULL pointer. This is undefined behaviour. We should check first whether we have a zero length fragment. Fixes a travis issue. [extended tests] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6223) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_dtls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 75ff525..b016fa7 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -504,7 +504,7 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len) /* Calls SSLfatal() as required */ ret = dtls1_preprocess_fragment(s, &frag->msg_header); - if (ret) { + if (ret && frag->msg_header.frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, From matt at openssl.org Sat May 12 09:09:18 2018 From: matt at openssl.org (Matt Caswell) Date: Sat, 12 May 2018 09:09:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526116158.694672.28195.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 1b261954028925c1e2c329928938dacacf0bb6c0 (commit) from 36d2517a97f6020049116492b4d5491d177e629c (commit) - Log ----------------------------------------------------------------- commit 1b261954028925c1e2c329928938dacacf0bb6c0 Author: Matt Caswell Date: Fri May 11 10:28:47 2018 +0100 Don't memcpy the contents of an empty fragment In DTLS if we have buffered a fragment for a zero length message (e.g. ServerHelloDone) then, when we unbuffered the fragment, we were attempting to memcpy the contents of the fragment which is zero length and a NULL pointer. This is undefined behaviour. We should check first whether we have a zero length fragment. Fixes a travis issue. [extended tests] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6224) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_dtls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 6b80620..5b34425 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -493,7 +493,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, int *ok) al = dtls1_preprocess_fragment(s, &frag->msg_header); - if (al == 0) { /* no alert */ + /* al will be 0 if no alert */ + if (al == 0 && frag->msg_header.frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, From matt at openssl.org Sat May 12 09:13:47 2018 From: matt at openssl.org (Matt Caswell) Date: Sat, 12 May 2018 09:13:47 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526116427.268383.29406.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f54b665e29a0ed8df2ea322a1f9e1b8057f13894 (commit) from 18026c0215e942f0ad33a6012cb8cad2f51f841b (commit) - Log ----------------------------------------------------------------- commit f54b665e29a0ed8df2ea322a1f9e1b8057f13894 Author: Matt Caswell Date: Fri May 11 10:28:47 2018 +0100 Don't memcpy the contents of an empty fragment In DTLS if we have buffered a fragment for a zero length message (e.g. ServerHelloDone) then, when we unbuffered the fragment, we were attempting to memcpy the contents of the fragment which is zero length and a NULL pointer. This is undefined behaviour. We should check first whether we have a zero length fragment. Fixes a travis issue. [extended tests] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6225) ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index e6bc761..8cf52fa 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -656,7 +656,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) al = dtls1_preprocess_fragment(s, &frag->msg_header, max); - if (al == 0) { /* no alert */ + /* al will be 0 if no alert */ + if (al == 0 && frag->msg_header.frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; memcpy(&p[frag->msg_header.frag_off], frag->fragment, From kurt at openssl.org Sat May 12 10:19:50 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 12 May 2018 10:19:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526120390.413717.5306.nullmailer@dev.openssl.org> The branch master has been updated via 5f96a95e2562f026557f625e50c052e77c7bc2e8 (commit) from a925e7dbf4c3bb01365c961df86da3ebfa1a6c27 (commit) - Log ----------------------------------------------------------------- commit 5f96a95e2562f026557f625e50c052e77c7bc2e8 Author: Kurt Roeckx Date: Sat May 12 12:08:14 2018 +0200 Set sess to NULL after freeing it. Found by OSS-fuzz Bug introduced in commit 61fb59238dad6452a37ec14513fae617a4faef29 Reviewed-by: Matt Caswell GH: #6235 ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b312a14..c076782 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1384,6 +1384,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Some additional consistency checks */ if (slen != 0) { SSL_SESSION_free(sess); + sess = NULL; ret = SSL_TICKET_NO_DECRYPT; goto end; } From appro at openssl.org Sat May 12 18:19:20 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 12 May 2018 18:19:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526149160.944651.19101.nullmailer@dev.openssl.org> The branch master has been updated via 1c534560dc905b6d399dbde242422f0cf5543286 (commit) via 5c6a69f539a5eb66a1afa4e2904d8a27e9b534c3 (commit) from 5f96a95e2562f026557f625e50c052e77c7bc2e8 (commit) - Log ----------------------------------------------------------------- commit 1c534560dc905b6d399dbde242422f0cf5543286 Author: FdaSilvaYY Date: Tue May 8 10:34:59 2018 +0200 apps/speed: Add brainpool curves support Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6133) commit 5c6a69f539a5eb66a1afa4e2904d8a27e9b534c3 Author: FdaSilvaYY Date: Mon Apr 30 01:13:58 2018 +0200 apps/speed: fix possible OOB access in some EC arrays because there are actually 18 curves defined, but only 16 are plugged for ecdsa test. Deduce array size using OSSL_NELEM and so remove various magic numbers, which required some declarations moving. Implement OPT_PAIR list search without a null-ending element. Fix some comparison between signed and unsigned integer expressions. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6133) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 286 +++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 162 insertions(+), 124 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index a9da7f3..c0a34ee 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -113,12 +113,6 @@ #endif #define MAX_MISALIGNMENT 63 - -#define ALGOR_NUM 31 -#define RSA_NUM 7 -#define DSA_NUM 3 - -#define EC_NUM 18 #define MAX_ECDH_SIZE 256 #define MISALIGN 64 @@ -135,33 +129,6 @@ static volatile int run = 0; static int mr = 0; static int usertime = 1; -typedef struct loopargs_st { - ASYNC_JOB *inprogress_job; - ASYNC_WAIT_CTX *wait_ctx; - unsigned char *buf; - unsigned char *buf2; - unsigned char *buf_malloc; - unsigned char *buf2_malloc; - unsigned char *key; - unsigned int siglen; -#ifndef OPENSSL_NO_RSA - RSA *rsa_key[RSA_NUM]; -#endif -#ifndef OPENSSL_NO_DSA - DSA *dsa_key[DSA_NUM]; -#endif -#ifndef OPENSSL_NO_EC - EC_KEY *ecdsa[EC_NUM]; - EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; - unsigned char *secret_a; - unsigned char *secret_b; - size_t outlen[EC_NUM]; -#endif - EVP_CIPHER_CTX *ctx; - HMAC_CTX *hctx; - GCM128_CONTEXT *gcm_ctx; -} loopargs_t; - #ifndef OPENSSL_NO_MD2 static int EVP_Digest_MD2_loop(void *args); #endif @@ -215,8 +182,6 @@ static int DSA_verify_loop(void *args); static int ECDSA_sign_loop(void *args); static int ECDSA_verify_loop(void *args); #endif -static int run_benchmark(int async_jobs, int (*loop_function) (void *), - loopargs_t * loopargs); static double Time_F(int s); static void print_message(const char *s, long num, int length, int tm); @@ -230,34 +195,8 @@ static int do_multi(int multi, int size_num); static const int lengths_list[] = { 16, 64, 256, 1024, 8 * 1024, 16 * 1024 }; -static int lengths_single = 0; - static const int *lengths = lengths_list; -static const char *names[ALGOR_NUM] = { - "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", - "des cbc", "des ede3", "idea cbc", "seed cbc", - "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", - "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", - "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", - "evp", "sha256", "sha512", "whirlpool", - "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", - "rand" -}; - -static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)]; - -#ifndef OPENSSL_NO_RSA -static double rsa_results[RSA_NUM][2]; -#endif -#ifndef OPENSSL_NO_DSA -static double dsa_results[DSA_NUM][2]; -#endif -#ifndef OPENSSL_NO_EC -static double ecdsa_results[EC_NUM][2]; -static double ecdh_results[EC_NUM][1]; -#endif - #ifdef SIGALRM # if defined(__STDC__) || defined(sgi) || defined(_AIX) # define SIGRETTYPE void @@ -334,12 +273,17 @@ static double Time_F(int s) } #endif -static void multiblock_speed(const EVP_CIPHER *evp_cipher, +static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, const openssl_speed_sec_t *seconds); -static int found(const char *name, const OPT_PAIR *pairs, int *result) +#define found(value, pairs, result)\ + opt_found(value, result, pairs, OSSL_NELEM(pairs)) +static int opt_found(const char *name, unsigned int *result, + const OPT_PAIR pairs[], unsigned int nbelem) { - for (; pairs->name; pairs++) + unsigned int idx; + + for (idx = 0; idx < nbelem; ++idx, pairs++) if (strcmp(name, pairs->name) == 0) { *result = pairs->retval; return 1; @@ -383,7 +327,7 @@ const OPTIONS speed_options[] = { "Run benchmarks for pnum seconds"}, {"bytes", OPT_BYTES, 'p', "Run cipher, digest and rand benchmarks on pnum bytes"}, - {NULL}, + {NULL} }; #define D_MD2 0 @@ -417,7 +361,21 @@ const OPTIONS speed_options[] = { #define D_IGE_256_AES 28 #define D_GHASH 29 #define D_RAND 30 -static OPT_PAIR doit_choices[] = { +/* name of algorithms to test */ +static const char *names[] = { + "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", + "des cbc", "des ede3", "idea cbc", "seed cbc", + "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", + "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", + "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", + "evp", "sha256", "sha512", "whirlpool", + "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", + "rand" +}; +#define ALGOR_NUM OSSL_NELEM(names) + +/* list of configured algorithm (remaining) */ +static const OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 {"md2", D_MD2}, #endif @@ -482,21 +440,24 @@ static OPT_PAIR doit_choices[] = { {"cast5", D_CBC_CAST}, #endif {"ghash", D_GHASH}, - {"rand", D_RAND}, - {NULL} + {"rand", D_RAND} }; +static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)]; + #ifndef OPENSSL_NO_DSA # define R_DSA_512 0 # define R_DSA_1024 1 # define R_DSA_2048 2 -static OPT_PAIR dsa_choices[] = { +static const OPT_PAIR dsa_choices[] = { {"dsa512", R_DSA_512}, {"dsa1024", R_DSA_1024}, - {"dsa2048", R_DSA_2048}, - {NULL}, + {"dsa2048", R_DSA_2048} }; -#endif +# define DSA_NUM OSSL_NELEM(dsa_choices) + +static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_DSA */ #define R_RSA_512 0 #define R_RSA_1024 1 @@ -505,16 +466,20 @@ static OPT_PAIR dsa_choices[] = { #define R_RSA_4096 4 #define R_RSA_7680 5 #define R_RSA_15360 6 -static OPT_PAIR rsa_choices[] = { +#ifndef OPENSSL_NO_RSA +static const OPT_PAIR rsa_choices[] = { {"rsa512", R_RSA_512}, {"rsa1024", R_RSA_1024}, {"rsa2048", R_RSA_2048}, {"rsa3072", R_RSA_3072}, {"rsa4096", R_RSA_4096}, {"rsa7680", R_RSA_7680}, - {"rsa15360", R_RSA_15360}, - {NULL} + {"rsa15360", R_RSA_15360} }; +# define RSA_NUM OSSL_NELEM(rsa_choices) + +static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_RSA */ #define R_EC_P160 0 #define R_EC_P192 1 @@ -532,8 +497,14 @@ static OPT_PAIR rsa_choices[] = { #define R_EC_B283 13 #define R_EC_B409 14 #define R_EC_B571 15 -#define R_EC_X25519 16 -#define R_EC_X448 17 +#define R_EC_BRP256R1 16 +#define R_EC_BRP256T1 17 +#define R_EC_BRP384R1 18 +#define R_EC_BRP384T1 19 +#define R_EC_BRP512R1 20 +#define R_EC_BRP512T1 21 +#define R_EC_X25519 22 +#define R_EC_X448 23 #ifndef OPENSSL_NO_EC static OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, @@ -552,10 +523,18 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, {"ecdsab571", R_EC_B571}, - {NULL} + {"ecdsabrp256r1", R_EC_BRP256R1}, + {"ecdsabrp256t1", R_EC_BRP256T1}, + {"ecdsabrp384r1", R_EC_BRP384R1}, + {"ecdsabrp384t1", R_EC_BRP384T1}, + {"ecdsabrp512r1", R_EC_BRP512R1}, + {"ecdsabrp512t1", R_EC_BRP512T1} }; +# define ECDSA_NUM OSSL_NELEM(ecdsa_choices) + +static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ -static OPT_PAIR ecdh_choices[] = { +static const OPT_PAIR ecdh_choices[] = { {"ecdhp160", R_EC_P160}, {"ecdhp192", R_EC_P192}, {"ecdhp224", R_EC_P224}, @@ -572,11 +551,19 @@ static OPT_PAIR ecdh_choices[] = { {"ecdhb283", R_EC_B283}, {"ecdhb409", R_EC_B409}, {"ecdhb571", R_EC_B571}, + {"ecdhbrp256r1", R_EC_BRP256R1}, + {"ecdhbrp256t1", R_EC_BRP256T1}, + {"ecdhbrp384r1", R_EC_BRP384R1}, + {"ecdhbrp384t1", R_EC_BRP384T1}, + {"ecdhbrp512r1", R_EC_BRP512R1}, + {"ecdhbrp512t1", R_EC_BRP512T1}, {"ecdhx25519", R_EC_X25519}, - {"ecdhx448", R_EC_X448}, - {NULL} + {"ecdhx448", R_EC_X448} }; -#endif +# define EC_NUM OSSL_NELEM(ecdh_choices) + +static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ +#endif /* OPENSSL_NO_EC */ #ifndef SIGALRM # define COND(d) (count < (d)) @@ -586,7 +573,36 @@ static OPT_PAIR ecdh_choices[] = { # define COUNT(d) (count) #endif /* SIGALRM */ -static int testnum; +typedef struct loopargs_st { + ASYNC_JOB *inprogress_job; + ASYNC_WAIT_CTX *wait_ctx; + unsigned char *buf; + unsigned char *buf2; + unsigned char *buf_malloc; + unsigned char *buf2_malloc; + unsigned char *key; + unsigned int siglen; +#ifndef OPENSSL_NO_RSA + RSA *rsa_key[RSA_NUM]; +#endif +#ifndef OPENSSL_NO_DSA + DSA *dsa_key[DSA_NUM]; +#endif +#ifndef OPENSSL_NO_EC + EC_KEY *ecdsa[ECDSA_NUM]; + EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; + unsigned char *secret_a; + unsigned char *secret_b; + size_t outlen[EC_NUM]; +#endif + EVP_CIPHER_CTX *ctx; + HMAC_CTX *hctx; + GCM128_CONTEXT *gcm_ctx; +} loopargs_t; +static int run_benchmark(int async_jobs, int (*loop_function) (void *), + loopargs_t * loopargs); + +static unsigned int testnum; /* Nb of iterations to do per algorithm and key-size */ static long c[ALGOR_NUM][OSSL_NELEM(lengths_list)]; @@ -1040,7 +1056,7 @@ static int DSA_verify_loop(void *args) #endif #ifndef OPENSSL_NO_EC -static long ecdsa_c[EC_NUM][2]; +static long ecdsa_c[ECDSA_NUM][2]; static int ECDSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -1258,31 +1274,28 @@ int speed_main(int argc, char **argv) ENGINE *e = NULL; int (*loopfunc)(void *args); loopargs_t *loopargs = NULL; - int async_init = 0; - int loopargs_len = 0; - char *prog; + const char *prog; const char *engine_id = NULL; const EVP_CIPHER *evp_cipher = NULL; double d = 0.0; OPTION_CHOICE o; - int multiblock = 0, pr_header = 0; + int async_init = 0, multiblock = 0, pr_header = 0; int doit[ALGOR_NUM] = { 0 }; - int ret = 1, i, k, misalign = 0; + int ret = 1, misalign = 0, lengths_single = 0; long count = 0; - int size_num = OSSL_NELEM(lengths_list); + unsigned int size_num = OSSL_NELEM(lengths_list); + unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0; int keylen; int buflen; #ifndef NO_FORK int multi = 0; #endif - unsigned int async_jobs = 0; #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \ || !defined(OPENSSL_NO_EC) long rsa_count = 1; #endif -#ifndef OPENSSL_NO_EC - size_t loop; -#endif + openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, + ECDSA_SECONDS, ECDH_SECONDS }; /* What follows are the buffers and key material. */ #ifndef OPENSSL_NO_RC5 @@ -1367,7 +1380,7 @@ int speed_main(int argc, char **argv) /* * We only test over the following curves as they are representative, To * add tests over more curves, simply add the curve NID and curve name to - * the following arrays and increase the EC_NUM value accordingly. + * the following arrays and increase the |ecdh_choices| list accordingly. */ static const struct { const char *name; @@ -1392,17 +1405,21 @@ int speed_main(int argc, char **argv) {"nistb283", NID_sect283r1, 283}, {"nistb409", NID_sect409r1, 409}, {"nistb571", NID_sect571r1, 571}, - /* Other */ + {"brainpoolP256r1", NID_brainpoolP256r1, 256}, + {"brainpoolP256t1", NID_brainpoolP256t1, 256}, + {"brainpoolP384r1", NID_brainpoolP384r1, 384}, + {"brainpoolP384t1", NID_brainpoolP384t1, 384}, + {"brainpoolP512r1", NID_brainpoolP512r1, 512}, + {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ {"X25519", NID_X25519, 253}, {"X448", NID_X448, 448} }; - int ecdsa_doit[EC_NUM] = { 0 }; + int ecdsa_doit[ECDSA_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; + OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM); #endif /* ndef OPENSSL_NO_EC */ - openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, - ECDSA_SECONDS, ECDH_SECONDS }; - prog = opt_init(argc, argv, speed_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { @@ -1457,9 +1474,7 @@ int speed_main(int argc, char **argv) goto opterr; } if (async_jobs > 99999) { - BIO_printf(bio_err, - "%s: too many async_jobs\n", - prog); + BIO_printf(bio_err, "%s: too many async_jobs\n", prog); goto opterr; } #endif @@ -1527,10 +1542,8 @@ int speed_main(int argc, char **argv) if (strcmp(*argv, "openssl") == 0) continue; if (strcmp(*argv, "rsa") == 0) { - rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = - rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = - rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = - rsa_doit[R_RSA_15360] = 1; + for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) + rsa_doit[loop] = 1; continue; } if (found(*argv, rsa_choices, &i)) { @@ -1561,8 +1574,8 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_EC if (strcmp(*argv, "ecdsa") == 0) { - for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) - ecdsa_doit[ecdsa_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; continue; } if (found(*argv, ecdsa_choices, &i)) { @@ -1570,8 +1583,8 @@ int speed_main(int argc, char **argv) continue; } if (strcmp(*argv, "ecdh") == 0) { - for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++) - ecdh_doit[ecdh_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; continue; } if (found(*argv, ecdh_choices, &i)) { @@ -1643,10 +1656,10 @@ int speed_main(int argc, char **argv) dsa_doit[i] = 1; #endif #ifndef OPENSSL_NO_EC - for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) - ecdsa_doit[ecdsa_choices[loop].retval] = 1; - for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++) - ecdh_doit[ecdh_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) @@ -1916,6 +1929,32 @@ int speed_main(int argc, char **argv) } } } + /* repeated code good to factorize */ + ecdh_c[R_EC_BRP256R1][0] = count / 1000; + for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) { + ecdh_c[i][0] = ecdh_c[i - 2][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; + else { + if (ecdh_c[i][0] == 0) { + ecdh_c[i][0] = 1; + } + } + } + ecdh_c[R_EC_BRP256T1][0] = count / 1000; + for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) { + ecdh_c[i][0] = ecdh_c[i - 2][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; + else { + if (ecdh_c[i][0] == 0) { + ecdh_c[i][0] = 1; + } + } + } + /* default iteration count for the last two EC Curves */ + ecdh_c[R_EC_X25519][0] = count / 1800; + ecdh_c[R_EC_X448][0] = count / 7200; # endif # else @@ -2393,7 +2432,7 @@ int speed_main(int argc, char **argv) BIO_printf(bio_err, "Async mode is not supported, exiting..."); exit(1); } - multiblock_speed(evp_cipher, &seconds); + multiblock_speed(evp_cipher, lengths_single, &seconds); ret = 0; goto end; } @@ -2616,8 +2655,7 @@ int speed_main(int argc, char **argv) #endif /* OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_EC - OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM); - for (testnum = 0; testnum < EC_NUM; testnum++) { + for (testnum = 0; testnum < ECDSA_NUM; testnum++) { int st = 1; if (!ecdsa_doit[testnum]) @@ -2857,7 +2895,7 @@ int speed_main(int argc, char **argv) if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ - for (testnum++; testnum < EC_NUM; testnum++) + for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++) ecdh_doit[testnum] = 0; } } @@ -2906,7 +2944,7 @@ int speed_main(int argc, char **argv) if (!doit[k]) continue; if (mr) - printf("+F:%d:%s", k, names[k]); + printf("+F:%u:%s", k, names[k]); else printf("%-13s", names[k]); for (testnum = 0; testnum < size_num; testnum++) { @@ -2955,7 +2993,7 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_EC testnum = 1; - for (k = 0; k < EC_NUM; k++) { + for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) { if (!ecdsa_doit[k]) continue; if (testnum && !mr) { @@ -3011,10 +3049,10 @@ int speed_main(int argc, char **argv) DSA_free(loopargs[i].dsa_key[k]); #endif #ifndef OPENSSL_NO_EC - for (k = 0; k < EC_NUM; k++) { + for (k = 0; k < ECDSA_NUM; k++) EC_KEY_free(loopargs[i].ecdsa[k]); + for (k = 0; k < EC_NUM; k++) EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); - } OPENSSL_free(loopargs[i].secret_a); OPENSSL_free(loopargs[i].secret_b); #endif @@ -3239,7 +3277,7 @@ static int do_multi(int multi, int size_num) } #endif -static void multiblock_speed(const EVP_CIPHER *evp_cipher, +static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, const openssl_speed_sec_t *seconds) { static const int mblengths_list[] = From no-reply at appveyor.com Sat May 12 23:16:07 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 12 May 2018 23:16:07 +0000 Subject: [openssl-commits] Build failed: openssl master.17964 Message-ID: <20180512231607.1.10A92562967DE37A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 12 23:45:54 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 12 May 2018 23:45:54 +0000 Subject: [openssl-commits] Build completed: openssl OpenSSL_1_1_0-stable.17965 Message-ID: <20180512234554.1.6AA9194C45E31EA7@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun May 13 07:31:24 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 13 May 2018 07:31:24 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5af7e9cc20bf7_3c412ab1dd750f58714b7@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3sk1pzKP4Fju0jJRTzbZ9OpExEEnelm3LjYN8lnWfKLNX4IGMRlO-2FJeb8geQ-2Fcm5hzE4AHgJVIs80jx-2F0It7-2FmQMFqTISuuaFLxn3qodsp5pQmu7hu3MHX5ZP7XgFgW7mo0qFmYsf8MwSnbEYoFQebVi5NFs3If9clgNjRmYhn1C2mbGIqU-2BVw-2BFl-2BjT6XBAw-3D Build ID: 210763 Analysis Summary: New defects found: 0 Defects eliminated: 1 From scan-admin at coverity.com Sun May 13 07:47:19 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 13 May 2018 07:47:19 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5af7ed8691d7d_473b2ab1dd750f587141c@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2f2VYHeha9M-2Box5kA59JLmb-2BZtXt09WkCsb0M-2BjBzpUv-2FN2csbZFzYsjLBjfXd-2BrZz2MyrDgxHf4FGUpNjxvJsHSF2gzqvniyyHLxIAfxbo-2F6o5q0O5OD4rtE2EBcPuoZs5vmq7twNjy7xCq-2Fyj37QZlHmXWUQDTEtbZYxQRxAObmHdiXPmG4MN4tzvUQt3DY-3D Build ID: 210768 Analysis Summary: New defects found: 0 Defects eliminated: 0 From no-reply at appveyor.com Sun May 13 19:53:25 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 13 May 2018 19:53:25 +0000 Subject: [openssl-commits] Build failed: openssl master.17976 Message-ID: <20180513195325.1.A8BC57F605A568E4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 13 20:14:21 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 13 May 2018 20:14:21 +0000 Subject: [openssl-commits] Build completed: openssl master.17977 Message-ID: <20180513201421.1.B60766AC11028844@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon May 14 01:06:34 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 14 May 2018 01:06:34 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1526259994.874402.17974.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/stack_test.d.tmp -MT test/stack_test.o -c -o test/stack_test.o ../openssl/test/stack_test.c ../openssl/test/sslapitest.c:4700:22: error: if statement has empty body [-Werror,-Wempty-body] if (tst % 2 == 1); ^ ../openssl/test/sslapitest.c:4700:22: note: put the semicolon on a separate line to silence this warning 1 error generated. Makefile:8718: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Mon May 14 02:32:08 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 14 May 2018 02:32:08 +0000 Subject: [openssl-commits] Build failed: openssl master.17980 Message-ID: <20180514023208.1.A64A92FBE19F9B68@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon May 14 02:58:22 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 14 May 2018 02:58:22 +0000 Subject: [openssl-commits] Build completed: openssl master.17981 Message-ID: <20180514025822.1.AF138012B61C74CA@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon May 14 06:55:41 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 06:55:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526280941.794069.30832.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via e22ce0d07496c53cd100c6d46a54d7a46c13bba9 (commit) from 1b261954028925c1e2c329928938dacacf0bb6c0 (commit) - Log ----------------------------------------------------------------- commit e22ce0d07496c53cd100c6d46a54d7a46c13bba9 Author: Pavel Kopyl Date: Fri Nov 3 18:18:59 2017 +0300 Fix memory leaks in CA related functions. (cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1) Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6237) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 5 ++++- apps/verify.c | 1 + crypto/conf/conf_api.c | 4 ++++ crypto/engine/eng_lib.c | 6 ++++-- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index eb093d0..fe9d29b 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -929,10 +929,13 @@ end_of_options: if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto end; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto end; } } diff --git a/apps/verify.c b/apps/verify.c index 0925ee6..9ca9f33 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { + X509_STORE_CTX_free(csc); printf("error %s: X.509 store context initialization failed\n", (file == NULL) ? "stdin" : file); goto end; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 5535416..afbaefb 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -205,10 +205,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); + if (lh_CONF_VALUE_error(conf->data) > 0) + goto err; return v; err: sk_CONF_VALUE_free(sk); + if (v != NULL) + OPENSSL_free(v->section); OPENSSL_free(v); return NULL; } diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 1b88d6f..7078876 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -144,8 +144,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) + OPENSSL_free(item); + } } /* The API function that performs all cleanup */ From openssl at openssl.org Mon May 14 06:56:45 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 14 May 2018 06:56:45 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-psk Message-ID: <1526281005.733713.24613.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-psk Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/t_req.d.tmp -MT crypto/x509/t_req.o -c -o crypto/x509/t_req.o ../openssl/crypto/x509/t_req.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/t_x509.d.tmp -MT crypto/x509/t_x509.o -c -o crypto/x509/t_x509.o ../openssl/crypto/x509/t_x509.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_att.d.tmp -MT crypto/x509/x509_att.o -c -o crypto/x509/x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_cmp.d.tmp -MT crypto/x509/x509_cmp.o -c -o crypto/x509/x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_d2.d.tmp -MT crypto/x509/x509_d2.o -c -o crypto/x509/x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_def.d.tmp -MT crypto/x509/x509_def.o -c -o crypto/x509/x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_err.d.tmp -MT crypto/x509/x509_err.o -c -o crypto/x509/x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_ext.d.tmp -MT crypto/x509/x509_ext.o -c -o crypto/x509/x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_lu.d.tmp -MT crypto/x509/x509_lu.o -c -o crypto/x509/x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_obj.d.tmp -MT crypto/x509/x509_obj.o -c -o crypto/x509/x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_r2x.d.tmp -MT crypto/x509/x509_r2x.o -c -o crypto/x509/x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_req.d.tmp -MT crypto/x509/x509_req.o -c -o crypto/x509/x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_set.d.tmp -MT crypto/x509/x509_set.o -c -o crypto/x509/x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_trs.d.tmp -MT crypto/x509/x509_trs.o -c -o crypto/x509/x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_txt.d.tmp -MT crypto/x509/x509_txt.o -c -o crypto/x509/x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_v3.d.tmp -MT crypto/x509/x509_v3.o -c -o crypto/x509/x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_vfy.d.tmp -MT crypto/x509/x509_vfy.o -c -o crypto/x509/x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509_vpm.d.tmp -MT crypto/x509/x509_vpm.o -c -o crypto/x509/x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509cset.d.tmp -MT crypto/x509/x509cset.o -c -o crypto/x509/x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509name.d.tmp -MT crypto/x509/x509name.o -c -o crypto/x509/x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509rset.d.tmp -MT crypto/x509/x509rset.o -c -o crypto/x509/x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509spki.d.tmp -MT crypto/x509/x509spki.o -c -o crypto/x509/x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509type.d.tmp -MT crypto/x509/x509type.o -c -o crypto/x509/x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_all.d.tmp -MT crypto/x509/x_all.o -c -o crypto/x509/x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_attrib.d.tmp -MT crypto/x509/x_attrib.o -c -o crypto/x509/x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_crl.d.tmp -MT crypto/x509/x_crl.o -c -o crypto/x509/x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_exten.d.tmp -MT crypto/x509/x_exten.o -c -o crypto/x509/x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_name.d.tmp -MT crypto/x509/x_name.o -c -o crypto/x509/x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_pubkey.d.tmp -MT crypto/x509/x_pubkey.o -c -o crypto/x509/x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_req.d.tmp -MT crypto/x509/x_req.o -c -o crypto/x509/x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_x509.d.tmp -MT crypto/x509/x_x509.o -c -o crypto/x509/x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_x509a.d.tmp -MT crypto/x509/x_x509a.o -c -o crypto/x509/x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_cache.d.tmp -MT crypto/x509v3/pcy_cache.o -c -o crypto/x509v3/pcy_cache.o ../openssl/crypto/x509v3/pcy_cache.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_data.d.tmp -MT crypto/x509v3/pcy_data.o -c -o crypto/x509v3/pcy_data.o ../openssl/crypto/x509v3/pcy_data.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_lib.d.tmp -MT crypto/x509v3/pcy_lib.o -c -o crypto/x509v3/pcy_lib.o ../openssl/crypto/x509v3/pcy_lib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_map.d.tmp -MT crypto/x509v3/pcy_map.o -c -o crypto/x509v3/pcy_map.o ../openssl/crypto/x509v3/pcy_map.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_node.d.tmp -MT crypto/x509v3/pcy_node.o -c -o crypto/x509v3/pcy_node.o ../openssl/crypto/x509v3/pcy_node.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_tree.d.tmp -MT crypto/x509v3/pcy_tree.o -c -o crypto/x509v3/pcy_tree.o ../openssl/crypto/x509v3/pcy_tree.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_addr.d.tmp -MT crypto/x509v3/v3_addr.o -c -o crypto/x509v3/v3_addr.o ../openssl/crypto/x509v3/v3_addr.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_admis.d.tmp -MT crypto/x509v3/v3_admis.o -c -o crypto/x509v3/v3_admis.o ../openssl/crypto/x509v3/v3_admis.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_akey.d.tmp -MT crypto/x509v3/v3_akey.o -c -o crypto/x509v3/v3_akey.o ../openssl/crypto/x509v3/v3_akey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_akeya.d.tmp -MT crypto/x509v3/v3_akeya.o -c -o crypto/x509v3/v3_akeya.o ../openssl/crypto/x509v3/v3_akeya.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_alt.d.tmp -MT crypto/x509v3/v3_alt.o -c -o crypto/x509v3/v3_alt.o ../openssl/crypto/x509v3/v3_alt.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_asid.d.tmp -MT crypto/x509v3/v3_asid.o -c -o crypto/x509v3/v3_asid.o ../openssl/crypto/x509v3/v3_asid.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_bcons.d.tmp -MT crypto/x509v3/v3_bcons.o -c -o crypto/x509v3/v3_bcons.o ../openssl/crypto/x509v3/v3_bcons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_bitst.d.tmp -MT crypto/x509v3/v3_bitst.o -c -o crypto/x509v3/v3_bitst.o ../openssl/crypto/x509v3/v3_bitst.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_conf.d.tmp -MT crypto/x509v3/v3_conf.o -c -o crypto/x509v3/v3_conf.o ../openssl/crypto/x509v3/v3_conf.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_cpols.d.tmp -MT crypto/x509v3/v3_cpols.o -c -o crypto/x509v3/v3_cpols.o ../openssl/crypto/x509v3/v3_cpols.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_crld.d.tmp -MT crypto/x509v3/v3_crld.o -c -o crypto/x509v3/v3_crld.o ../openssl/crypto/x509v3/v3_crld.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_enum.d.tmp -MT crypto/x509v3/v3_enum.o -c -o crypto/x509v3/v3_enum.o ../openssl/crypto/x509v3/v3_enum.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_extku.d.tmp -MT crypto/x509v3/v3_extku.o -c -o crypto/x509v3/v3_extku.o ../openssl/crypto/x509v3/v3_extku.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_genn.d.tmp -MT crypto/x509v3/v3_genn.o -c -o crypto/x509v3/v3_genn.o ../openssl/crypto/x509v3/v3_genn.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_ia5.d.tmp -MT crypto/x509v3/v3_ia5.o -c -o crypto/x509v3/v3_ia5.o ../openssl/crypto/x509v3/v3_ia5.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_info.d.tmp -MT crypto/x509v3/v3_info.o -c -o crypto/x509v3/v3_info.o ../openssl/crypto/x509v3/v3_info.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_int.d.tmp -MT crypto/x509v3/v3_int.o -c -o crypto/x509v3/v3_int.o ../openssl/crypto/x509v3/v3_int.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_lib.d.tmp -MT crypto/x509v3/v3_lib.o -c -o crypto/x509v3/v3_lib.o ../openssl/crypto/x509v3/v3_lib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_ncons.d.tmp -MT crypto/x509v3/v3_ncons.o -c -o crypto/x509v3/v3_ncons.o ../openssl/crypto/x509v3/v3_ncons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pci.d.tmp -MT crypto/x509v3/v3_pci.o -c -o crypto/x509v3/v3_pci.o ../openssl/crypto/x509v3/v3_pci.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pcia.d.tmp -MT crypto/x509v3/v3_pcia.o -c -o crypto/x509v3/v3_pcia.o ../openssl/crypto/x509v3/v3_pcia.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pcons.d.tmp -MT crypto/x509v3/v3_pcons.o -c -o crypto/x509v3/v3_pcons.o ../openssl/crypto/x509v3/v3_pcons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pku.d.tmp -MT crypto/x509v3/v3_pku.o -c -o crypto/x509v3/v3_pku.o ../openssl/crypto/x509v3/v3_pku.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pmaps.d.tmp -MT crypto/x509v3/v3_pmaps.o -c -o crypto/x509v3/v3_pmaps.o ../openssl/crypto/x509v3/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_prn.d.tmp -MT crypto/x509v3/v3_prn.o -c -o crypto/x509v3/v3_prn.o ../openssl/crypto/x509v3/v3_prn.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_purp.d.tmp -MT crypto/x509v3/v3_purp.o -c -o crypto/x509v3/v3_purp.o ../openssl/crypto/x509v3/v3_purp.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_skey.d.tmp -MT crypto/x509v3/v3_skey.o -c -o crypto/x509v3/v3_skey.o ../openssl/crypto/x509v3/v3_skey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_sxnet.d.tmp -MT crypto/x509v3/v3_sxnet.o -c -o crypto/x509v3/v3_sxnet.o ../openssl/crypto/x509v3/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_tlsf.d.tmp -MT crypto/x509v3/v3_tlsf.o -c -o crypto/x509v3/v3_tlsf.o ../openssl/crypto/x509v3/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_utl.d.tmp -MT crypto/x509v3/v3_utl.o -c -o crypto/x509v3/v3_utl.o ../openssl/crypto/x509v3/v3_utl.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3err.d.tmp -MT crypto/x509v3/v3err.o -c -o crypto/x509v3/v3err.o ../openssl/crypto/x509v3/v3err.c CC="clang" /usr/bin/perl ../openssl/crypto/x86_64cpuid.pl elf crypto/x86_64cpuid.s clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/bio_ssl.d.tmp -MT ssl/bio_ssl.o -c -o ssl/bio_ssl.o ../openssl/ssl/bio_ssl.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_lib.d.tmp -MT ssl/d1_lib.o -c -o ssl/d1_lib.o ../openssl/ssl/d1_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_msg.d.tmp -MT ssl/d1_msg.o -c -o ssl/d1_msg.o ../openssl/ssl/d1_msg.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_srtp.d.tmp -MT ssl/d1_srtp.o -c -o ssl/d1_srtp.o ../openssl/ssl/d1_srtp.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/methods.d.tmp -MT ssl/methods.o -c -o ssl/methods.o ../openssl/ssl/methods.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/packet.d.tmp -MT ssl/packet.o -c -o ssl/packet.o ../openssl/ssl/packet.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/pqueue.d.tmp -MT ssl/pqueue.o -c -o ssl/pqueue.o ../openssl/ssl/pqueue.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/dtls1_bitmap.d.tmp -MT ssl/record/dtls1_bitmap.o -c -o ssl/record/dtls1_bitmap.o ../openssl/ssl/record/dtls1_bitmap.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/rec_layer_d1.d.tmp -MT ssl/record/rec_layer_d1.o -c -o ssl/record/rec_layer_d1.o ../openssl/ssl/record/rec_layer_d1.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/rec_layer_s3.d.tmp -MT ssl/record/rec_layer_s3.o -c -o ssl/record/rec_layer_s3.o ../openssl/ssl/record/rec_layer_s3.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_buffer.d.tmp -MT ssl/record/ssl3_buffer.o -c -o ssl/record/ssl3_buffer.o ../openssl/ssl/record/ssl3_buffer.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_record.d.tmp -MT ssl/record/ssl3_record.o -c -o ssl/record/ssl3_record.o ../openssl/ssl/record/ssl3_record.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_record_tls13.d.tmp -MT ssl/record/ssl3_record_tls13.o -c -o ssl/record/ssl3_record_tls13.o ../openssl/ssl/record/ssl3_record_tls13.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_cbc.d.tmp -MT ssl/s3_cbc.o -c -o ssl/s3_cbc.o ../openssl/ssl/s3_cbc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_enc.d.tmp -MT ssl/s3_enc.o -c -o ssl/s3_enc.o ../openssl/ssl/s3_enc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_lib.d.tmp -MT ssl/s3_lib.o -c -o ssl/s3_lib.o ../openssl/ssl/s3_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_msg.d.tmp -MT ssl/s3_msg.o -c -o ssl/s3_msg.o ../openssl/ssl/s3_msg.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_asn1.d.tmp -MT ssl/ssl_asn1.o -c -o ssl/ssl_asn1.o ../openssl/ssl/ssl_asn1.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_cert.d.tmp -MT ssl/ssl_cert.o -c -o ssl/ssl_cert.o ../openssl/ssl/ssl_cert.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_ciph.d.tmp -MT ssl/ssl_ciph.o -c -o ssl/ssl_ciph.o ../openssl/ssl/ssl_ciph.c ../openssl/ssl/s3_lib.c:4204:16: error: no member named 'psk_server_callback' in 'struct ssl_st' if (s->psk_server_callback != NULL) { ~ ^ 1 error generated. Makefile:6058: recipe for target 'ssl/s3_lib.o' failed make[1]: *** [ssl/s3_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-psk' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Mon May 14 06:57:32 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 06:57:32 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526281052.059198.31778.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 66e4a8944b894b9301226bad193a7d8ec330742d (commit) from f54b665e29a0ed8df2ea322a1f9e1b8057f13894 (commit) - Log ----------------------------------------------------------------- commit 66e4a8944b894b9301226bad193a7d8ec330742d Author: Pavel Kopyl Date: Fri Nov 3 18:18:59 2017 +0300 Fix memory leaks in CA related functions. (cherry picked from commit aebd0e5ca12d1ba0b229a4121a54afa5ea2d8aa1) Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6238) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 5 ++++- apps/verify.c | 1 + crypto/conf/conf_api.c | 2 ++ crypto/engine/eng_lib.c | 6 ++++-- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 4f9de54..31e8773 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv) if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto err; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto err; } } diff --git a/apps/verify.c b/apps/verify.c index c4bd197..180ccf4 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { ERR_print_errors(bio_err); + X509_STORE_CTX_free(csc); goto end; } if (tchain) diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 4cf7553..60c9440 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -290,6 +290,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); + if (lh_CONF_VALUE_error(conf->data) > 0) + goto err; ok = 1; err: if (!ok) { diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index dc2abd2..b7a899f 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) + OPENSSL_free(item); + } } /* The API function that performs all cleanup */ From levitte at openssl.org Mon May 14 09:01:02 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 09:01:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526288462.544382.16689.nullmailer@dev.openssl.org> The branch master has been updated via de03cc92d1f3758ad1a525893c93e16b15e6cf45 (commit) from 1c534560dc905b6d399dbde242422f0cf5543286 (commit) - Log ----------------------------------------------------------------- commit de03cc92d1f3758ad1a525893c93e16b15e6cf45 Author: Richard Levitte Date: Wed May 2 14:18:55 2018 +0200 UI console: Restore tty settings, do not force ECHO after prompt The Console UI method always set echo on after prompting without echo. However, echo might not have been on originally, so just restore the original TTY settings. Fixes #2373 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6156) ----------------------------------------------------------------------- Summary of changes: crypto/ui/ui_openssl.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 3ccd8a7..078d10c 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -503,17 +503,13 @@ static int echo_console(UI *ui) { # if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); - tty_new.TTY_FLAGS |= ECHO; -# endif - -# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; # endif # ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; + tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0, 0); @@ -534,7 +530,6 @@ static int echo_console(UI *ui) # if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; - tty_new |= ENABLE_ECHO_INPUT; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } # endif From levitte at openssl.org Mon May 14 09:03:27 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 09:03:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526288607.833836.18362.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 0ec946fda5b66fb364a784b002aee5f8b1ac678a (commit) from e22ce0d07496c53cd100c6d46a54d7a46c13bba9 (commit) - Log ----------------------------------------------------------------- commit 0ec946fda5b66fb364a784b002aee5f8b1ac678a Author: Richard Levitte Date: Wed May 2 14:28:53 2018 +0200 UI console: Restore tty settings, do not force ECHO after prompt The Console UI method always set echo on after prompting without echo. However, echo might not have been on originally, so just restore the original TTY settings. Fixes #2373 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6157) ----------------------------------------------------------------------- Summary of changes: crypto/ui/ui_openssl.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 8fa8dec..fc942d2 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -524,17 +524,13 @@ static int echo_console(UI *ui) { #if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); - tty_new.TTY_FLAGS |= ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; #endif #ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; + tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0, 0); @@ -555,7 +551,6 @@ static int echo_console(UI *ui) #if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; - tty_new |= ENABLE_ECHO_INPUT; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } #endif From levitte at openssl.org Mon May 14 09:04:27 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 09:04:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526288667.626401.19294.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 4080f4d2fefbb7186171eb620d565e91f56be5b3 (commit) from 66e4a8944b894b9301226bad193a7d8ec330742d (commit) - Log ----------------------------------------------------------------- commit 4080f4d2fefbb7186171eb620d565e91f56be5b3 Author: Richard Levitte Date: Wed May 2 14:28:53 2018 +0200 UI console: Restore tty settings, do not force ECHO after prompt The Console UI method always set echo on after prompting without echo. However, echo might not have been on originally, so just restore the original TTY settings. Fixes #2373 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6158) ----------------------------------------------------------------------- Summary of changes: crypto/ui/ui_openssl.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 8a43590..5dcb91a 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -567,17 +567,13 @@ static int echo_console(UI *ui) { #if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); - tty_new.TTY_FLAGS |= ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; #endif #ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; + tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0, 0); From openssl at openssl.org Mon May 14 09:25:14 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 14 May 2018 09:25:14 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1526289914.673825.24258.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously From openssl at openssl.org Mon May 14 10:18:16 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 14 May 2018 10:18:16 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1526293096.356189.32499.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/curve448_internal_test.d.tmp -MT test/curve448_internal_test.o -c -o test/curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c ../openssl/test/sslapitest.c:4696:22: error: if statement has empty body [-Werror,-Wempty-body] if (tst % 2 == 0); ^ ../openssl/test/sslapitest.c:4696:22: note: put the semicolon on a separate line to silence this warning ../openssl/test/sslapitest.c:4700:22: error: if statement has empty body [-Werror,-Wempty-body] if (tst % 2 == 1); ^ ../openssl/test/sslapitest.c:4700:22: note: put the semicolon on a separate line to silence this warning 2 errors generated. Makefile:9120: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-tls' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Mon May 14 10:38:18 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 14 May 2018 10:38:18 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1526294298.547345.17635.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/curve448_internal_test.d.tmp -MT test/curve448_internal_test.o -c -o test/curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c ../openssl/test/sslapitest.c:4696:22: error: if statement has empty body [-Werror,-Wempty-body] if (tst % 2 == 0); ^ ../openssl/test/sslapitest.c:4696:22: note: put the semicolon on a separate line to silence this warning clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c 1 error generated. Makefile:9120: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Mon May 14 11:11:25 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 14 May 2018 11:11:25 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1526296285.200325.16705.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 1c53456 apps/speed: Add brainpool curves support 5c6a69f apps/speed: fix possible OOB access in some EC arrays 5f96a95 Set sess to NULL after freeing it. a925e7d Don't memcpy the contents of an empty fragment c82c346 In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length 34e4a96 Fix typo: 'is an error occurred' in documentation 61fb592 Rework the decrypt ticket callback c20e3b2 Fix mem leak in sslapi test d0191fe Add a test for the ticket callbacks 2448bb8 Document when a new session ticket gets created on resumption c0638ad Fix ticket callbacks in TLSv1.3 5fe3715 Flush server side unauthenticated writes e825109 Add some more SSL_pending() and SSL_has_pending() tests f478c8a Don't set TCP_NODELAY on a UDP socket 66fab92 Mark DTLS records as read when we have finished with them 0d8da77 Test an old style PSK callback with no cert will prefer SHA-256 9e064bc Provide documentation for the -psk_session option 48a0316 Prefer SHA-256 ciphersuites if using old style PSKs 3cb7c5c Use void in all function definitions that do not take any arguments d4a8ba7 rsaz_avx2_eligible doesn't take parameters c3114a7 Set the ossl_shim to auto retry if not running asynchronously Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/curve448_internal_test.d.tmp -MT test/curve448_internal_test.o -c -o test/curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c ../openssl/test/sslapitest.c:4696:22: error: if statement has empty body [-Werror,-Wempty-body] if (tst % 2 == 0); ^ ../openssl/test/sslapitest.c:4696:22: note: put the semicolon on a separate line to silence this warning 1 error generated. Makefile:9120: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Mon May 14 11:13:04 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 14 May 2018 11:13:04 +0000 Subject: [openssl-commits] Build failed: openssl master.17994 Message-ID: <20180514111304.1.7E2FFFE45C59EAA1@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon May 14 12:36:52 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 14 May 2018 12:36:52 +0000 Subject: [openssl-commits] Build completed: openssl master.17995 Message-ID: <20180514123652.1.87B8DAA086093742@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon May 14 12:56:55 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 12:56:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526302615.460295.21431.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via fe4fe67139bc1e1abb62035d9eb0992f614bf645 (commit) from 4080f4d2fefbb7186171eb620d565e91f56be5b3 (commit) - Log ----------------------------------------------------------------- commit fe4fe67139bc1e1abb62035d9eb0992f614bf645 Author: Richard Levitte Date: Mon May 14 05:01:54 2018 +0200 When configuring 'no-comp', zlib support should be disabled too Fixes #6241 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6248) ----------------------------------------------------------------------- Summary of changes: Configure | 1 + 1 file changed, 1 insertion(+) diff --git a/Configure b/Configure index 9c1879e..c7066dc 100755 --- a/Configure +++ b/Configure @@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled)) $depflags .= " -DOPENSSL_NO_$ALGO"; } } + if (/^comp$/) { $zlib = 0; } } print "\n"; From levitte at openssl.org Mon May 14 15:15:41 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 15:15:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526310941.395358.11880.nullmailer@dev.openssl.org> The branch master has been updated via 8481434439e421d513350a81a01ba2e2a8e61b6e (commit) via 491c35324c9f4392ec3d59bb260bf9b7e588f881 (commit) from de03cc92d1f3758ad1a525893c93e16b15e6cf45 (commit) - Log ----------------------------------------------------------------- commit 8481434439e421d513350a81a01ba2e2a8e61b6e Author: Richard Levitte Date: Sun May 13 11:35:14 2018 +0200 Link in passphrase-encoding(7) in relevant documentation Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6179) commit 491c35324c9f4392ec3d59bb260bf9b7e588f881 Author: Richard Levitte Date: Sat May 5 00:06:07 2018 +0200 Docs: add general document on how pass phrases are handled Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6179) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl.pod | 3 + doc/man3/OSSL_STORE_open.pod | 11 ++- doc/man3/PEM_bytes_read_bio.pod | 7 +- doc/man3/PEM_read.pod | 7 +- doc/man3/PEM_read_CMS.pod | 9 +- doc/man3/PEM_read_bio_PrivateKey.pod | 7 +- doc/man3/PKCS12_create.pod | 7 +- doc/man3/PKCS12_newpass.pod | 3 +- doc/man3/PKCS12_parse.pod | 3 +- doc/man3/PKCS5_PBKDF2_HMAC.pod | 6 +- doc/man3/d2i_PKCS8PrivateKey_bio.pod | 7 +- doc/man7/passphrase-encoding.pod | 182 +++++++++++++++++++++++++++++++++++ 12 files changed, 242 insertions(+), 10 deletions(-) create mode 100644 doc/man7/passphrase-encoding.pod diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 03c07c0..a713269 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -439,6 +439,9 @@ password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off. +Note that character encoding may be relevant, please see +L. + =over 4 =item B diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index 13f3722..b1467f4 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -112,6 +112,14 @@ URI, or if it's a different error (such as memory allocation failures); if the URI was parsable but the scheme unregistered, the top error will have the reason C. +These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the B scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See L for further information. + =head1 RETURN VALUES OSSL_STORE_open() returns a pointer to a B on success, or @@ -132,7 +140,8 @@ OSSL_STORE_ctrl() and OSSL_STORE_close() returns 1 on success, or 0 on failure. =head1 SEE ALSO -L, L, L +L, L, L, +L =head1 HISTORY diff --git a/doc/man3/PEM_bytes_read_bio.pod b/doc/man3/PEM_bytes_read_bio.pod index d16ccd8..cd05582 100644 --- a/doc/man3/PEM_bytes_read_bio.pod +++ b/doc/man3/PEM_bytes_read_bio.pod @@ -55,6 +55,10 @@ use of BIO_s_file() indicates the use of the operating system stdio functionality, which includes buffering as a feature; BIO_s_fd() is likely to be more appropriate in such cases. +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 RETURN VALUES PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or @@ -63,7 +67,8 @@ PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or =head1 SEE ALSO L, -L +L, +L =head1 HISTORY diff --git a/doc/man3/PEM_read.pod b/doc/man3/PEM_read.pod index 66cbc7d..2a017c6 100644 --- a/doc/man3/PEM_read.pod +++ b/doc/man3/PEM_read.pod @@ -110,10 +110,15 @@ Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 v2.0 PBE. See L and L. +PEM_do_header() makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 SEE ALSO L, L, -L. +L, +L =head1 COPYRIGHT diff --git a/doc/man3/PEM_read_CMS.pod b/doc/man3/PEM_read_CMS.pod index 65a114d..0c22618 100644 --- a/doc/man3/PEM_read_CMS.pod +++ b/doc/man3/PEM_read_CMS.pod @@ -73,6 +73,12 @@ PEM_write_TYPE() writes the PEM encoding of the object B to the file B. PEM_write_bio_TYPE() similarly writes to the BIO B. +=head1 NOTES + +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 RETURN VALUES PEM_read_TYPE() and PEM_read_bio_TYPE() return a pointer to an allocated @@ -83,7 +89,8 @@ or zero on error. =head1 SEE ALSO -L +L, +L =head1 COPYRIGHT diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 4ff5b2d..9f62140 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -386,6 +386,10 @@ this: this is a bug because an attempt will be made to reuse the data at B which is an uninitialised pointer. +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 PEM ENCRYPTION FORMAT These old B routines use a non standard technique for encryption. @@ -465,7 +469,8 @@ as they will be formally deprecated in a future releases. =head1 SEE ALSO -L, L +L, L, +L =head1 COPYRIGHT diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 37b53be..0dcd2ab 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -60,13 +60,18 @@ should be used. B can be set to -1 and the MAC will then be omitted entirely. +PKCS12_create() makes assumptions regarding the encoding of the given pass +phrase. +See L for more information. + =head1 RETURN VALUES PKCS12_create() returns a valid B structure or NULL if an error occurred. =head1 SEE ALSO -L +L, +L =head1 COPYRIGHT diff --git a/doc/man3/PKCS12_newpass.pod b/doc/man3/PKCS12_newpass.pod index 58207f5..c27c652 100644 --- a/doc/man3/PKCS12_newpass.pod +++ b/doc/man3/PKCS12_newpass.pod @@ -102,7 +102,8 @@ this function. =head1 SEE ALSO -L, L +L, L, +L =head1 COPYRIGHT diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod index c03c371..d61b172 100644 --- a/doc/man3/PKCS12_parse.pod +++ b/doc/man3/PKCS12_parse.pod @@ -57,7 +57,8 @@ Attributes currently cannot be stored in the private key B structure. =head1 SEE ALSO -L +L, +L =head1 COPYRIGHT diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod index e5d1689..174831d 100644 --- a/doc/man3/PKCS5_PBKDF2_HMAC.pod +++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -52,6 +52,9 @@ Increasing the B parameter slows down the algorithm which makes it harder for an attacker to perform a brute force attack using a large number of candidate passwords. +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. + =head1 RETURN VALUES PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error. @@ -59,7 +62,8 @@ PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on er =head1 SEE ALSO L, L, -L +L, +L =head1 COPYRIGHT diff --git a/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/doc/man3/d2i_PKCS8PrivateKey_bio.pod index cc588df..43a218a 100644 --- a/doc/man3/d2i_PKCS8PrivateKey_bio.pod +++ b/doc/man3/d2i_PKCS8PrivateKey_bio.pod @@ -45,6 +45,10 @@ Currently all the functions use BIOs or FILE pointers, there are no functions wh work directly on memory: this can be readily worked around by converting the buffers to memory BIOs, see L for details. +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. + =head1 RETURN VALUES d2i_PKCS8PrivateKey_bio() and d2i_PKCS8PrivateKey_fp() return a valid B @@ -55,7 +59,8 @@ and i2d_PKCS8PrivateKey_nid_fp() return 1 on success or 0 on error. =head1 SEE ALSO -L +L, +L =head1 COPYRIGHT diff --git a/doc/man7/passphrase-encoding.pod b/doc/man7/passphrase-encoding.pod new file mode 100644 index 0000000..bc777c9 --- /dev/null +++ b/doc/man7/passphrase-encoding.pod @@ -0,0 +1,182 @@ +=pod + +=encoding utf8 + +=head1 NAME + +password encoding +- How diverse parts of OpenSSL treat pass phrases character encoding + +=head1 DESCRIPTION + +In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library. + +=head2 The general case + +The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +ISO-8859-1, that object needs to be decrypted using a pass phrase encoded in +ISO-8859-1. +Using the wrong encoding is expected to cause a decryption failure. + +=head2 PKCS#12 + +PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an ASN.1 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (UCS-2 BE). + +OpenSSL tries to adapt to this requirements in one of the following manners: + +=over 4 + +=item 1. + +Treats the received pass phrase as UTF-8 encoded and tries to re-encode it to +UTF-16 (which is the same as UCS-2 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2. + +=item 2. + +Assumes that the pass phrase is encoded in ASCII or ISO-8859-1 and +opportunistically prepends each byte with a zero byte to obtain the UCS-2 +encoding of the characters, which it stores as a BMPString. + +Note that since there is no check of your locale, this may produce UCS-2 / +UTF-16 characters that do not correspond to the original pass phrase characters +for other character sets, such as any ISO-8859-X encoding other than +ISO-8859-1 (or for Windows, CP 1252 with exception for the extra "graphical" +characters in the 0x80-0x9F range). + +=back + +OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions. + +It should be noted that this approach isn't entirely fault free. + +A passphrase encoded in ISO-8859-2 could very well have a sequence such as +0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" +and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would +be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN +SMALL LETTER I WITH DIARESIS) I. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. + + 0x00 0xC3 0x00 0xAF # OpenSSL older than 1.1.0 + 0x00 0xEF # OpenSSL 1.1.0 and newer + +On the same accord, anything encoded in UTF-8 that was given to OpenSSL older +than 1.1.0 was misinterpreted as ISO-8859-1 sequences. + +=head2 OSSL_STORE + +L acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a PIN or something else. +This API currently doesn't stipulate any specific encoding of pass phrases, but +uses the underlying routines with their behaviours. +This means that when using the built-in C scheme loader, the pass phrase +to unlock a PKCS#12 file will be treated as described for PKCS#12 above, and +the pass phrase for a PEM files will be treated as the general case described +above, since that loader uses the same underlying routines. +I. + +=head1 RECOMMENDATIONS + +This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was ISO-8859-1 (i.e. "na?ve" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is UTF-8 (i.e. "na?ve" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding. + +Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is. + +=head2 Creating new objects + +For creating new pass phrase protected objects, make sure the pass phrase is +encoded using UTF-8. +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +C will have anything entered on [Windows] console prompt +converted to UTF-8 (command line and separately prompted pass phrases alike). + +=head2 Opening existing objects + +For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again. + +For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following: + +=over 4 + +=item 1. + +Try the password that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right. + +=item 2. + +Convert the pass phrase to UTF-8 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification. + +=item 3. + +Do a na?ve (i.e. purely mathematical) ISO-8859-1 to UTF-8 conversion and try +with the result. +This differs from the previous attempt because ISO-8859-1 maps directly to +U+0000 to U+00FF, which other non-UTF-8 character sets do not. + +This also takes care of the case when a UTF-8 encoded string was used with +OpenSSL older than 1.1.0. +(for example, C, which is 0xC3 0xAF when encoded in UTF-8, would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the na?ve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non-compliant encoding used by OpenSSL older than 1.1.0) + +=back + +=head1 SEE ALSO + +L, +L, +L, L, +L, +L, L, +L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut From levitte at openssl.org Mon May 14 15:53:39 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 15:53:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526313219.013849.18435.nullmailer@dev.openssl.org> The branch master has been updated via 986caf9e34fd60366a5b3711bb12e239e43a2431 (commit) from 8481434439e421d513350a81a01ba2e2a8e61b6e (commit) - Log ----------------------------------------------------------------- commit 986caf9e34fd60366a5b3711bb12e239e43a2431 Author: Richard Levitte Date: Mon May 14 09:28:52 2018 +0200 CI config: no need to make both install and install_docs 'install' depends on 'install_docs', so making the latter explicit is a waste. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6250) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 2 +- appveyor.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index f23f156..4affefd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -229,7 +229,7 @@ script: fi - if [ -n "$DESTDIR" ]; then mkdir "$top/$DESTDIR"; - if $make install install_docs DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then + if $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK'; else echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED'; diff --git a/appveyor.yml b/appveyor.yml index 3b66f0d..24966c0 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -61,6 +61,6 @@ test_script: - ps: >- if ($env:EXTENDED_TESTS) { mkdir ..\_install - cmd /c "nmake install install_docs DESTDIR=..\_install 2>&1" + cmd /c "nmake install DESTDIR=..\_install 2>&1" } - cd .. From levitte at openssl.org Mon May 14 15:56:52 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 14 May 2018 15:56:52 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526313412.499192.19751.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via f1e92861c30e91139407e65fffd0af76ef48fd34 (commit) from 0ec946fda5b66fb364a784b002aee5f8b1ac678a (commit) - Log ----------------------------------------------------------------- commit f1e92861c30e91139407e65fffd0af76ef48fd34 Author: Richard Levitte Date: Mon May 14 09:28:52 2018 +0200 CI config: no need to make both install and install_docs 'install' depends on 'install_docs', so making the latter explicit is a waste. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6250) (cherry picked from commit 986caf9e34fd60366a5b3711bb12e239e43a2431) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 2 +- appveyor.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index ba06dfd..e20c208 100644 --- a/.travis.yml +++ b/.travis.yml @@ -186,7 +186,7 @@ script: fi - if [ -n "$DESTDIR" ]; then mkdir "../$DESTDIR"; - if $make install install_docs DESTDIR="../$DESTDIR"; then + if $make install DESTDIR="../$DESTDIR"; then echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK'; else echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false; diff --git a/appveyor.yml b/appveyor.yml index 8dd6cb6..ba291fd 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -41,5 +41,5 @@ test_script: - cd _build - nmake test - mkdir ..\_install - - nmake install install_docs DESTDIR=..\_install + - nmake install DESTDIR=..\_install - cd .. From matt at openssl.org Mon May 14 16:44:54 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 14 May 2018 16:44:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526316294.309825.27441.nullmailer@dev.openssl.org> The branch master has been updated via ba8b48e98dd86851ca20733f819da5b76859e64a (commit) via 199dc0d3e857fa4242d90d89a0df52e87b975c67 (commit) from 986caf9e34fd60366a5b3711bb12e239e43a2431 (commit) - Log ----------------------------------------------------------------- commit ba8b48e98dd86851ca20733f819da5b76859e64a Author: Matt Caswell Date: Mon May 14 14:37:16 2018 +0100 Fix no-tls1_2 Also fixes no-tls1_2-method, no-tls1_3, no-tls, no-ec Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6253) commit 199dc0d3e857fa4242d90d89a0df52e87b975c67 Author: Matt Caswell Date: Mon May 14 14:28:06 2018 +0100 Fix no-psk Fixes #6239 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6253) ----------------------------------------------------------------------- Summary of changes: ssl/s3_lib.c | 2 ++ test/sslapitest.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c5f2235..354769b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4192,6 +4192,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } if (SSL_IS_TLS13(s)) { +#ifndef OPENSSL_NO_PSK int j; /* @@ -4208,6 +4209,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, prefer_sha256 = 1; } } +#endif } else { tls1_set_cert_validity(s); ssl_set_masks(s); diff --git a/test/sslapitest.c b/test/sslapitest.c index fc7288d..06d6cb2 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4693,11 +4693,11 @@ static int test_ticket_callbacks(int tst) int testresult = 0; #ifdef OPENSSL_NO_TLS1_2 - if (tst % 2 == 0); + if (tst % 2 == 0) return 1; #endif #ifdef OPENSSL_NO_TLS1_3 - if (tst % 2 == 1); + if (tst % 2 == 1) return 1; #endif From openssl at openssl.org Tue May 15 01:10:13 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 15 May 2018 01:10:13 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1526346613.287235.26702.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt From openssl at openssl.org Tue May 15 07:04:43 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 15 May 2018 07:04:43 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-psk Message-ID: <1526367883.476137.851.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-psk Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt From matt at openssl.org Tue May 15 09:07:25 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 15 May 2018 09:07:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526375245.430445.4128.nullmailer@dev.openssl.org> The branch master has been updated via 73cc84a132a08a02253ae168600fc4d16cd400d8 (commit) from ba8b48e98dd86851ca20733f819da5b76859e64a (commit) - Log ----------------------------------------------------------------- commit 73cc84a132a08a02253ae168600fc4d16cd400d8 Author: Matt Caswell Date: Mon May 14 18:35:30 2018 +0100 Suport TLSv1.3 draft 28 Also retains support for drafts 27 and 26 Fixes #6257 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6258) ----------------------------------------------------------------------- Summary of changes: include/openssl/tls1.h | 10 +++++++--- ssl/ssl_locl.h | 2 ++ ssl/statem/extensions_clnt.c | 8 ++++++-- ssl/statem/extensions_srvr.c | 4 ++-- ssl/statem/statem_lib.c | 17 ++++++++++++++++- ssl/t1_trce.c | 14 ++++++++++++-- test/recipes/70-test_sslversions.t | 7 ++++--- util/perl/TLSProxy/Record.pm | 2 +- 8 files changed, 50 insertions(+), 14 deletions(-) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index b9f0918..37bdc7d 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -30,9 +30,13 @@ extern "C" { # define TLS1_3_VERSION 0x0304 # define TLS_MAX_VERSION TLS1_3_VERSION -/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -26 */ -# define TLS1_3_VERSION_DRAFT 0x7f1a -# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 26)" +/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */ +# define TLS1_3_VERSION_DRAFT_26 0x7f1a +# define TLS1_3_VERSION_DRAFT_27 0x7f1b +# define TLS1_3_VERSION_DRAFT 0x7f1c +# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)" +# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)" +# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)" /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x10000 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c066e14..e02f5a1 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1057,6 +1057,8 @@ struct ssl_st { * DTLS1_VERSION) */ int version; + /* TODO(TLS1.3): Remove this before release */ + int version_draft; /* SSLv3 */ const SSL_METHOD *method; /* diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index e4a5b3c..cc4563b 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -538,7 +538,9 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, for (currv = max_version; currv >= min_version; currv--) { /* TODO(TLS1.3): Remove this first if clause prior to release!! */ if (currv == TLS1_3_VERSION) { - if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)) { + if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT) + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27) + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, ERR_R_INTERNAL_ERROR); @@ -1789,7 +1791,9 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, } /* TODO(TLS1.3): Remove this before release */ - if (version == TLS1_3_VERSION_DRAFT) + if (version == TLS1_3_VERSION_DRAFT + || version == TLS1_3_VERSION_DRAFT_27 + || version == TLS1_3_VERSION_DRAFT_26) version = TLS1_3_VERSION; /* diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index ec4e1b8..65b9d3b 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -892,7 +892,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions) || !WPACKET_start_sub_packet_u16(&hrrpkt) /* TODO(TLS1.3): Fix this before release */ - || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_3_VERSION_DRAFT) + || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft) || !WPACKET_close(&hrrpkt)) { WPACKET_cleanup(&hrrpkt); SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, @@ -1606,7 +1606,7 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) || !WPACKET_start_sub_packet_u16(pkt) /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */ - || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT) + || !WPACKET_put_bytes_u16(pkt, s->version_draft) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 5db5c80..91d304e 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1695,6 +1695,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) unsigned int best_vers = 0; const SSL_METHOD *best_method = NULL; PACKET versionslist; + /* TODO(TLS1.3): Remove this before release */ + unsigned int orig_candidate = 0; suppversions->parsed = 1; @@ -1705,8 +1707,18 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) while (PACKET_get_net_2(&versionslist, &candidate_vers)) { /* TODO(TLS1.3): Remove this before release */ - if (candidate_vers == TLS1_3_VERSION_DRAFT) + if (candidate_vers == TLS1_3_VERSION_DRAFT + || candidate_vers == TLS1_3_VERSION_DRAFT_27 + || candidate_vers == TLS1_3_VERSION_DRAFT_26) { + if (best_vers == TLS1_3_VERSION + && orig_candidate > candidate_vers) + continue; + orig_candidate = candidate_vers; candidate_vers = TLS1_3_VERSION; + } else if (candidate_vers == TLS1_3_VERSION) { + /* Don't actually accept real TLSv1.3 */ + continue; + } /* * TODO(TLS1.3): There is some discussion on the TLS list about * whether to ignore versions version = best_vers; + /* TODO(TLS1.3): Remove this before release */ + if (best_vers == TLS1_3_VERSION) + s->version_draft = orig_candidate; s->method = best_method; return 0; } diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 5287326..4d052d0 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -65,7 +65,9 @@ static const ssl_trace_tbl ssl_version_tbl[] = { {TLS1_1_VERSION, "TLS 1.1"}, {TLS1_2_VERSION, "TLS 1.2"}, {TLS1_3_VERSION, "TLS 1.3"}, - /* TODO(TLS1.3): Remove this line before release */ + /* TODO(TLS1.3): Remove these lines before release */ + {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26}, + {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27}, {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT}, {DTLS1_VERSION, "DTLS 1.0"}, {DTLS1_2_VERSION, "DTLS 1.2"}, @@ -642,7 +644,15 @@ static int ssl_print_version(BIO *bio, int indent, const char *name, vers = ((*pmsg)[0] << 8) | (*pmsg)[1]; if (version != NULL) { /* TODO(TLS1.3): Remove the draft conditional here before release */ - *version = (vers == TLS1_3_VERSION_DRAFT) ? TLS1_3_VERSION : vers; + switch(vers) { + case TLS1_3_VERSION_DRAFT_26: + case TLS1_3_VERSION_DRAFT_27: + case TLS1_3_VERSION_DRAFT: + *version = TLS1_3_VERSION; + break; + default: + *version = vers; + } } BIO_indent(bio, indent, 80); BIO_printf(bio, "%s=0x%x (%s)\n", diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t index ab5a0a2..5c9ee6c 100644 --- a/test/recipes/70-test_sslversions.t +++ b/test/recipes/70-test_sslversions.t @@ -138,7 +138,8 @@ sub modify_supported_versions_filter $ext = pack "C5", 0x04, # Length 0x03, 0x03, #TLSv1.2 - 0x03, 0x04; #TLSv1.3 + #TODO(TLS1.3): Fix before release + 0x7f, 0x1c; #TLSv1.3 (draft 28) } elsif ($testtype == UNRECOGNISED_VERSIONS) { $ext = pack "C5", 0x04, # Length @@ -152,8 +153,8 @@ sub modify_supported_versions_filter } elsif ($testtype == WITH_TLS1_4) { $ext = pack "C5", 0x04, # Length - 0x03, 0x05, #TLSv1.4 - 0x03, 0x04; #TLSv1.3 + #TODO(TLS1.3): Fix before release + 0x7f, 0x1c; #TLSv1.3 (draft 28) } if ($testtype == REVERSE_ORDER_VERSIONS || $testtype == UNRECOGNISED_VERSIONS diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm index 8ff948b..9de51b3 100644 --- a/util/perl/TLSProxy/Record.pm +++ b/util/perl/TLSProxy/Record.pm @@ -36,7 +36,7 @@ my %record_type = ( use constant { VERS_TLS_1_4 => 0x0305, - VERS_TLS_1_3_DRAFT => 0x7f1a, + VERS_TLS_1_3_DRAFT => 0x7f1c, VERS_TLS_1_3 => 0x0304, VERS_TLS_1_2 => 0x0303, VERS_TLS_1_1 => 0x0302, From openssl at openssl.org Tue May 15 10:30:30 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 15 May 2018 10:30:30 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1526380230.452186.18203.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt From openssl at openssl.org Tue May 15 10:55:43 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 15 May 2018 10:55:43 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1526381743.738424.30111.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt From openssl at openssl.org Tue May 15 11:33:51 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 15 May 2018 11:33:51 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1526384031.936762.23936.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: ba8b48e Fix no-tls1_2 199dc0d Fix no-psk 986caf9 CI config: no need to make both install and install_docs 8481434 Link in passphrase-encoding(7) in relevant documentation 491c353 Docs: add general document on how pass phrases are handled de03cc9 UI console: Restore tty settings, do not force ECHO after prompt From matt at openssl.org Tue May 15 13:09:12 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 15 May 2018 13:09:12 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526389752.935680.11820.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 7171f71ef10eb079322bbe99332f411a14f03891 (commit) from f1e92861c30e91139407e65fffd0af76ef48fd34 (commit) - Log ----------------------------------------------------------------- commit 7171f71ef10eb079322bbe99332f411a14f03891 Author: Matt Caswell Date: Wed May 2 16:07:13 2018 +0100 Mark DTLS records as read when we have finished with them The TLS code marks records as read when its finished using a record. The DTLS code did not do that. However SSL_has_pending() relies on it. So we should make DTLS consistent. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6160) ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_d1.c | 37 ++++++++++++++++++++++++++++++++----- ssl/record/ssl3_record.c | 14 ++++++++++++-- 2 files changed, 44 insertions(+), 7 deletions(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 0eeed4f..6111a2e 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -473,6 +473,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); goto start; } @@ -482,8 +483,9 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, */ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); s->rwstate = SSL_NOTHING; - return (0); + return 0; } if (type == SSL3_RECORD_get_type(rr) @@ -508,8 +510,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (recvd_type != NULL) *recvd_type = SSL3_RECORD_get_type(rr); - if (len <= 0) - return (len); + if (len <= 0) { + /* + * Mark a zero length record as read. This ensures multiple calls to + * SSL_read() with a zero length buffer will eventually cause + * SSL_pending() to report data as being available. + */ + if (SSL3_RECORD_get_length(rr) == 0) + SSL3_RECORD_set_read(rr); + return len; + } if ((unsigned int)len > SSL3_RECORD_get_length(rr)) n = SSL3_RECORD_get_length(rr); @@ -517,12 +527,16 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, n = (unsigned int)len; memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n); - if (!peek) { + if (peek) { + if (SSL3_RECORD_get_length(rr) == 0) + SSL3_RECORD_set_read(rr); + } else { SSL3_RECORD_sub_length(rr, n); SSL3_RECORD_add_off(rr, n); if (SSL3_RECORD_get_length(rr) == 0) { s->rlayer.rstate = SSL_ST_READ_HEADER; SSL3_RECORD_set_off(rr, 0); + SSL3_RECORD_set_read(rr); } } #ifndef OPENSSL_NO_SCTP @@ -573,6 +587,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } /* Exit and notify application to read again */ SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); @@ -617,6 +632,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, #endif s->rlayer.rstate = SSL_ST_READ_HEADER; SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); goto start; } @@ -626,6 +642,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL3_RECORD_add_off(rr, 1); SSL3_RECORD_add_length(rr, -1); } + if (SSL3_RECORD_get_length(rr) == 0) + SSL3_RECORD_set_read(rr); *dest_len = dest_maxlen; } } @@ -696,6 +714,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, } } else { SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); } /* @@ -720,6 +739,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, || (s->options & SSL_OP_NO_RENEGOTIATION) != 0)) { s->rlayer.d->handshake_fragment_len = 0; SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); goto start; } @@ -747,6 +767,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; + SSL3_RECORD_set_read(rr); s->rlayer.alert_count++; if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) { @@ -811,6 +832,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; + SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); return (0); } else { @@ -826,7 +848,8 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * shutdown */ s->rwstate = SSL_NOTHING; SSL3_RECORD_set_length(rr, 0); - return (0); + SSL3_RECORD_set_read(rr); + return 0; } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { @@ -835,6 +858,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, * are still missing, so just drop it. */ SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); goto start; } @@ -849,6 +873,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, dtls1_get_message_header(rr->data, &msg_hdr); if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch) { SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); goto start; } @@ -862,6 +887,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, dtls1_retransmit_buffered_messages(s); SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); if (!(s->mode & SSL_MODE_AUTO_RETRY)) { if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) { /* no read-ahead left? */ @@ -916,6 +942,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* TLS just ignores unknown message types */ if (s->version == TLS1_VERSION) { SSL3_RECORD_set_length(rr, 0); + SSL3_RECORD_set_read(rr); goto start; } al = SSL_AD_UNEXPECTED_MESSAGE; diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index c7a54fe..c80add3 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1531,6 +1531,7 @@ int dtls1_get_record(SSL *s) p += 6; n2s(p, rr->length); + rr->read = 0; /* * Lets check the version. We tolerate alerts that don't have the exact @@ -1540,6 +1541,7 @@ int dtls1_get_record(SSL *s) if (version != s->version) { /* unexpected version, silently discard */ rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1548,6 +1550,7 @@ int dtls1_get_record(SSL *s) if ((version & 0xff00) != (s->version & 0xff00)) { /* wrong version, silently discard record */ rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1555,10 +1558,10 @@ int dtls1_get_record(SSL *s) if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { /* record too long, silently discard it */ rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } - /* now s->rlayer.rstate == SSL_ST_READ_BODY */ } @@ -1572,6 +1575,7 @@ int dtls1_get_record(SSL *s) /* this packet contained a partial record, dump it */ if (n != i) { rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } @@ -1588,6 +1592,7 @@ int dtls1_get_record(SSL *s) bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); if (bitmap == NULL) { rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } @@ -1602,6 +1607,7 @@ int dtls1_get_record(SSL *s) */ if (!dtls1_record_replay_check(s, bitmap)) { rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } @@ -1610,8 +1616,10 @@ int dtls1_get_record(SSL *s) #endif /* just read a 0 length packet */ - if (rr->length == 0) + if (rr->length == 0) { + rr->read = 1; goto again; + } /* * If this record is from the next epoch (either HM or ALERT), and a @@ -1626,12 +1634,14 @@ int dtls1_get_record(SSL *s) return -1; } rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); goto again; } if (!dtls1_process_record(s, bitmap)) { rr->length = 0; + rr->read = 1; RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */ goto again; /* get another record */ } From appro at openssl.org Tue May 15 19:17:34 2018 From: appro at openssl.org (Andy Polyakov) Date: Tue, 15 May 2018 19:17:34 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526411854.393420.9039.nullmailer@dev.openssl.org> The branch master has been updated via 0d9b5fa3b44794c6830641f6cf2e6d840d1e9315 (commit) from 73cc84a132a08a02253ae168600fc4d16cd400d8 (commit) - Log ----------------------------------------------------------------- commit 0d9b5fa3b44794c6830641f6cf2e6d840d1e9315 Author: Andy Polyakov Date: Mon May 14 17:06:04 2018 +0200 windows-makefile.tmpl: delete export library prior link. LINK can outsmart itself and choose to not update export .lib upon corresponding .dll re-link. Since dependency is between .lib and all .obj-s, re-compilation of any .obj makes NMAKE relink .dll and all .exe-s over and over... Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Configurations/windows-makefile.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 0752bbe..49af571 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -627,6 +627,7 @@ EOF return <<"EOF" $target: $deps IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest + IF EXIST \$@ DEL /F /Q \$@ \$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\ /implib:\$@ \$(LDOUTFLAG)$shlib$shlibext$shared_def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1) $objs From appro at openssl.org Tue May 15 19:24:04 2018 From: appro at openssl.org (Andy Polyakov) Date: Tue, 15 May 2018 19:24:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526412244.092787.11049.nullmailer@dev.openssl.org> The branch master has been updated via 653162c6005b4594327029729c0bffcf7c15d58c (commit) from 0d9b5fa3b44794c6830641f6cf2e6d840d1e9315 (commit) - Log ----------------------------------------------------------------- commit 653162c6005b4594327029729c0bffcf7c15d58c Author: Gregor Jasny Date: Sun May 13 19:51:52 2018 +0200 NOTES.ANDROID: fix typo in build notes CLA: trivial Reviewed-by: Andy Polyakov Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6244) ----------------------------------------------------------------------- Summary of changes: NOTES.ANDROID | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTES.ANDROID b/NOTES.ANDROID index dcddc4c..103ed87 100644 --- a/NOTES.ANDROID +++ b/NOTES.ANDROID @@ -32,7 +32,7 @@ NDK 10d: ANDROID_NDK=/some/where/android-ndk-10d - PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin:$PATH + PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH ./Configure android-arm -D__ANDROID_API__=14 Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT From levitte at openssl.org Wed May 16 18:49:39 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 16 May 2018 18:49:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526496579.820730.13499.nullmailer@dev.openssl.org> The branch master has been updated via 8d483b2de78619e8592f2558301f3295daf59690 (commit) from 653162c6005b4594327029729c0bffcf7c15d58c (commit) - Log ----------------------------------------------------------------- commit 8d483b2de78619e8592f2558301f3295daf59690 Author: Richard Levitte Date: Wed May 16 11:12:21 2018 +0200 When producing man-pages, ensure NAME section is one line only There are *roff parsers that are strict about the NAME section being one line only. The man(7) on Debian GNU/Linux suggests that this is appropriate, so we compensate our multi-line NAME sections by fixing the *roff output. Noted by Eric S. Raymond Related to #6264 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6268) ----------------------------------------------------------------------- Summary of changes: util/process_docs.pl | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/util/process_docs.pl b/util/process_docs.pl index 2b7f322..ef79a1f 100755 --- a/util/process_docs.pl +++ b/util/process_docs.pl @@ -112,6 +112,32 @@ foreach my $section (sort @{$options{section}}) { @output = `$generate`; map { s|href="http://man\.he\.net/(man\d/[^"]+)(?:\.html)?"|href="../$1.html"|g; } @output if $options{type} eq "html"; + if ($options{type} eq "man") { + # Because some *roff parsers are more strict than others, + # multiple lines in the NAME section must be merged into + # one. + my $in_name = 0; + my $name_line = ""; + my @newoutput = (); + foreach (@output) { + if ($in_name) { + if (/^\.SH "/) { + $in_name = 0; + push @newoutput, $name_line."\n"; + } else { + chomp (my $x = $_); + $name_line .= " " if $name_line; + $name_line .= $x; + next; + } + } + if (/^\.SH +"NAME" *$/) { + $in_name = 1; + } + push @newoutput, $_; + } + @output = @newoutput; + } } print STDERR "DEBUG: Done processing\n" if $options{debug}; From levitte at openssl.org Wed May 16 18:50:45 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 16 May 2018 18:50:45 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526496645.853513.14507.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 0bde96f13837825fa899573728899744a956beff (commit) from 7171f71ef10eb079322bbe99332f411a14f03891 (commit) - Log ----------------------------------------------------------------- commit 0bde96f13837825fa899573728899744a956beff Author: Richard Levitte Date: Wed May 16 11:12:21 2018 +0200 When producing man-pages, ensure NAME section is one line only There are *roff parsers that are strict about the NAME section being one line only. The man(7) on Debian GNU/Linux suggests that this is appropriate, so we compensate our multi-line NAME sections by fixing the *roff output. Noted by Eric S. Raymond Related to #6264 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6268) (cherry picked from commit 8d483b2de78619e8592f2558301f3295daf59690) ----------------------------------------------------------------------- Summary of changes: util/process_docs.pl | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/util/process_docs.pl b/util/process_docs.pl index e084df7..0e46a0a 100755 --- a/util/process_docs.pl +++ b/util/process_docs.pl @@ -115,6 +115,32 @@ foreach my $subdir (keys %{$options{subdir}}) { @output = `$generate`; map { s|href="http://man\.he\.net/(man\d/[^"]+)(?:\.html)?"|href="../$1.html|g; } @output if $options{type} eq "html"; + if ($options{type} eq "man") { + # Because some *roff parsers are more strict than others, + # multiple lines in the NAME section must be merged into + # one. + my $in_name = 0; + my $name_line = ""; + my @newoutput = (); + foreach (@output) { + if ($in_name) { + if (/^\.SH "/) { + $in_name = 0; + push @newoutput, $name_line."\n"; + } else { + chomp (my $x = $_); + $name_line .= " " if $name_line; + $name_line .= $x; + next; + } + } + if (/^\.SH +"NAME" *$/) { + $in_name = 1; + } + push @newoutput, $_; + } + @output = @newoutput; + } } print STDERR "DEBUG: Done processing\n" if $options{debug}; From rsalz at openssl.org Wed May 16 20:25:50 2018 From: rsalz at openssl.org (Rich Salz) Date: Wed, 16 May 2018 20:25:50 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1526502350.686370.32384.nullmailer@dev.openssl.org> The branch master has been updated via 6d2d64dcea7f89da419eafb2e860b0f0f164458f (commit) from c1af450066654ac208edbb73f954fcf32d6330f7 (commit) - Log ----------------------------------------------------------------- commit 6d2d64dcea7f89da419eafb2e860b0f0f164458f Author: Rich Salz Date: Wed May 16 16:09:43 2018 -0400 Broken link to pgpkey.html Also fix indent of #include'd file Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/53) ----------------------------------------------------------------------- Summary of changes: community/index.html | 2 +- news/pgpkey.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/community/index.html b/community/index.html index 82374b6..e204c4b 100644 --- a/community/index.html +++ b/community/index.html @@ -50,7 +50,7 @@ please send mail to openssl-security at openssl.org. Encryption is not required, but if you want to encrypt the mail, you can use our - team's PGP Key. Or you can + team's PGP Key. Or you can send mail to one or more individual OMC Members, encrypted or plaintext. diff --git a/news/pgpkey.html b/news/pgpkey.html index 492a80d..5c996a5 100644 --- a/news/pgpkey.html +++ b/news/pgpkey.html @@ -18,7 +18,7 @@ openssl-security.asc 

    -	    
+
    From mark at openssl.org Wed May 16 20:41:23 2018 From: mark at openssl.org (Mark J. Cox) Date: Wed, 16 May 2018 20:41:23 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1526503283.447285.2299.nullmailer@dev.openssl.org> The branch master has been updated via e4458ac28cde9545944b3eb8fe6193ca1c33cd18 (commit) from 6d2d64dcea7f89da419eafb2e860b0f0f164458f (commit) - Log ----------------------------------------------------------------- commit e4458ac28cde9545944b3eb8fe6193ca1c33cd18 Author: Mark J. Cox Date: Wed May 16 21:40:33 2018 +0100 Update policy to remove a guiding principle as per vote at Ottawa f2f ----------------------------------------------------------------------- Summary of changes: policies/secpolicy.html | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 7af2965..3a298d4 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@

    Security Policy

    - Last modified 23rd January 2018 + Last modified 16th May 2018
    @@ -120,10 +120,6 @@

    The policy above is guided by our security principles:

      -
    • We strongly believe that the right to advance patches/info - should not be based in any way on paid membership to some forum. - You can not pay us to get security patches in advance.
      • -
    • It's in the best interests of the Internet as a whole to get fixes for OpenSSL security issues out quickly. OpenSSL embargoes should be measured in days and weeks, not months or years.
      • From levitte at openssl.org Thu May 17 11:52:00 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 17 May 2018 11:52:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526557920.777235.16256.nullmailer@dev.openssl.org> The branch master has been updated via 029c11c21fdd018ec51badaafd34118223055274 (commit) from 8d483b2de78619e8592f2558301f3295daf59690 (commit) - Log ----------------------------------------------------------------- commit 029c11c21fdd018ec51badaafd34118223055274 Author: Richard Levitte Date: Mon May 14 05:38:59 2018 +0200 Add a note on CHANGES and NEWS in CONTRIBUTING Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6249) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CONTRIBUTING b/CONTRIBUTING index 7654862..c0eed39 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -53,3 +53,20 @@ guidelines: documentation. Please look at the "pod" files in doc/man[1357] for examples of our style. Run "make doc-nits" to make sure that your documentation changes are clean. + + 7. For user visible changes (API changes, behaviour changes, ...), + consider adding a note in CHANGES. This could be a summarising + description of the change, and could explain the grander details. + Have a look through existing entries for inspiration. + Please note that this is NOT simply a copy of git-log oneliners. + Also note that security fixes get an entry in CHANGES. + This file helps users get more in depth information of what comes + with a specific release without having to sift through the higher + noise ratio in git-log. + + 8. For larger or more important user visible changes, as well as + security fixes, please add a line in NEWS. On exception, it might be + worth adding a multi-line entry (such as the entry that announces all + the types that became opaque with OpenSSL 1.1.0). + This file helps users get a very quick summary of what comes with a + specific release, to see if an upgrade is worth the effort. From levitte at openssl.org Thu May 17 11:54:02 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 17 May 2018 11:54:02 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526558042.029231.17533.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via fca038db55be460d7751910a03e550ba659d3c4f (commit) from 0bde96f13837825fa899573728899744a956beff (commit) - Log ----------------------------------------------------------------- commit fca038db55be460d7751910a03e550ba659d3c4f Author: Richard Levitte Date: Mon May 14 05:38:59 2018 +0200 Add a note on CHANGES and NEWS in CONTRIBUTING Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6249) (cherry picked from commit 029c11c21fdd018ec51badaafd34118223055274) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CONTRIBUTING b/CONTRIBUTING index efcb0b8..a6977b8 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -52,3 +52,20 @@ guidelines: 6. New features or changed functionality must include documentation. Please look at the "pod" files in doc for examples of our style. + + 7. For user visible changes (API changes, behaviour changes, ...), + consider adding a note in CHANGES. This could be a summarising + description of the change, and could explain the grander details. + Have a look through existing entries for inspiration. + Please note that this is NOT simply a copy of git-log oneliners. + Also note that security fixes get an entry in CHANGES. + This file helps users get more in depth information of what comes + with a specific release without having to sift through the higher + noise ratio in git-log. + + 8. For larger or more important user visible changes, as well as + security fixes, please add a line in NEWS. On exception, it might be + worth adding a multi-line entry (such as the entry that announces all + the types that became opaque with OpenSSL 1.1.0). + This file helps users get a very quick summary of what comes with a + specific release, to see if an upgrade is worth the effort. From matt at openssl.org Thu May 17 15:52:35 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 17 May 2018 15:52:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526572355.882265.30317.nullmailer@dev.openssl.org> The branch master has been updated via c22365b399f62af4a81e9202500cd2cbd9c23a9d (commit) via 56548e86ac60fd4ff94fd65389e6807640db00e8 (commit) via 36ff232cf2bf5dfcaf9e60a8c492439428a243bb (commit) via 394159da608f625b60f07c59e36dc7d01df3a709 (commit) via 9d0a8bb71e3e411e9183e635122f17c1429c4116 (commit) from 029c11c21fdd018ec51badaafd34118223055274 (commit) - Log ----------------------------------------------------------------- commit c22365b399f62af4a81e9202500cd2cbd9c23a9d Author: Matt Caswell Date: Fri May 11 17:47:27 2018 +0100 Improve testing of tickets with post-handshake auth Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5227) commit 56548e86ac60fd4ff94fd65389e6807640db00e8 Author: Matt Caswell Date: Fri Mar 16 18:03:52 2018 +0000 Add documentation for the ability to control the number of tickets Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5227) commit 36ff232cf2bf5dfcaf9e60a8c492439428a243bb Author: Matt Caswell Date: Wed Mar 14 19:22:48 2018 +0000 Change the default number of NewSessionTickets we send to 2 Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5227) commit 394159da608f625b60f07c59e36dc7d01df3a709 Author: Matt Caswell Date: Wed Jan 31 16:40:03 2018 +0000 Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF Also allows the apps to set it. Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5227) commit 9d0a8bb71e3e411e9183e635122f17c1429c4116 Author: Matt Caswell Date: Wed Jan 31 17:26:46 2018 +0000 Enable the ability to set the number of TLSv1.3 session tickets sent We send a session ticket automatically in TLSv1.3 at the end of the handshake. This commit provides the ability to set how many tickets should be sent. By default this is one. Fixes #4978 Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5227) ----------------------------------------------------------------------- Summary of changes: apps/apps.h | 4 +- apps/s_server.c | 5 +- doc/man3/SSL_CTX_set_num_tickets.pod | 68 ++++++++++++ doc/man3/SSL_CTX_set_options.pod | 2 + include/openssl/ssl.h | 5 + ssl/ssl_conf.c | 18 +++- ssl/ssl_lib.c | 29 ++++++ ssl/ssl_locl.h | 9 ++ ssl/statem/statem_clnt.c | 8 -- ssl/statem/statem_srvr.c | 88 +++++++++++----- test/handshake_helper.c | 18 +++- test/sslapitest.c | 197 ++++++++++++++++++++++++++++++----- test/ssltestlib.c | 15 +-- util/libssl.num | 4 + util/perl/TLSProxy/Proxy.pm | 6 ++ 15 files changed, 402 insertions(+), 74 deletions(-) create mode 100644 doc/man3/SSL_CTX_set_num_tickets.pod diff --git a/apps/apps.h b/apps/apps.h index b45a31a..5b98d27 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -281,8 +281,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, "Block size to pad TLS 1.3 records to."}, \ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ "Perform all sorts of protocol violations for testing purposes"}, \ - {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', "Disable TLSv1.3 middlebox compat mode" } - + {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ + "Disable TLSv1.3 middlebox compat mode" } # define OPT_S_CASES \ OPT_S__FIRST: case OPT_S__LAST: break; \ diff --git a/apps/s_server.c b/apps/s_server.c index b0e9659..5d53250 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -747,7 +747,7 @@ typedef enum OPTION_choice { OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, - OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA, + OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -955,6 +955,8 @@ const OPTIONS s_server_options[] = { {"max_early_data", OPT_MAX_EARLY, 'n', "The maximum number of bytes of early data"}, {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, + {"num_tickets", OPT_S_NUM_TICKETS, 'n', + "The number of TLSv1.3 session tickets that a server will automatically issue" }, {NULL, OPT_EOF, 0, NULL} }; @@ -1252,6 +1254,7 @@ int s_server_main(int argc, char *argv[]) goto opthelp; break; case OPT_S_CASES: + case OPT_S_NUM_TICKETS: if (ssl_args == NULL) ssl_args = sk_OPENSSL_STRING_new_null(); if (ssl_args == NULL diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod new file mode 100644 index 0000000..b6b0e3e --- /dev/null +++ b/doc/man3/SSL_CTX_set_num_tickets.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +SSL_set_num_tickets, +SSL_get_num_tickets, +SSL_CTX_set_num_tickets, +SSL_CTX_get_num_tickets +- control the number of TLSv1.3 session tickets that are issued + +=head1 SYNOPSIS + + #include + + int SSL_set_num_tickets(SSL *s, size_t num_tickets); + size_t SSL_get_num_tickets(SSL *s); + int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); + size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); + +=head1 DESCRIPTION + +SSL_CTX_set_num_tickets() and SSL_set_num_tickets() can be called for a server +application and set the number of session tickets that will be sent to the +client after a full handshake. Set the desired value (which could be 0) in the +B argument. Typically these functions should be called before the +start of the handshake. + +The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see L). + +Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +L. These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then SSL_set_num_tickets() can be called again prior to calling +SSL_verify_client_post_handshake() to update the number of tickets that will be +sent. + +SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of +tickets set by a previous call to SSL_CTX_set_num_tickets() or +SSL_set_num_tickets(), or 2 if no such call has been made. + +=head1 RETURN VALUES + +SSL_CTX_set_num_tickets() and SSL_set_num_tickets() return 1 on success or 0 on +failure. + +SSL_CTX_get_num_tickets() and SSL_get_num_tickets() return the number of tickets +that have been previously set. + +=head1 HISTORY + +These functions were added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 0d51077..552de07 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -151,6 +151,8 @@ of RFC4507bis tickets for stateless session resumption. If this option is set this functionality is disabled and tickets will not be used by clients or servers. +This option only applies to TLSv1.2 and below. It is ignored for TLSv1.3. + =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION Allow legacy insecure renegotiation between OpenSSL and unpatched clients or diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1f4f261..db0a2d5 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2095,6 +2095,11 @@ void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); void *SSL_get_record_padding_callback_arg(SSL *ssl); int SSL_set_block_padding(SSL *ssl, size_t block_size); +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); + # if OPENSSL_API_COMPAT < 0x10100000L # define SSL_cache_hit(s) SSL_session_reused(s) # endif diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index f1e8200..758f012 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -570,6 +570,21 @@ static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) return rv; } + +static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value) +{ + int rv = 0; + int num_tickets = atoi(value); + + if (num_tickets >= 0) { + if (cctx->ctx) + rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets); + if (cctx->ssl) + rv = SSL_set_num_tickets(cctx->ssl, num_tickets); + } + return rv; +} + typedef struct { int (*cmd) (SSL_CONF_CTX *cctx, const char *value); const char *str_file; @@ -655,7 +670,8 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, SSL_CONF_TYPE_FILE), #endif - SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0) + SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0), + SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER) }; /* Supported switches: must match order of switches in ssl_conf_cmds */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 41574c4..c38fc58 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -591,6 +591,7 @@ int SSL_clear(SSL *s) s->psksession_id = NULL; s->psksession_id_len = 0; s->hello_retry_request = 0; + s->sent_tickets = 0; s->error = 0; s->hit = 0; @@ -699,6 +700,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; s->max_early_data = ctx->max_early_data; + s->num_tickets = ctx->num_tickets; /* Shallow copy of the ciphersuites stack */ s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites); @@ -3033,6 +3035,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->max_early_data = 0; + /* By default we send two session tickets automatically in TLSv1.3 */ + ret->num_tickets = 2; + ssl_ctx_system_config(ret); return ret; @@ -4314,6 +4319,30 @@ int SSL_set_block_padding(SSL *ssl, size_t block_size) return 1; } +int SSL_set_num_tickets(SSL *s, size_t num_tickets) +{ + s->num_tickets = num_tickets; + + return 1; +} + +size_t SSL_get_num_tickets(SSL *s) +{ + return s->num_tickets; +} + +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets) +{ + ctx->num_tickets = num_tickets; + + return 1; +} + +size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx) +{ + return ctx->num_tickets; +} + /* * Allocates new EVP_MD_CTX and sets pointer to it into given pointer * variable, freeing EVP_MD_CTX previously stored in that variable, if any. diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e02f5a1..4aec810 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1049,6 +1049,9 @@ struct ssl_ctx_st { SSL_CTX_generate_session_ticket_fn generate_ticket_cb; SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb; void *ticket_cb_data; + + /* The number of TLS1.3 tickets to automatically send */ + size_t num_tickets; }; struct ssl_st { @@ -1418,6 +1421,12 @@ struct ssl_st { size_t block_padding; CRYPTO_RWLOCK *lock; + RAND_DRBG *drbg; + + /* The number of TLS1.3 tickets to automatically send */ + size_t num_tickets; + /* The number of TLS1.3 tickets actually sent so far */ + size_t sent_tickets; }; /* diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 60e987a..6c0f8be 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2590,7 +2590,6 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) * cache. */ if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) { - int i = s->session_ctx->session_cache_mode; SSL_SESSION *new_sess; /* * We reused an existing session, so we need to replace it with a new @@ -2603,13 +2602,6 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) goto err; } - if (i & SSL_SESS_CACHE_CLIENT) { - /* - * Remove the old session from the cache. We carry on if this fails - */ - SSL_CTX_remove_session(s->session_ctx, s->session); - } - SSL_SESSION_free(s->session); s->session = new_sess; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 22786be..ce8cec1 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -480,13 +480,9 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) case TLS_ST_SR_FINISHED: /* * Technically we have finished the handshake at this point, but we're - * going to remain "in_init" for now and write out the session ticket + * going to remain "in_init" for now and write out any session tickets * immediately. - * TODO(TLS1.3): Perhaps we need to be able to control this behaviour - * and give the application the opportunity to delay sending the - * session ticket? */ - st->hand_state = TLS_ST_SW_SESSION_TICKET; if (s->post_handshake_auth == SSL_PHA_REQUESTED) { s->post_handshake_auth = SSL_PHA_EXT_RECEIVED; } else if (!s->ext.ticket_expected) { @@ -495,7 +491,12 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) * handshake at this point. */ st->hand_state = TLS_ST_OK; + return WRITE_TRAN_CONTINUE; } + if (s->num_tickets > s->sent_tickets) + st->hand_state = TLS_ST_SW_SESSION_TICKET; + else + st->hand_state = TLS_ST_OK; return WRITE_TRAN_CONTINUE; case TLS_ST_SR_KEY_UPDATE: @@ -506,9 +507,19 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) /* Fall through */ case TLS_ST_SW_KEY_UPDATE: - case TLS_ST_SW_SESSION_TICKET: st->hand_state = TLS_ST_OK; return WRITE_TRAN_CONTINUE; + + case TLS_ST_SW_SESSION_TICKET: + /* In a resumption we only ever send a maximum of one new ticket. + * Following an initial handshake we send the number of tickets we have + * been configured for. + */ + if (s->hit || s->num_tickets <= s->sent_tickets) { + /* We've written enough tickets out. */ + st->hand_state = TLS_ST_OK; + } + return WRITE_TRAN_CONTINUE; } } @@ -700,7 +711,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) return WORK_FINISHED_CONTINUE; case TLS_ST_SW_SESSION_TICKET: - if (SSL_IS_TLS13(s)) { + if (SSL_IS_TLS13(s) && s->sent_tickets == 0) { /* * Actually this is the end of the handshake, but we're going * straight into writing the session ticket out. So we finish off @@ -3679,12 +3690,16 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) sk = NULL; /* Save the current hash state for when we receive the CertificateVerify */ - if (SSL_IS_TLS13(s) - && !ssl_handshake_hash(s, s->cert_verify_hash, - sizeof(s->cert_verify_hash), - &s->cert_verify_hash_len)) { - /* SSLfatal() already called */ - goto err; + if (SSL_IS_TLS13(s)) { + if (!ssl_handshake_hash(s, s->cert_verify_hash, + sizeof(s->cert_verify_hash), + &s->cert_verify_hash_len)) { + /* SSLfatal() already called */ + goto err; + } + + /* Resend session tickets */ + s->sent_tickets = 0; } ret = MSG_PROCESS_CONTINUE_READING; @@ -3743,21 +3758,41 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } age_add_u; if (SSL_IS_TLS13(s)) { - if (s->post_handshake_auth != SSL_PHA_EXT_RECEIVED) { - void (*cb) (const SSL *ssl, int type, int val) = NULL; + void (*cb) (const SSL *ssl, int type, int val) = NULL; + + if (s->info_callback != NULL) + cb = s->info_callback; + else if (s->ctx->info_callback != NULL) + cb = s->ctx->info_callback; + + if (cb != NULL) { /* - * This is the first session ticket we've sent. In the state - * machine we "cheated" and tacked this onto the end of the first - * handshake. From an info callback perspective this should appear - * like the start of a new handshake. + * We don't start and stop the handshake in between each ticket when + * sending more than one - but it should appear that way to the info + * callback. */ - if (s->info_callback != NULL) - cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_START, 1); + if (s->sent_tickets != 0) { + ossl_statem_set_in_init(s, 0); + cb(s, SSL_CB_HANDSHAKE_DONE, 1); + ossl_statem_set_in_init(s, 1); + } + cb(s, SSL_CB_HANDSHAKE_START, 1); + } + /* + * If we already sent one NewSessionTicket then we need to take a copy + * of it and create a new session from it. + */ + if (s->sent_tickets != 0) { + SSL_SESSION *new_sess = ssl_session_dup(s->session, 0); + + if (new_sess == NULL) { + /* SSLfatal already called */ + goto err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; } if (!ssl_generate_session_id(s, s->session)) { @@ -3961,13 +3996,14 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) goto err; } if (SSL_IS_TLS13(s)) { - ssl_update_cache(s, SSL_SESS_CACHE_SERVER); if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_NEW_SESSION_TICKET, NULL, 0)) { /* SSLfatal() already called */ goto err; } + s->sent_tickets++; + ssl_update_cache(s, SSL_SESS_CACHE_SERVER); } EVP_CIPHER_CTX_free(ctx); HMAC_CTX_free(hctx); diff --git a/test/handshake_helper.c b/test/handshake_helper.c index b3d94bb..3ebf64d 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -1403,7 +1403,7 @@ static HANDSHAKE_RESULT *do_handshake_internal( HANDSHAKE_EX_DATA server_ex_data, client_ex_data; CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data; HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new(); - int client_turn = 1, client_turn_count = 0; + int client_turn = 1, client_turn_count = 0, client_wait_count = 0; connect_phase_t phase = HANDSHAKE; handshake_status_t status = HANDSHAKE_RETRY; const unsigned char* tick = NULL; @@ -1586,9 +1586,19 @@ static HANDSHAKE_RESULT *do_handshake_internal( ret->result = SSL_TEST_INTERNAL_ERROR; goto err; } - - /* Continue. */ - client_turn ^= 1; + if (client_turn && server.status == PEER_SUCCESS) { + /* + * The server may finish before the client because the + * client spends some turns processing NewSessionTickets. + */ + if (client_wait_count++ >= 2) { + ret->result = SSL_TEST_INTERNAL_ERROR; + goto err; + } + } else { + /* Continue. */ + client_turn ^= 1; + } } break; } diff --git a/test/sslapitest.c b/test/sslapitest.c index 06d6cb2..fe355f2 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -882,10 +882,14 @@ static int execute_test_session(int maxprot, int use_int_cache, SSL *serverssl3 = NULL, *clientssl3 = NULL; # endif SSL_SESSION *sess1 = NULL, *sess2 = NULL; - int testresult = 0; + int testresult = 0, numnewsesstick = 1; new_called = remove_called = 0; + /* TLSv1.3 sends 2 NewSessionTickets */ + if (maxprot == TLS1_3_VERSION) + numnewsesstick = 2; + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), TLS1_VERSION, TLS_MAX_VERSION, &sctx, &cctx, cert, privkey))) @@ -923,7 +927,9 @@ static int execute_test_session(int maxprot, int use_int_cache, if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1))) goto end; if (use_ext_cache - && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0))) + && (!TEST_int_eq(new_called, numnewsesstick) + + || !TEST_int_eq(remove_called, 0))) goto end; new_called = remove_called = 0; @@ -938,11 +944,11 @@ static int execute_test_session(int maxprot, int use_int_cache, if (maxprot == TLS1_3_VERSION) { /* * In TLSv1.3 we should have created a new session even though we have - * resumed. The original session should also have been removed. + * resumed. */ if (use_ext_cache && (!TEST_int_eq(new_called, 1) - || !TEST_int_eq(remove_called, 1))) + || !TEST_int_eq(remove_called, 0))) goto end; } else { /* @@ -972,7 +978,8 @@ static int execute_test_session(int maxprot, int use_int_cache, goto end; if (use_ext_cache - && (!TEST_int_eq(new_called, 1) || !TEST_int_eq(remove_called, 0))) + && (!TEST_int_eq(new_called, numnewsesstick) + || !TEST_int_eq(remove_called, 0))) goto end; new_called = remove_called = 0; @@ -1072,7 +1079,7 @@ static int execute_test_session(int maxprot, int use_int_cache, if (use_ext_cache) { SSL_SESSION *tmp = sess2; - if (!TEST_int_eq(new_called, 1) + if (!TEST_int_eq(new_called, numnewsesstick) || !TEST_int_eq(remove_called, 0) || !TEST_int_eq(get_called, 0)) goto end; @@ -1105,10 +1112,6 @@ static int execute_test_session(int maxprot, int use_int_cache, goto end; if (maxprot == TLS1_3_VERSION) { - /* - * Every time we issue a NewSessionTicket we are creating a new - * session for next time in TLSv1.3 - */ if (!TEST_int_eq(new_called, 1) || !TEST_int_eq(get_called, 0)) goto end; @@ -1181,6 +1184,134 @@ static int test_session_with_both_cache(void) #endif } +static SSL_SESSION *sesscache[6]; +static int do_cache; + +static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess) +{ + if (do_cache) { + sesscache[new_called] = sess; + } else { + /* We don't need the reference to the session, so free it */ + SSL_SESSION_free(sess); + } + new_called++; + + return 1; +} + +static int post_handshake_verify(SSL *sssl, SSL *cssl) +{ + SSL_set_verify(sssl, SSL_VERIFY_PEER, NULL); + if (!TEST_true(SSL_verify_client_post_handshake(sssl))) + return 0; + + /* Start handshake on the server and client */ + if (!TEST_int_eq(SSL_do_handshake(sssl), 1) + || !TEST_int_le(SSL_read(cssl, NULL, 0), 0) + || !TEST_int_le(SSL_read(sssl, NULL, 0), 0) + || !TEST_true(create_ssl_connection(sssl, cssl, + SSL_ERROR_NONE))) + return 0; + + return 1; +} + +static int test_tickets(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0, i; + size_t j; + + /* idx is the test number, but also the number of tickets we want */ + + new_called = 0; + do_cache = 1; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, + &cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_num_tickets(sctx, idx))) + goto end; + + SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_sess_set_new_cb(cctx, new_cachesession_cb); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + SSL_force_post_handshake_auth(clientssl); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(idx, new_called)) + goto end; + + /* After a post-handshake authentication we should get new tickets issued */ + if (!post_handshake_verify(serverssl, clientssl) + || !TEST_int_eq(idx * 2, new_called)) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + + /* Stop caching sessions - just count them */ + do_cache = 0; + + /* Test that we can resume with all the tickets we got given */ + for (i = 0; i < idx * 2; i++) { + new_called = 0; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sesscache[i]))) + goto end; + + SSL_force_post_handshake_auth(clientssl); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_true(SSL_session_reused(clientssl)) + /* Following a resumption we only get 1 ticket */ + || !TEST_int_eq(new_called, 1)) + goto end; + + new_called = 0; + /* After a post-handshake authentication we should get 1 new ticket */ + if (!post_handshake_verify(serverssl, clientssl) + || !TEST_int_eq(new_called, 1)) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + SSL_SESSION_free(sesscache[i]); + sesscache[i] = NULL; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + for (j = 0; j < OSSL_NELEM(sesscache); j++) { + SSL_SESSION_free(sesscache[j]); + sesscache[j] = NULL; + } + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + #define USE_NULL 0 #define USE_BIO_1 1 #define USE_BIO_2 2 @@ -1198,7 +1329,6 @@ static int test_session_with_both_cache(void) # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0 #endif - #define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \ + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \ + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS @@ -1933,10 +2063,13 @@ static int test_early_data_read_write(int idx) goto end; /* - * Make sure we process the NewSessionTicket. This arrives post-handshake. - * We attempt a read which we do not expect to return any data. + * Make sure we process the two NewSessionTickets. These arrive + * post-handshake. We attempt reads which we do not expect to return any + * data. */ - if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))) + if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), + &readbytes))) goto end; /* Server should be able to write normal data */ @@ -3392,9 +3525,10 @@ static int test_custom_exts(int tst) || (tst == 2 && snicb != 1)) goto end; } else { + /* In this case there 2 NewSessionTicket messages created */ if (clntaddnewcb != 1 - || clntparsenewcb != 4 - || srvaddnewcb != 4 + || clntparsenewcb != 5 + || srvaddnewcb != 5 || srvparsenewcb != 1) goto end; } @@ -3438,10 +3572,13 @@ static int test_custom_exts(int tst) || srvparsenewcb != 2) goto end; } else { - /* No Certificate message extensions in the resumption handshake */ + /* + * No Certificate message extensions in the resumption handshake, + * 2 NewSessionTickets in the initial handshake, 1 in the resumption + */ if (clntaddnewcb != 2 - || clntparsenewcb != 7 - || srvaddnewcb != 7 + || clntparsenewcb != 8 + || srvaddnewcb != 8 || srvparsenewcb != 2) goto end; } @@ -4205,14 +4342,16 @@ static struct info_cb_states_st { {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, - {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, - {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, - {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, - {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, - {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, - {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"}, - {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, + {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, + {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, + {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, + {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, + {SSL_CB_EXIT, NULL}, {0, NULL}, }, { /* TLSv1.3 client followed by resumption */ {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, @@ -4223,6 +4362,9 @@ static struct info_cb_states_st { {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, + {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "}, + {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, + {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, @@ -4856,6 +4998,9 @@ int setup_tests(void) ADD_TEST(test_session_with_only_int_cache); ADD_TEST(test_session_with_only_ext_cache); ADD_TEST(test_session_with_both_cache); +#ifndef OPENSSL_NO_TLS1_3 + ADD_ALL_TESTS(test_tickets, 3); +#endif ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS); ADD_TEST(test_ssl_bio_pop_next_bio); ADD_TEST(test_ssl_bio_pop_ssl_bio); diff --git a/test/ssltestlib.c b/test/ssltestlib.c index c768963..2ef4b5d 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -682,7 +682,7 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) { - int retc = -1, rets = -1, err, abortctr = 0; + int retc = -1, rets = -1, err, abortctr = 0, i; int clienterr = 0, servererr = 0; unsigned char buf; size_t readbytes; @@ -741,13 +741,16 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) /* * We attempt to read some data on the client side which we expect to fail. * This will ensure we have received the NewSessionTicket in TLSv1.3 where - * appropriate. + * appropriate. We do this twice because there are 2 NewSesionTickets. */ - if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { - if (!TEST_ulong_eq(readbytes, 0)) + for (i = 0; i < 2; i++) { + if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { + if (!TEST_ulong_eq(readbytes, 0)) + return 0; + } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), + SSL_ERROR_WANT_READ)) { return 0; - } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_READ)) { - return 0; + } } return 1; diff --git a/util/libssl.num b/util/libssl.num index 344d684..3495903 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -486,3 +486,7 @@ SSL_CTX_set_stateless_cookie_generate_cb 486 1_1_1 EXIST::FUNCTION: SSL_CTX_set_stateless_cookie_verify_cb 487 1_1_1 EXIST::FUNCTION: SSL_CTX_set_ciphersuites 488 1_1_1 EXIST::FUNCTION: SSL_set_ciphersuites 489 1_1_1 EXIST::FUNCTION: +SSL_set_num_tickets 490 1_1_1 EXIST::FUNCTION: +SSL_CTX_get_num_tickets 491 1_1_1 EXIST::FUNCTION: +SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION: diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index 8df0153..8c13520 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -220,6 +220,12 @@ sub start my $execcmd = $self->execute ." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest" + #In TLSv1.3 we issue two session tickets. The default session id + #callback gets confused because the ossltest engine causes the same + #session id to be created twice due to the changed random number + #generation. Using "-ext_cache" replaces the default callback with a + #different one that doesn't get confused. + ." -ext_cache" ." -accept $self->{server_addr}:0" ." -cert ".$self->cert." -cert2 ".$self->cert ." -naccept ".$self->serverconnects; From matt at openssl.org Thu May 17 16:13:56 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 17 May 2018 16:13:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526573636.033749.2847.nullmailer@dev.openssl.org> The branch master has been updated via b336ce57f2d5cca803a920d2a9e622b588cead3c (commit) from c22365b399f62af4a81e9202500cd2cbd9c23a9d (commit) - Log ----------------------------------------------------------------- commit b336ce57f2d5cca803a920d2a9e622b588cead3c Author: Matt Caswell Date: Wed May 16 09:58:27 2018 +0100 Make BN_GF2m_mod_arr more constant time Experiments have shown that the lookup table used by BN_GF2m_mod_arr introduces sufficient timing signal to recover the private key for an attacker with access to cache timing information on the victim's host. This only affects binary curves (which are less frequently used). No CVE is considered necessary for this issue. The fix is to replace the lookup table with an on-the-fly calculation of the value from the table instead, which can be performed in constant time. Thanks to Youngjoo Shin for reporting this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6270) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_gf2m.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 287adf3..0fc4460 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -22,30 +22,32 @@ */ # define MAX_ITERATIONS 50 -static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, - 64, 65, 68, 69, 80, 81, 84, 85 -}; +# define SQR_nibble(w) ((((w) & 8) << 3) \ + | (((w) & 4) << 2) \ + | (((w) & 2) << 1) \ + | ((w) & 1)) + /* Platform-specific macros to accelerate squaring. */ # if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) # define SQR1(w) \ - SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ - SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ - SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ - SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] + SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \ + SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \ + SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \ + SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) # define SQR0(w) \ - SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ - SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \ + SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \ + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # ifdef THIRTY_TWO_BIT # define SQR1(w) \ - SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ - SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] + SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \ + SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) # define SQR0(w) \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # if !defined(OPENSSL_BN_ASM_GF2m) From matt at openssl.org Thu May 17 16:14:23 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 17 May 2018 16:14:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526573663.267877.3699.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 4652a14b787faf192370ef821564e3f5c7afda92 (commit) from fca038db55be460d7751910a03e550ba659d3c4f (commit) - Log ----------------------------------------------------------------- commit 4652a14b787faf192370ef821564e3f5c7afda92 Author: Matt Caswell Date: Wed May 16 09:58:27 2018 +0100 Make BN_GF2m_mod_arr more constant time Experiments have shown that the lookup table used by BN_GF2m_mod_arr introduces sufficient timing signal to recover the private key for an attacker with access to cache timing information on the victim's host. This only affects binary curves (which are less frequently used). No CVE is considered necessary for this issue. The fix is to replace the lookup table with an on-the-fly calculation of the value from the table instead, which can be performed in constant time. Thanks to Youngjoo Shin for reporting this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6270) (cherry picked from commit b336ce57f2d5cca803a920d2a9e622b588cead3c) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_gf2m.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index b1987f5..6c7ef42 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -32,30 +32,32 @@ */ # define MAX_ITERATIONS 50 -static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, - 64, 65, 68, 69, 80, 81, 84, 85 -}; +# define SQR_nibble(w) ((((w) & 8) << 3) \ + | (((w) & 4) << 2) \ + | (((w) & 2) << 1) \ + | ((w) & 1)) + /* Platform-specific macros to accelerate squaring. */ # if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) # define SQR1(w) \ - SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ - SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ - SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ - SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] + SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \ + SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \ + SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \ + SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) # define SQR0(w) \ - SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ - SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \ + SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \ + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # ifdef THIRTY_TWO_BIT # define SQR1(w) \ - SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ - SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] + SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \ + SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) # define SQR0(w) \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # if !defined(OPENSSL_BN_ASM_GF2m) From matt at openssl.org Thu May 17 16:14:37 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 17 May 2018 16:14:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526573677.358922.4472.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 7e5292ba04deb0fb01e5628bf2e3b32c7d19977d (commit) from fe4fe67139bc1e1abb62035d9eb0992f614bf645 (commit) - Log ----------------------------------------------------------------- commit 7e5292ba04deb0fb01e5628bf2e3b32c7d19977d Author: Matt Caswell Date: Wed May 16 09:58:27 2018 +0100 Make BN_GF2m_mod_arr more constant time Experiments have shown that the lookup table used by BN_GF2m_mod_arr introduces sufficient timing signal to recover the private key for an attacker with access to cache timing information on the victim's host. This only affects binary curves (which are less frequently used). No CVE is considered necessary for this issue. The fix is to replace the lookup table with an on-the-fly calculation of the value from the table instead, which can be performed in constant time. Thanks to Youngjoo Shin for reporting this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6270) (cherry picked from commit b336ce57f2d5cca803a920d2a9e622b588cead3c) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_gf2m.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 2c61da1..e86b8d2 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -103,30 +103,32 @@ */ # define MAX_ITERATIONS 50 -static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, - 64, 65, 68, 69, 80, 81, 84, 85 -}; +# define SQR_nibble(w) ((((w) & 8) << 3) \ + | (((w) & 4) << 2) \ + | (((w) & 2) << 1) \ + | ((w) & 1)) + /* Platform-specific macros to accelerate squaring. */ # if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) # define SQR1(w) \ - SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ - SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ - SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ - SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] + SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \ + SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \ + SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \ + SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) # define SQR0(w) \ - SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ - SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \ + SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \ + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # ifdef THIRTY_TWO_BIT # define SQR1(w) \ - SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ - SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] + SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \ + SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) # define SQR0(w) \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # if !defined(OPENSSL_BN_ASM_GF2m) From no-reply at appveyor.com Thu May 17 17:22:58 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 17 May 2018 17:22:58 +0000 Subject: [openssl-commits] Build failed: openssl master.18053 Message-ID: <20180517172258.1.910BF08B4CAEF65D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu May 17 17:56:47 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 17 May 2018 17:56:47 +0000 Subject: [openssl-commits] Build completed: openssl OpenSSL_1_1_0-stable.18054 Message-ID: <20180517175647.1.15028CE3736D9A85@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri May 18 01:09:01 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 18 May 2018 01:09:01 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1526605741.273041.27247.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: b336ce5 Make BN_GF2m_mod_arr more constant time c22365b Improve testing of tickets with post-handshake auth 56548e8 Add documentation for the ability to control the number of tickets 36ff232 Change the default number of NewSessionTickets we send to 2 394159d Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF 9d0a8bb Enable the ability to set the number of TLSv1.3 session tickets sent 029c11c Add a note on CHANGES and NEWS in CONTRIBUTING Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c ../openssl/test/sslapitest.c:1220:12: error: unused function 'test_tickets' [-Werror,-Wunused-function] static int test_tickets(int idx) ^ 1 error generated. Makefile:8718: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From matthias.st.pierre at ncp-e.com Fri May 18 06:55:21 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 18 May 2018 06:55:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526626521.951675.5291.nullmailer@dev.openssl.org> The branch master has been updated via 8a59c08583424d59ac30c1261eedff40d653f8b0 (commit) via 6db7fadf0975c75bfba01dd939063b4bdcb1a0fe (commit) from b336ce57f2d5cca803a920d2a9e622b588cead3c (commit) - Log ----------------------------------------------------------------- commit 8a59c08583424d59ac30c1261eedff40d653f8b0 Author: Dr. Matthias St. Pierre Date: Fri May 18 00:51:15 2018 +0200 DH: add some basic tests (and comments) Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6273) commit 6db7fadf0975c75bfba01dd939063b4bdcb1a0fe Author: Dr. Matthias St. Pierre Date: Wed May 16 16:18:13 2018 +0200 DH: add simple getters for commonly used DH struct members Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6273) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_lib.c | 25 ++++++++++++++ doc/man3/DH_get0_pqg.pod | 20 ++++++++++-- include/openssl/dh.h | 5 +++ test/dhtest.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++ util/libcrypto.num | 5 +++ 5 files changed, 137 insertions(+), 3 deletions(-) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index a33f324..a61aa4d 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -243,6 +243,31 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } +const BIGNUM *DH_get0_p(const DH *dh) +{ + return dh->p; +} + +const BIGNUM *DH_get0_q(const DH *dh) +{ + return dh->q; +} + +const BIGNUM *DH_get0_g(const DH *dh) +{ + return dh->g; +} + +const BIGNUM *DH_get0_priv_key(const DH *dh) +{ + return dh->priv_key; +} + +const BIGNUM *DH_get0_pub_key(const DH *dh) +{ + return dh->pub_key; +} + void DH_clear_flags(DH *dh, int flags) { dh->flags &= ~flags; diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod index ec476a7..6b25556 100644 --- a/doc/man3/DH_get0_pqg.pod +++ b/doc/man3/DH_get0_pqg.pod @@ -2,9 +2,11 @@ =head1 NAME -DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_clear_flags, -DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, -DH_set_length - Routines for getting and setting data in a DH object +DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, +DH_get0_p, DH_get0_q, DH_get0_g, +DH_get0_priv_key, DH_get0_pub_key, +DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, +DH_get_length, DH_set_length - Routines for getting and setting data in a DH object =head1 SYNOPSIS @@ -16,6 +18,11 @@ DH_set_length - Routines for getting and setting data in a DH object void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); + const BIGNUM *DH_get0_p(const DH *dh); + const BIGNUM *DH_get0_q(const DH *dh); + const BIGNUM *DH_get0_g(const DH *dh); + const BIGNUM *DH_get0_priv_key(const DH *dh); + const BIGNUM *DH_get0_pub_key(const DH *dh); void DH_clear_flags(DH *dh, int flags); int DH_test_flags(const DH *dh, int flags); void DH_set_flags(DH *dh, int flags); @@ -54,6 +61,10 @@ untouched. As with DH_set0_pqg() this function transfers the memory management of the key values to the DH object, and therefore they should not be freed directly after this function has been called. +Any of the values B

      , B, B, B, and B can also be +retrieved separately by the corresponding function DH_get0_p(), DH_get0_q(), +DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key(), respectively. + DH_set_flags() sets the flags in the B parameter on the DH object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. DH_test_flags() tests to see whether the flags @@ -81,6 +92,9 @@ duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg(). DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure. +DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key() +return the respective value. + DH_test_flags() returns the current state of the flags in the DH object. DH_get0_engine() returns the ENGINE set for the DH object or NULL if no ENGINE diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 9a1fdda..3527540 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -183,6 +183,11 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); void DH_clear_flags(DH *dh, int flags); int DH_test_flags(const DH *dh, int flags); void DH_set_flags(DH *dh, int flags); diff --git a/test/dhtest.c b/test/dhtest.c index 96d7027..8f0eec0 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -26,6 +26,11 @@ static int cb(int p, int n, BN_GENCB *arg); static int dh_test(void) { + DH *dh; + BIGNUM *p, *q, *g; + const BIGNUM *p2, *q2, *g2; + BIGNUM *priv_key; + const BIGNUM *pub_key2, *priv_key2; BN_GENCB *_cb = NULL; DH *a = NULL; DH *b = NULL; @@ -39,6 +44,78 @@ static int dh_test(void) int i, alen, blen, clen, aout, bout, cout; int ret = 0; + if (!TEST_ptr(dh = DH_new()) + || !TEST_ptr(p = BN_new()) + || !TEST_ptr(q = BN_new()) + || !TEST_ptr(g = BN_new()) + || !TEST_ptr(priv_key = BN_new())) + goto err; + + /* + * I) basic tests + */ + + /* using a small predefined Sophie Germain DH group with generator 3 */ + if (!TEST_true(BN_set_word(p, 4079L)) + || !TEST_true(BN_set_word(q, 2039L)) + || !TEST_true(BN_set_word(g, 3L)) + || !TEST_true(DH_set0_pqg(dh, p, q, g))) + goto err; + + /* test the combined getter for p, q, and g */ + DH_get0_pqg(dh, &p2, &q2, &g2); + if (!TEST_ptr_eq(p2, p) + || !TEST_ptr_eq(q2, q) + || !TEST_ptr_eq(g2, g)) + goto err; + + /* test the simple getters for p, q, and g */ + if (!TEST_ptr_eq(DH_get0_p(dh), p2) + || !TEST_ptr_eq(DH_get0_q(dh), q2) + || !TEST_ptr_eq(DH_get0_g(dh), g2)) + goto err; + + /* set the private key only*/ + if (!TEST_true(BN_set_word(priv_key, 1234L)) + || !TEST_true(DH_set0_key(dh, NULL, priv_key))) + goto err; + + /* test the combined getter for pub_key and priv_key */ + DH_get0_key(dh, &pub_key2, &priv_key2); + if (!TEST_ptr_eq(pub_key2, NULL) + || !TEST_ptr_eq(priv_key2, priv_key)) + goto err; + + /* test the simple getters for pub_key and priv_key */ + if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2) + || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) + goto err; + + /* now generate a key pair ... */ + if (!DH_generate_key(dh)) + goto err; + + /* ... and check whether the private key was reused: */ + + /* test it with the combined getter for pub_key and priv_key */ + DH_get0_key(dh, &pub_key2, &priv_key2); + if (!TEST_ptr(pub_key2) + || !TEST_ptr_eq(priv_key2, priv_key)) + goto err; + + /* test it the simple getters for pub_key and priv_key */ + if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2) + || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) + goto err; + + /* check whether the public key was calculated correclty */ + TEST_uint_eq(BN_get_word(pub_key2), 3331L); + + /* + * II) key generation + */ + + /* generate a DH group ... */ if (!TEST_ptr(_cb = BN_GENCB_new())) goto err; BN_GENCB_set(_cb, &cb, NULL); @@ -47,6 +124,7 @@ static int dh_test(void) DH_GENERATOR_5, _cb))) goto err; + /* ... and check whether it is valid */ if (!DH_check(a, &i)) goto err; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) @@ -57,6 +135,7 @@ static int dh_test(void) DH_get0_pqg(a, &ap, NULL, &ag); + /* now create another copy of the DH group for the peer */ if (!TEST_ptr(b = DH_new())) goto err; @@ -66,6 +145,10 @@ static int dh_test(void) goto err; bp = bg = NULL; + /* + * III) simulate a key exchange + */ + if (!DH_generate_key(a)) goto err; DH_get0_key(a, &apub_key, NULL); @@ -114,6 +197,8 @@ static int dh_test(void) BN_free(bg); BN_free(cpriv_key); BN_GENCB_free(_cb); + DH_free(dh); + return ret; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 6e7f635..d3351c5 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4528,3 +4528,8 @@ conf_ssl_name_find 4469 1_1_0i EXIST::FUNCTION: conf_ssl_get_cmd 4470 1_1_0i EXIST::FUNCTION: conf_ssl_get 4471 1_1_0i EXIST::FUNCTION: X509_VERIFY_PARAM_get_hostflags 4472 1_1_0i EXIST::FUNCTION: +DH_get0_p 4473 1_1_0i EXIST::FUNCTION:DH +DH_get0_q 4474 1_1_0i EXIST::FUNCTION:DH +DH_get0_g 4475 1_1_0i EXIST::FUNCTION:DH +DH_get0_priv_key 4476 1_1_0i EXIST::FUNCTION:DH +DH_get0_pub_key 4477 1_1_0i EXIST::FUNCTION:DH From no-reply at appveyor.com Fri May 18 08:32:36 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 18 May 2018 08:32:36 +0000 Subject: [openssl-commits] Build failed: openssl master.18066 Message-ID: <20180518083236.1.41D30035815716AC@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Fri May 18 09:20:07 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 18 May 2018 09:20:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526635207.477109.2924.nullmailer@dev.openssl.org> The branch master has been updated via f3021aca4a154c2ff9bd0030f7974eb6a719550d (commit) from 8a59c08583424d59ac30c1261eedff40d653f8b0 (commit) - Log ----------------------------------------------------------------- commit f3021aca4a154c2ff9bd0030f7974eb6a719550d Author: Matt Caswell Date: Thu May 17 16:24:29 2018 +0100 Allow the ca application to use EdDSA Using the ca application to sign certificates with EdDSA failed because it is not possible to set the digest to "null". This adds the capability and updates the documentation accordingly. Fixes #6201 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6286) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 22 +++++++++++++--------- crypto/ec/ecx_meth.c | 2 +- doc/man1/ca.pod | 3 ++- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index afc5e34..60c8f6c 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -735,17 +735,21 @@ end_of_options: if (md == NULL && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) goto end; - if (strcmp(md, "default") == 0) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { - BIO_puts(bio_err, "no default digest\n"); - goto end; + if (strcmp(md, "null") == 0) { + dgst = EVP_md_null(); + } else { + if (strcmp(md, "default") == 0) { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { + BIO_puts(bio_err, "no default digest\n"); + goto end; + } + md = (char *)OBJ_nid2sn(def_nid); } - md = (char *)OBJ_nid2sn(def_nid); - } - if (!opt_md(md, &dgst)) { - goto end; + if (!opt_md(md, &dgst)) { + goto end; + } } if (req) { diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 501daec..ea56df0 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -778,7 +778,7 @@ static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) switch (type) { case EVP_PKEY_CTRL_MD: /* Only NULL allowed as digest */ - if (p2 == NULL) + if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null()) return 1; ECerr(EC_F_PKEY_ECD_CTRL, EC_R_INVALID_DIGEST_TYPE); return 0; diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod index 9b25345..ebd8a43 100644 --- a/doc/man1/ca.pod +++ b/doc/man1/ca.pod @@ -184,7 +184,8 @@ The number of days to certify the certificate for. =item B<-md alg> The message digest to use. -Any digest supported by the OpenSSL B command can be used. +Any digest supported by the OpenSSL B command can be used. If the signing +key is using Ed25519 or Ed448 then you should specify "null" for the digest. This option also applies to CRLs. =item B<-policy arg> From appro at openssl.org Fri May 18 09:38:44 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 18 May 2018 09:38:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526636324.343652.7321.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via ec91c3db211c071248ef3a0b6dd9ef5ebdca5ab5 (commit) from 7e5292ba04deb0fb01e5628bf2e3b32c7d19977d (commit) - Log ----------------------------------------------------------------- commit ec91c3db211c071248ef3a0b6dd9ef5ebdca5ab5 Author: Andy Polyakov Date: Tue May 15 20:31:04 2018 +0200 util/domd: harmonize with compiler detection in Configure. Configure detects if compiler can generate dependency lists for any command name, while this script didn't quite tolerate arbitrary one. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6261) ----------------------------------------------------------------------- Summary of changes: util/domd | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/util/domd b/util/domd index 5a92559..6eb019e 100755 --- a/util/domd +++ b/util/domd @@ -6,7 +6,11 @@ TOP=$1 shift if [ "$1" = "-MD" ]; then shift - MAKEDEPEND=$1 + MAKEDEPEND="" + while [ "$1" != "--" ]; do + MAKEDEPEND="$MAKEDEPEND $1" + shift + done shift fi if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi @@ -16,8 +20,11 @@ mv Makefile Makefile.save cp Makefile.save Makefile # fake the presence of Kerberos touch $TOP/krb5.h -if ${MAKEDEPEND} --version 2>&1 | grep "clang" > /dev/null || - echo $MAKEDEPEND | grep "gcc" > /dev/null; then +if expr "$MAKEDEPEND" : ".*makedepend" > /dev/null; then + ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \ + ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new + RC=$? +else args="" while [ $# -gt 0 ]; do if [ "$1" != "--" ]; then args="$args $1"; fi @@ -29,10 +36,6 @@ if ${MAKEDEPEND} --version 2>&1 | grep "clang" > /dev/null || ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new RC=$? rm -f Makefile.tmp -else - ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \ - ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new - RC=$? fi if cmp -s Makefile.save Makefile.new; then mv Makefile.save Makefile From appro at openssl.org Fri May 18 10:01:39 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 18 May 2018 10:01:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526637699.036875.12653.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 4e07941373ac17086ab4e601950c4ca148e8bb31 (commit) from 4652a14b787faf192370ef821564e3f5c7afda92 (commit) - Log ----------------------------------------------------------------- commit 4e07941373ac17086ab4e601950c4ca148e8bb31 Author: FdaSilvaYY Date: Mon Apr 30 01:13:58 2018 +0200 apps/speed: fix possible OOB access in some EC arrays because there are actually 17 curves defined, but only 16 are plugged for ecdsa test. Deduce array size using OSSL_NELEM and so remove various magic numbers, which required some declarations moving. Implement OPT_PAIR list search without a null-ending element. Fix some comparison between signed and unsigned integer expressions. cherry-picking from commit 5c6a69f539. Partial Back-port of #6133 to 1.1.0 Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6245) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 227 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 111 insertions(+), 116 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index b0a7b6e..3ef37b7 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -129,13 +129,6 @@ #define BUFSIZE (1024*16+1) #define MAX_MISALIGNMENT 63 -#define ALGOR_NUM 30 -#define SIZE_NUM 6 -#define PRIME_NUM 3 -#define RSA_NUM 7 -#define DSA_NUM 3 - -#define EC_NUM 17 #define MAX_ECDH_SIZE 256 #define MISALIGN 64 @@ -144,37 +137,6 @@ static volatile int run = 0; static int mr = 0; static int usertime = 1; -typedef void *(*kdf_fn) ( - const void *in, size_t inlen, void *out, size_t *xoutlen); - -typedef struct loopargs_st { - ASYNC_JOB *inprogress_job; - ASYNC_WAIT_CTX *wait_ctx; - unsigned char *buf; - unsigned char *buf2; - unsigned char *buf_malloc; - unsigned char *buf2_malloc; - unsigned int siglen; -#ifndef OPENSSL_NO_RSA - RSA *rsa_key[RSA_NUM]; -#endif -#ifndef OPENSSL_NO_DSA - DSA *dsa_key[DSA_NUM]; -#endif -#ifndef OPENSSL_NO_EC - EC_KEY *ecdsa[EC_NUM]; - EC_KEY *ecdh_a[EC_NUM]; - EC_KEY *ecdh_b[EC_NUM]; - unsigned char *secret_a; - unsigned char *secret_b; - size_t outlen; - kdf_fn kdf; -#endif - EVP_CIPHER_CTX *ctx; - HMAC_CTX *hctx; - GCM128_CONTEXT *gcm_ctx; -} loopargs_t; - #ifndef OPENSSL_NO_MD2 static int EVP_Digest_MD2_loop(void *args); #endif @@ -227,7 +189,6 @@ static int ECDSA_sign_loop(void *args); static int ECDSA_verify_loop(void *args); static int ECDH_compute_key_loop(void *args); #endif -static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs); static double Time_F(int s); static void print_message(const char *s, long num, int length); @@ -238,32 +199,10 @@ static void print_result(int alg, int run_no, int count, double time_used); static int do_multi(int multi); #endif -static const char *names[ALGOR_NUM] = { - "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", - "des cbc", "des ede3", "idea cbc", "seed cbc", - "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", - "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", - "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", - "evp", "sha256", "sha512", "whirlpool", - "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" -}; - -static double results[ALGOR_NUM][SIZE_NUM]; - -static const int lengths[SIZE_NUM] = { +static const int lengths[] = { 16, 64, 256, 1024, 8 * 1024, 16 * 1024 }; - -#ifndef OPENSSL_NO_RSA -static double rsa_results[RSA_NUM][2]; -#endif -#ifndef OPENSSL_NO_DSA -static double dsa_results[DSA_NUM][2]; -#endif -#ifndef OPENSSL_NO_EC -static double ecdsa_results[EC_NUM][2]; -static double ecdh_results[EC_NUM][1]; -#endif +#define SIZE_NUM OSSL_NELEM(lengths) #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) static const char rnd_seed[] = @@ -348,9 +287,14 @@ static double Time_F(int s) static void multiblock_speed(const EVP_CIPHER *evp_cipher); -static int found(const char *name, const OPT_PAIR *pairs, int *result) +#define found(value, pairs, result)\ + opt_found(value, result, pairs, OSSL_NELEM(pairs)) +static int opt_found(const char *name, unsigned int *result, + const OPT_PAIR pairs[], unsigned int nbelem) { - for (; pairs->name; pairs++) + unsigned int idx; + + for (idx = 0; idx < nbelem; ++idx, pairs++) if (strcmp(name, pairs->name) == 0) { *result = pairs->retval; return 1; @@ -387,7 +331,7 @@ OPTIONS speed_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - {NULL}, + {NULL} }; #define D_MD2 0 @@ -420,7 +364,19 @@ OPTIONS speed_options[] = { #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 -static OPT_PAIR doit_choices[] = { +/* name of algorithms to test */ +static const char *names[] = { + "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", + "des cbc", "des ede3", "idea cbc", "seed cbc", + "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", + "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", + "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", + "evp", "sha256", "sha512", "whirlpool", + "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" +}; +#define ALGOR_NUM OSSL_NELEM(names) +/* list of configured algorithm (remaining) */ +static const OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 {"md2", D_MD2}, #endif @@ -484,21 +440,24 @@ static OPT_PAIR doit_choices[] = { {"cast", D_CBC_CAST}, {"cast5", D_CBC_CAST}, #endif - {"ghash", D_GHASH}, - {NULL} + {"ghash", D_GHASH} }; +static double results[ALGOR_NUM][SIZE_NUM]; + #ifndef OPENSSL_NO_DSA # define R_DSA_512 0 # define R_DSA_1024 1 # define R_DSA_2048 2 -static OPT_PAIR dsa_choices[] = { +static const OPT_PAIR dsa_choices[] = { {"dsa512", R_DSA_512}, {"dsa1024", R_DSA_1024}, - {"dsa2048", R_DSA_2048}, - {NULL}, + {"dsa2048", R_DSA_2048} }; -#endif +# define DSA_NUM OSSL_NELEM(dsa_choices) + +static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_DSA */ #define R_RSA_512 0 #define R_RSA_1024 1 @@ -507,16 +466,18 @@ static OPT_PAIR dsa_choices[] = { #define R_RSA_4096 4 #define R_RSA_7680 5 #define R_RSA_15360 6 -static OPT_PAIR rsa_choices[] = { +static const OPT_PAIR rsa_choices[] = { {"rsa512", R_RSA_512}, {"rsa1024", R_RSA_1024}, {"rsa2048", R_RSA_2048}, {"rsa3072", R_RSA_3072}, {"rsa4096", R_RSA_4096}, {"rsa7680", R_RSA_7680}, - {"rsa15360", R_RSA_15360}, - {NULL} + {"rsa15360", R_RSA_15360} }; +# define RSA_NUM OSSL_NELEM(rsa_choices) + +static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #define R_EC_P160 0 #define R_EC_P192 1 @@ -536,7 +497,7 @@ static OPT_PAIR rsa_choices[] = { #define R_EC_B571 15 #define R_EC_X25519 16 #ifndef OPENSSL_NO_EC -static OPT_PAIR ecdsa_choices[] = { +static const OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, {"ecdsap192", R_EC_P192}, {"ecdsap224", R_EC_P224}, @@ -552,11 +513,13 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab233", R_EC_B233}, {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, - {"ecdsab571", R_EC_B571}, - {NULL} + {"ecdsab571", R_EC_B571} }; +# define ECDSA_NUM OSSL_NELEM(ecdsa_choices) + +static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ -static OPT_PAIR ecdh_choices[] = { +static const OPT_PAIR ecdh_choices[] = { {"ecdhp160", R_EC_P160}, {"ecdhp192", R_EC_P192}, {"ecdhp224", R_EC_P224}, @@ -576,7 +539,10 @@ static OPT_PAIR ecdh_choices[] = { {"ecdhx25519", R_EC_X25519}, {NULL} }; -#endif +# define EC_NUM OSSL_NELEM(ecdh_choices) + +static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ +#endif /* OPENSSL_NO_EC */ #ifndef SIGALRM # define COND(d) (count < (d)) @@ -586,7 +552,40 @@ static OPT_PAIR ecdh_choices[] = { # define COUNT(d) (count) #endif /* SIGALRM */ -static int testnum; +static unsigned int testnum; +typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out, + size_t *xoutlen); + +typedef struct loopargs_st { + ASYNC_JOB *inprogress_job; + ASYNC_WAIT_CTX *wait_ctx; + unsigned char *buf; + unsigned char *buf2; + unsigned char *buf_malloc; + unsigned char *buf2_malloc; + unsigned int siglen; +#ifndef OPENSSL_NO_RSA + RSA *rsa_key[RSA_NUM]; +#endif +#ifndef OPENSSL_NO_DSA + DSA *dsa_key[DSA_NUM]; +#endif +#ifndef OPENSSL_NO_EC + EC_KEY *ecdsa[ECDSA_NUM]; + EC_KEY *ecdh_a[EC_NUM]; + EC_KEY *ecdh_b[EC_NUM]; + unsigned char *secret_a; + unsigned char *secret_b; + size_t outlen; + kdf_fn kdf; +#endif + EVP_CIPHER_CTX *ctx; + HMAC_CTX *hctx; + GCM128_CONTEXT *gcm_ctx; +} loopargs_t; + +static int run_benchmark(int async_jobs, int (*loop_function) (void *), + loopargs_t * loopargs); /* Nb of iterations to do per algorithm and key-size */ static long c[ALGOR_NUM][SIZE_NUM]; @@ -995,7 +994,7 @@ static int DSA_verify_loop(void *args) #endif #ifndef OPENSSL_NO_EC -static long ecdsa_c[EC_NUM][2]; +static long ecdsa_c[ECDSA_NUM][2]; static int ECDSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **)args; @@ -1222,26 +1221,23 @@ int speed_main(int argc, char **argv) { ENGINE *e = NULL; loopargs_t *loopargs = NULL; - int async_init = 0; - int loopargs_len = 0; - char *prog; + const char *prog; const char *engine_id = NULL; const EVP_CIPHER *evp_cipher = NULL; double d = 0.0; OPTION_CHOICE o; - int multiblock = 0, pr_header = 0; + int async_init = 0, multiblock = 0, pr_header = 0; int doit[ALGOR_NUM] = { 0 }; - int ret = 1, i, k, misalign = 0; + int ret = 1, misalign = 0; long count = 0; + unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0; #ifndef NO_FORK int multi = 0; #endif - unsigned int async_jobs = 0; #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \ || !defined(OPENSSL_NO_EC) long rsa_count = 1; #endif - size_t loop; /* What follows are the buffers and key material. */ #ifndef OPENSSL_NO_RC5 @@ -1325,7 +1321,7 @@ int speed_main(int argc, char **argv) /* * We only test over the following curves as they are representative, To * add tests over more curves, simply add the curve NID and curve name to - * the following arrays and increase the EC_NUM value accordingly. + * the following arrays and increase the |ecdh_choices| list accordingly. */ static const unsigned int test_curves[EC_NUM] = { /* Prime Curves */ @@ -1360,7 +1356,7 @@ int speed_main(int argc, char **argv) 571, 253 /* X25519 */ }; - int ecdsa_doit[EC_NUM] = { 0 }; + int ecdsa_doit[ECDSA_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; #endif /* ndef OPENSSL_NO_EC */ @@ -1418,9 +1414,7 @@ int speed_main(int argc, char **argv) goto opterr; } if (async_jobs > 99999) { - BIO_printf(bio_err, - "%s: too many async_jobs\n", - prog); + BIO_printf(bio_err, "%s: too many async_jobs\n", prog); goto opterr; } #endif @@ -1471,10 +1465,8 @@ int speed_main(int argc, char **argv) if (strcmp(*argv, "openssl") == 0) continue; if (strcmp(*argv, "rsa") == 0) { - rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = - rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = - rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = - rsa_doit[R_RSA_15360] = 1; + for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) + rsa_doit[loop] = 1; continue; } if (found(*argv, rsa_choices, &i)) { @@ -1507,8 +1499,8 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_EC if (strcmp(*argv, "ecdsa") == 0) { - for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) - ecdsa_doit[ecdsa_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; continue; } if (found(*argv, ecdsa_choices, &i)) { @@ -1516,8 +1508,8 @@ int speed_main(int argc, char **argv) continue; } if (strcmp(*argv, "ecdh") == 0) { - for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++) - ecdh_doit[ecdh_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; continue; } if (found(*argv, ecdh_choices, &i)) { @@ -1584,10 +1576,10 @@ int speed_main(int argc, char **argv) dsa_doit[i] = 1; #endif #ifndef OPENSSL_NO_EC - for (loop = 0; loop < OSSL_NELEM(ecdsa_choices); loop++) - ecdsa_doit[ecdsa_choices[loop].retval] = 1; - for (loop = 0; loop < OSSL_NELEM(ecdh_choices); loop++) - ecdh_doit[ecdh_choices[loop].retval] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) @@ -1850,6 +1842,8 @@ int speed_main(int argc, char **argv) } } } + /* default iteration count for the last EC Curve */ + ecdh_c[R_EC_X25519][0] = count / 1800; # endif # else @@ -2472,7 +2466,7 @@ int speed_main(int argc, char **argv) if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof(rnd_seed)); } - for (testnum = 0; testnum < EC_NUM; testnum++) { + for (testnum = 0; testnum < ECDSA_NUM; testnum++) { int st = 1; if (!ecdsa_doit[testnum]) @@ -2584,7 +2578,7 @@ int speed_main(int argc, char **argv) ecdh_checks = 0; rsa_count = 1; } else { - int secret_size_a, secret_size_b; + int secret_size_a, secret_size_b, j; /* * If field size is not more than 24 octets, then use SHA-1 * hash of result; otherwise, use result (see section 4.8 of @@ -2613,8 +2607,8 @@ int speed_main(int argc, char **argv) else ecdh_checks = 1; - for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) { - if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k]) + for (j = 0; j < secret_size_a && ecdh_checks == 1; j++) { + if (loopargs[i].secret_a[j] != loopargs[i].secret_b[j]) ecdh_checks = 0; } @@ -2644,7 +2638,7 @@ int speed_main(int argc, char **argv) if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ - for (testnum++; testnum < EC_NUM; testnum++) + for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++) ecdh_doit[testnum] = 0; } } @@ -2693,7 +2687,7 @@ int speed_main(int argc, char **argv) if (!doit[k]) continue; if (mr) - printf("+F:%d:%s", k, names[k]); + printf("+F:%u:%s", k, names[k]); else printf("%-13s", names[k]); for (testnum = 0; testnum < SIZE_NUM; testnum++) { @@ -2742,7 +2736,7 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_EC testnum = 1; - for (k = 0; k < EC_NUM; k++) { + for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) { if (!ecdsa_doit[k]) continue; if (testnum && !mr) { @@ -2800,8 +2794,9 @@ int speed_main(int argc, char **argv) DSA_free(loopargs[i].dsa_key[k]); #endif #ifndef OPENSSL_NO_EC - for (k = 0; k < EC_NUM; k++) { + for (k = 0; k < ECDSA_NUM; k++) EC_KEY_free(loopargs[i].ecdsa[k]); + for (k = 0; k < EC_NUM; k++) { EC_KEY_free(loopargs[i].ecdh_a[k]); EC_KEY_free(loopargs[i].ecdh_b[k]); } @@ -2950,7 +2945,7 @@ static int do_multi(int multi) printf("Got: %s from %d\n", buf, n); if (strncmp(buf, "+F:", 3) == 0) { int alg; - int j; + unsigned int j; p = buf + 3; alg = atoi(sstrsep(&p, sep)); From no-reply at appveyor.com Fri May 18 10:07:01 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 18 May 2018 10:07:01 +0000 Subject: [openssl-commits] Build completed: openssl master.18067 Message-ID: <20180518100701.1.FAD087BCEB8EC1E1@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri May 18 10:37:11 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 18 May 2018 10:37:11 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1526639831.195735.28864.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: b336ce5 Make BN_GF2m_mod_arr more constant time c22365b Improve testing of tickets with post-handshake auth 56548e8 Add documentation for the ability to control the number of tickets 36ff232 Change the default number of NewSessionTickets we send to 2 394159d Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF 9d0a8bb Enable the ability to set the number of TLSv1.3 session tickets sent 029c11c Add a note on CHANGES and NEWS in CONTRIBUTING Build log ended with (last 100 lines): clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/stack_test.d.tmp -MT test/stack_test.o -c -o test/stack_test.o ../openssl/test/stack_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sysdefaulttest.d.tmp -MT test/sysdefaulttest.o -c -o test/sysdefaulttest.o ../openssl/test/sysdefaulttest.c ../openssl/test/sslapitest.c:1193:19: error: use of undeclared identifier 'new_called' sesscache[new_called] = sess; ^ ../openssl/test/sslapitest.c:1198:5: error: use of undeclared identifier 'new_called' new_called++; ^ ../openssl/test/sslapitest.c:1229:5: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1251:34: error: use of undeclared identifier 'new_called' || !TEST_int_eq(idx, new_called)) ^ ../openssl/test/sslapitest.c:1256:38: error: use of undeclared identifier 'new_called' || !TEST_int_eq(idx * 2, new_called)) ^ ../openssl/test/sslapitest.c:1270:9: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1282:33: error: use of undeclared identifier 'new_called' || !TEST_int_eq(new_called, 1)) ^ ../openssl/test/sslapitest.c:1285:9: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1288:33: error: use of undeclared identifier 'new_called' || !TEST_int_eq(new_called, 1)) ^ clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/test_test.d.tmp -MT test/test_test.o -c -o test/test_test.o ../openssl/test/test_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/threadstest.d.tmp -MT test/threadstest.o -c -o test/threadstest.o ../openssl/test/threadstest.c 9 errors generated. Makefile:9120: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-tls' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From matthias.st.pierre at ncp-e.com Sat May 19 23:23:45 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sat, 19 May 2018 23:23:45 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526772225.916784.18200.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2392eb77d237684a32b1290fc9e3d0e2f3b08554 (commit) from 4e07941373ac17086ab4e601950c4ca148e8bb31 (commit) - Log ----------------------------------------------------------------- commit 2392eb77d237684a32b1290fc9e3d0e2f3b08554 Author: Bernd Edlinger Date: Thu Mar 29 11:27:29 2018 +0200 Fix a possible crash in BN_from_montgomery_word Thanks to Darovskikh Andrei for for reporting this issue. Fixes: #5785 Fixes: #6302 Cherry-picked from f91e026e3832 (without test/bntest.c) Reviewed-by: Rich Salz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6310) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mont.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index c0c1746..dad3d07 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -95,6 +95,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) /* clear the top words of T */ i = max - r->top; + if (i < 0) + return 0; if (i) memset(&rp[r->top], 0, sizeof(*rp) * i); From levitte at openssl.org Sun May 20 07:49:11 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 20 May 2018 07:49:11 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526802551.864573.704.nullmailer@dev.openssl.org> The branch master has been updated via c1c1783d45a5e91951e6328a820939d0256c841c (commit) from f3021aca4a154c2ff9bd0030f7974eb6a719550d (commit) - Log ----------------------------------------------------------------- commit c1c1783d45a5e91951e6328a820939d0256c841c Author: Richard Levitte Date: Thu May 17 09:53:14 2018 +0200 Restore check of |*xn| against |name| in X509_NAME_set A previous change of this function introduced a fragility when the destination happens to be the same as the source. Such alias isn't recommended, but could still happen, for example in this kind of code: X509_NAME *subject = X509_get_issuer_name(x); /* ... some code passes ... */ X509_set_issuer_name(x, subject); Fixes #4710 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6280) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x_name.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index aec3459..a1e9bbd 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -481,6 +481,8 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { + if (*xn == name) + return *xn != NULL; if ((name = X509_NAME_dup(name)) == NULL) return 0; X509_NAME_free(*xn); From levitte at openssl.org Sun May 20 07:50:11 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 20 May 2018 07:50:11 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526802611.432154.1750.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 6fc92032e02bb17cb7486e71aafdc1905497693a (commit) from 2392eb77d237684a32b1290fc9e3d0e2f3b08554 (commit) - Log ----------------------------------------------------------------- commit 6fc92032e02bb17cb7486e71aafdc1905497693a Author: Richard Levitte Date: Thu May 17 09:53:14 2018 +0200 Restore check of |*xn| against |name| in X509_NAME_set A previous change of this function introduced a fragility when the destination happens to be the same as the source. Such alias isn't recommended, but could still happen, for example in this kind of code: X509_NAME *subject = X509_get_issuer_name(x); /* ... some code passes ... */ X509_set_issuer_name(x, subject); Fixes #4710 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6280) (cherry picked from commit c1c1783d45a5e91951e6328a820939d0256c841c) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x_name.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index 0af5df5..8e717dc 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -472,6 +472,8 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { + if (*xn == name) + return *xn != NULL; if ((name = X509_NAME_dup(name)) == NULL) return 0; X509_NAME_free(*xn); From scan-admin at coverity.com Sun May 20 08:04:39 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 20 May 2018 08:04:39 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b012c16d6b1a_ba12ab1dd750f5871416@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2-2BfQOoNrET4-2BH2p3tKqre-2FuFdbsYYUJMw8U3qtQOjw8wPhAqEuooxoNh61XWDvcFbSrOEGTX1uI6g1Fh-2BOpTcuITBsg7c1gHUsY8YJs8OozBt3Flokil-2F0Y-2F-2Bxuj3G3Q-2BWUZPyAZk-2FGpSYJtR33UgJLH13xeA7jgs0TRXK6WHzOkB40vFSUD7Qo4wPbbcTY5o-3D Build ID: 211801 Analysis Summary: New defects found: 0 Defects eliminated: 0 From levitte at openssl.org Sun May 20 08:07:54 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 20 May 2018 08:07:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526803674.116801.5223.nullmailer@dev.openssl.org> The branch master has been updated via dad886806f8bbf7fa0e82776e2ea8a23733b9a63 (commit) from c1c1783d45a5e91951e6328a820939d0256c841c (commit) - Log ----------------------------------------------------------------- commit dad886806f8bbf7fa0e82776e2ea8a23733b9a63 Author: Todd Short Date: Mon May 14 10:41:06 2018 -0400 Fix no-srtp build warnings Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6255) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 4 ++++ apps/s_server.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/apps/s_client.c b/apps/s_client.c index 96f9da6..5934236 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -935,7 +935,9 @@ int s_client_main(int argc, char **argv) int srp_lateuser = 0; SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; #endif +#ifndef OPENSSL_NO_SRTP char *srtp_profiles = NULL; +#endif #ifndef OPENSSL_NO_CT char *ctlog_file = NULL; int ct_validation = 0; @@ -1422,7 +1424,9 @@ int s_client_main(int argc, char **argv) noservername = 1; break; case OPT_USE_SRTP: +#ifndef OPENSSL_NO_SRTP srtp_profiles = opt_arg(); +#endif break; case OPT_KEYMATEXPORT: keymatexportlabel = opt_arg(); diff --git a/apps/s_server.c b/apps/s_server.c index 5d53250..6180617 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1020,7 +1020,9 @@ int s_server_main(int argc, char *argv[]) char *srpuserseed = NULL; char *srp_verifier_file = NULL; #endif +#ifndef OPENSSL_NO_SRTP char *srtp_profiles = NULL; +#endif int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; int s_server_verify = SSL_VERIFY_NONE; int s_server_session_id_context = 1; /* anything will do */ @@ -1527,7 +1529,9 @@ int s_server_main(int argc, char *argv[]) alpn_in = opt_arg(); break; case OPT_SRTP_PROFILES: +#ifndef OPENSSL_NO_SRTP srtp_profiles = opt_arg(); +#endif break; case OPT_KEYMATEXPORT: keymatexportlabel = opt_arg(); From levitte at openssl.org Sun May 20 08:09:42 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 20 May 2018 08:09:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526803782.168177.6301.nullmailer@dev.openssl.org> The branch master has been updated via 6439e343fa64f06941197d085acd11bd13856596 (commit) from dad886806f8bbf7fa0e82776e2ea8a23733b9a63 (commit) - Log ----------------------------------------------------------------- commit 6439e343fa64f06941197d085acd11bd13856596 Author: Richard Levitte Date: Sat May 19 07:22:10 2018 +0200 Quiet pod2html warnings --quiet stops warnings of this sort: Cannot find "BIO_read_ex" in podpath: cannot find suitable replacement path, cannot resolve link We know what causes these warnings, it's perfectly innocuous, and we don't want to hear it any more. Partial fix for #3254 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6304) ----------------------------------------------------------------------- Summary of changes: util/process_docs.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/process_docs.pl b/util/process_docs.pl index ef79a1f..e1e741e 100755 --- a/util/process_docs.pl +++ b/util/process_docs.pl @@ -98,7 +98,7 @@ foreach my $section (sort @{$options{section}}) { my $suffix = { man => ".$podinfo{section}".($options{suffix} // ""), html => ".html" } -> {$options{type}}; my $generate = { man => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"", - html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man3:man5:man7 \"--infile=$podpath\" \"--title=$podname\"" + html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man3:man5:man7 \"--infile=$podpath\" \"--title=$podname\" --quiet" } -> {$options{type}}; my $output_dir = catdir($options{destdir}, "man$podinfo{section}"); my $output_file = $podname . $suffix; From levitte at openssl.org Sun May 20 08:11:41 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 20 May 2018 08:11:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526803901.303290.7655.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via dd1477ced7f3679d8177f942219e96fa86b37234 (commit) from 6fc92032e02bb17cb7486e71aafdc1905497693a (commit) - Log ----------------------------------------------------------------- commit dd1477ced7f3679d8177f942219e96fa86b37234 Author: Richard Levitte Date: Sat May 19 07:22:10 2018 +0200 Quiet pod2html warnings --quiet stops warnings of this sort: Cannot find "BIO_read_ex" in podpath: cannot find suitable replacement path, cannot resolve link We know what causes these warnings, it's perfectly innocuous, and we don't want to hear it any more. Partial fix for #3254 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6304) (cherry picked from commit 6439e343fa64f06941197d085acd11bd13856596) ----------------------------------------------------------------------- Summary of changes: util/process_docs.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/process_docs.pl b/util/process_docs.pl index 0e46a0a..6a0a0df 100755 --- a/util/process_docs.pl +++ b/util/process_docs.pl @@ -101,7 +101,7 @@ foreach my $subdir (keys %{$options{subdir}}) { my $suffix = { man => ".$podinfo{section}".($options{suffix} // ""), html => ".html" } -> {$options{type}}; my $generate = { man => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"", - html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=apps:crypto:ssl \"--infile=$podpath\" \"--title=$podname\"" + html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=apps:crypto:ssl \"--infile=$podpath\" \"--title=$podname\" --quiet" } -> {$options{type}}; my $output_dir = catdir($options{destdir}, "man$podinfo{section}"); my $output_file = $podname . $suffix; From levitte at openssl.org Sun May 20 08:14:06 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 20 May 2018 08:14:06 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526804046.210029.8800.nullmailer@dev.openssl.org> The branch master has been updated via 246bd8fd0507f4555432c148eed5a9322c113bf5 (commit) from 6439e343fa64f06941197d085acd11bd13856596 (commit) - Log ----------------------------------------------------------------- commit 246bd8fd0507f4555432c148eed5a9322c113bf5 Author: Richard Levitte Date: Sat May 19 07:09:19 2018 +0200 Windows: don't install __DECC_*.H This adds the possibility to exclude files by regexp in util/copy.pl Partial fix for #3254 Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6303) ----------------------------------------------------------------------- Summary of changes: Configurations/windows-makefile.tmpl | 3 ++- util/copy.pl | 10 ++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 49af571..11acdf0 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -412,7 +412,8 @@ install_dev: @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" @rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -} - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \ + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ + "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \ "$(INSTALLTOP)\include\openssl" diff --git a/util/copy.pl b/util/copy.pl index f93fb25..ca4697a 100644 --- a/util/copy.pl +++ b/util/copy.pl @@ -18,6 +18,7 @@ use Fcntl; my $stripcr = 0; my $arg; +my @excludes = (); foreach $arg (@ARGV) { if ($arg eq "-stripcr") @@ -25,11 +26,16 @@ foreach $arg (@ARGV) { $stripcr = 1; next; } + if ($arg =~ /^-exclude_re=(.*)$/) + { + push @excludes, $1; + next; + } $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob... $arg = qq("$arg") if ($arg =~ /\s/); # compensate for bug in 5.10... - foreach (glob $arg) + foreach my $f (glob $arg) { - push @filelist, $_; + push @filelist, $f unless grep { $f =~ /$_/ } @excludes; } } From levitte at openssl.org Sun May 20 08:16:06 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 20 May 2018 08:16:06 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526804166.538466.9988.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 12843c7307900e124ee0407535cab5534fc27dad (commit) from dd1477ced7f3679d8177f942219e96fa86b37234 (commit) - Log ----------------------------------------------------------------- commit 12843c7307900e124ee0407535cab5534fc27dad Author: Richard Levitte Date: Sat May 19 07:09:19 2018 +0200 Windows: don't install __DECC_*.H This adds the possibility to exclude files by regexp in util/copy.pl Partial fix for #3254 Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6303) (cherry picked from commit 246bd8fd0507f4555432c148eed5a9322c113bf5) ----------------------------------------------------------------------- Summary of changes: Configurations/windows-makefile.tmpl | 3 ++- util/copy.pl | 10 ++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index e3e213f..a2fd762 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -292,7 +292,8 @@ install_dev: @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" @rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \ + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ + "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \ "$(INSTALLTOP)\include\openssl" diff --git a/util/copy.pl b/util/copy.pl index 01964f5..1a9cb71 100644 --- a/util/copy.pl +++ b/util/copy.pl @@ -18,6 +18,7 @@ use Fcntl; my $stripcr = 0; my $arg; +my @excludes = (); foreach $arg (@ARGV) { if ($arg eq "-stripcr") @@ -25,11 +26,16 @@ foreach $arg (@ARGV) { $stripcr = 1; next; } + if ($arg =~ /^-exclude_re=(.*)$/) + { + push @excludes, $1; + next; + } $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob... $arg = qq("$arg") if ($arg =~ /\s/); # compensate for bug in 5.10... - foreach (glob $arg) + foreach my $f (glob $arg) { - push @filelist, $_; + push @filelist, $f unless grep { $f =~ /$_/ } @excludes; } } From scan-admin at coverity.com Sun May 20 08:16:16 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 20 May 2018 08:16:16 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b012ed012766_13dc2ab1dd750f5871435@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I27VUhsFG0AhXkmijd8lg8Z3Tinrt28x-2FJ4R2Xg-2FtbgBz-2BKtVRvmn5mvm90fZfpAj6zyjJrAnNaNmnINO5ca9hkeRk-2BoIS7JKd8v6zq2-2FyO5S-2BnZ2nTSFqshgtIa65RDaDSHo-2FQp-2F0EmTBCKVmYzeMFBXvC9YWhJcP43EbHOPqVcS213W-2BQCptWsHErZpq64S0-3D Build ID: 211804 Analysis Summary: New defects found: 0 Defects eliminated: 0 From no-reply at appveyor.com Sun May 20 18:35:00 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 20 May 2018 18:35:00 +0000 Subject: [openssl-commits] Build failed: openssl master.18098 Message-ID: <20180520183500.1.FF510AB7C0161519@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun May 20 18:56:55 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 20 May 2018 18:56:55 +0000 Subject: [openssl-commits] Build completed: openssl master.18099 Message-ID: <20180520185655.1.3062185FABCDCF13@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon May 21 01:08:20 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 21 May 2018 01:08:20 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1526864900.110540.7359.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 246bd8f Windows: don't install __DECC_*.H 6439e34 Quiet pod2html warnings dad8868 Fix no-srtp build warnings c1c1783 Restore check of |*xn| against |name| in X509_NAME_set f3021ac Allow the ca application to use EdDSA 8a59c08 DH: add some basic tests (and comments) 6db7fad DH: add simple getters for commonly used DH struct members Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c ../openssl/test/sslapitest.c:1220:12: error: unused function 'test_tickets' [-Werror,-Wunused-function] static int test_tickets(int idx) ^ 1 error generated. Makefile:8718: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From matt at openssl.org Mon May 21 09:33:19 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 21 May 2018 09:33:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526895199.119566.30795.nullmailer@dev.openssl.org> The branch master has been updated via 511190b691183a1fb160e7e05e2974dc73cab0c6 (commit) from 246bd8fd0507f4555432c148eed5a9322c113bf5 (commit) - Log ----------------------------------------------------------------- commit 511190b691183a1fb160e7e05e2974dc73cab0c6 Author: Matt Caswell Date: Wed May 16 11:59:47 2018 +0100 Fix undefined behaviour in X509_NAME_cmp() If the lengths of both names is 0 then don't attempt to do a memcmp. Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6291) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_cmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 3d4931b..67c1872 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -173,7 +173,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) ret = a->canon_enclen - b->canon_enclen; - if (ret) + if (ret != 0 || a->canon_enclen == 0) return ret; return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); From matt at openssl.org Mon May 21 09:33:40 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 21 May 2018 09:33:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526895220.853448.31645.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via bbe75a29dfdb6561f21b7d010ac18c52da4beb78 (commit) from 12843c7307900e124ee0407535cab5534fc27dad (commit) - Log ----------------------------------------------------------------- commit bbe75a29dfdb6561f21b7d010ac18c52da4beb78 Author: Matt Caswell Date: Wed May 16 11:59:47 2018 +0100 Fix undefined behaviour in X509_NAME_cmp() If the lengths of both names is 0 then don't attempt to do a memcmp. Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6291) (cherry picked from commit 511190b691183a1fb160e7e05e2974dc73cab0c6) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_cmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 0105635..8ac9efe 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -174,7 +174,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) ret = a->canon_enclen - b->canon_enclen; - if (ret) + if (ret != 0 || a->canon_enclen == 0) return ret; return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); From matt at openssl.org Mon May 21 09:33:58 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 21 May 2018 09:33:58 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1526895238.246504.32417.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f2bb6b8d81944261f65e3231f6eb707a9185162a (commit) from ec91c3db211c071248ef3a0b6dd9ef5ebdca5ab5 (commit) - Log ----------------------------------------------------------------- commit f2bb6b8d81944261f65e3231f6eb707a9185162a Author: Matt Caswell Date: Wed May 16 11:59:47 2018 +0100 Fix undefined behaviour in X509_NAME_cmp() If the lengths of both names is 0 then don't attempt to do a memcmp. Issue reported by Simon Friedberger, Robert Merget and Juraj Somorovsky. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6291) (cherry picked from commit 511190b691183a1fb160e7e05e2974dc73cab0c6) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_cmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 49c71b9..2d82f8f 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -219,7 +219,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) ret = a->canon_enclen - b->canon_enclen; - if (ret) + if (ret != 0 || a->canon_enclen == 0) return ret; return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); From matt at openssl.org Mon May 21 09:40:41 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 21 May 2018 09:40:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526895641.592320.2450.nullmailer@dev.openssl.org> The branch master has been updated via ee94ec2ef88e0ec25dedf2829d8e48dff0aa1c50 (commit) from 511190b691183a1fb160e7e05e2974dc73cab0c6 (commit) - Log ----------------------------------------------------------------- commit ee94ec2ef88e0ec25dedf2829d8e48dff0aa1c50 Author: Matt Caswell Date: Fri May 18 11:31:31 2018 +0100 Don't cache stateless tickets in TLSv1.3 In TLSv1.2 and below we always cache new sessions by default on the server side in the internal cache (even when we're using session tickets). This is in order to support resumption from a session id. In TLSv1.3 there is no session id. It is only possible to resume using the ticket. Therefore, in the default case, there is no point in caching the session in the internal store. There is still a reason to call the external cache new session callback because applications may be using the callbacks just to know about when sessions are created (and not necessarily implementing a full cache). If the application also implements the remove session callback then we are forced to also store it in the internal cache so that we can create timeout events. Otherwise the external cache could just fill up indefinitely. This mostly addresses the issue described in #5628. That issue also proposes having an option to not create full stateless tickets when using the internal cache. That aspect hasn't been addressed yet. Reviewed-by: Rich Salz Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/6293) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 34 +++++++++++++++++++++++++++------- test/sslapitest.c | 21 +++++++++++++++++---- 2 files changed, 44 insertions(+), 11 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c38fc58..1dd355d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3365,13 +3365,33 @@ void ssl_update_cache(SSL *s, int mode) i = s->session_ctx->session_cache_mode; if ((i & mode) != 0 - && (!s->hit || SSL_IS_TLS13(s)) - && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0 - || SSL_CTX_add_session(s->session_ctx, s->session)) - && s->session_ctx->new_session_cb != NULL) { - SSL_SESSION_up_ref(s->session); - if (!s->session_ctx->new_session_cb(s, s->session)) - SSL_SESSION_free(s->session); + && (!s->hit || SSL_IS_TLS13(s))) { + /* + * Add the session to the internal cache. In server side TLSv1.3 we + * normally don't do this because its a full stateless ticket with only + * a dummy session id so there is no reason to cache it, unless: + * - we are doing early_data, in which case we cache so that we can + * detect replays + * - the application has set a remove_session_cb so needs to know about + * session timeout events + */ + if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 + && (!SSL_IS_TLS13(s) + || !s->server + || s->max_early_data > 0 + || s->session_ctx->remove_session_cb != NULL)) + SSL_CTX_add_session(s->session_ctx, s->session); + + /* + * Add the session to the external cache. We do this even in server side + * TLSv1.3 without early data because some applications just want to + * know about the creation of a session and aren't doing a full cache. + */ + if (s->session_ctx->new_session_cb != NULL) { + SSL_SESSION_up_ref(s->session); + if (!s->session_ctx->new_session_cb(s, s->session)) + SSL_SESSION_free(s->session); + } } /* auto flush every 255 connections */ diff --git a/test/sslapitest.c b/test/sslapitest.c index fe355f2..fe1c1e6 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1072,9 +1072,22 @@ static int execute_test_session(int maxprot, int use_int_cache, || !TEST_ptr(sess2 = SSL_get1_session(serverssl1))) goto end; - /* Should fail because it should already be in the cache */ - if (use_int_cache && !TEST_false(SSL_CTX_add_session(sctx, sess2))) - goto end; + if (use_int_cache) { + if (maxprot == TLS1_3_VERSION && !use_ext_cache) { + /* + * In TLSv1.3 it should not have been added to the internal cache, + * except in the case where we also have an external cache (in that + * case it gets added to the cache in order to generate remove + * events after timeout). + */ + if (!TEST_false(SSL_CTX_remove_session(sctx, sess2))) + goto end; + } else { + /* Should fail because it should already be in the cache */ + if (!TEST_false(SSL_CTX_add_session(sctx, sess2))) + goto end; + } + } if (use_ext_cache) { SSL_SESSION *tmp = sess2; @@ -1088,7 +1101,7 @@ static int execute_test_session(int maxprot, int use_int_cache, * the external cache. We take a copy first because * SSL_CTX_remove_session() also marks the session as non-resumable. */ - if (use_int_cache) { + if (use_int_cache && maxprot != TLS1_3_VERSION) { if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2)) || !TEST_true(SSL_CTX_remove_session(sctx, sess2))) goto end; From openssl at openssl.org Mon May 21 10:26:51 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 21 May 2018 10:26:51 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1526898411.968247.11563.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: 246bd8f Windows: don't install __DECC_*.H 6439e34 Quiet pod2html warnings dad8868 Fix no-srtp build warnings c1c1783 Restore check of |*xn| against |name| in X509_NAME_set f3021ac Allow the ca application to use EdDSA 8a59c08 DH: add some basic tests (and comments) 6db7fad DH: add simple getters for commonly used DH struct members Build log ended with (last 100 lines): clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/curve448_internal_test.d.tmp -MT test/curve448_internal_test.o -c -o test/curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c ../openssl/test/sslapitest.c:1193:19: error: use of undeclared identifier 'new_called' sesscache[new_called] = sess; ^ ../openssl/test/sslapitest.c:1198:5: error: use of undeclared identifier 'new_called' new_called++; ^ ../openssl/test/sslapitest.c:1229:5: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1251:34: error: use of undeclared identifier 'new_called' || !TEST_int_eq(idx, new_called)) ^ ../openssl/test/sslapitest.c:1256:38: error: use of undeclared identifier 'new_called' || !TEST_int_eq(idx * 2, new_called)) ^ ../openssl/test/sslapitest.c:1270:9: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1282:33: error: use of undeclared identifier 'new_called' || !TEST_int_eq(new_called, 1)) ^ ../openssl/test/sslapitest.c:1285:9: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1288:33: error: use of undeclared identifier 'new_called' || !TEST_int_eq(new_called, 1)) ^ 9 errors generated. Makefile:9120: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-tls' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From rsalz at openssl.org Mon May 21 12:03:20 2018 From: rsalz at openssl.org (Rich Salz) Date: Mon, 21 May 2018 12:03:20 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1526904200.611887.27369.nullmailer@dev.openssl.org> The branch master has been updated via a3215cfa675b64baaa570f374c55f098479b0df6 (commit) from f37c4f5e3a9ef27283a395ffd0975e78067121ea (commit) - Log ----------------------------------------------------------------- commit a3215cfa675b64baaa570f374c55f098479b0df6 Author: Rich Salz Date: Sun May 20 21:00:32 2018 -0400 Add --web flag for web repo Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/tools/pull/13) ----------------------------------------------------------------------- Summary of changes: review-tools/ghmerge | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/review-tools/ghmerge b/review-tools/ghmerge index b1aebb9..ea6b0ec 100755 --- a/review-tools/ghmerge +++ b/review-tools/ghmerge @@ -2,16 +2,22 @@ set -o errexit +WHAT=openssl +BUILD=yes +TRIVIAL="" +MERGE="yes" + if [ ! -d .git ] ; then echo Not at top-level exit 1 fi -TRIVIAL="" +if [ "$1" = "--web" ] ; then + WHAT=web ; MERGE=yes ; BUILD=no ; shift +fi if [ "$1" == "--trivial" ] ; then TRIVIAL="--trivial" ; shift fi -MERGE="yes" if [ "$1" == "--merge" -o "$1" == "--squash" ] ; then MERGE=yes ; shift fi @@ -31,7 +37,7 @@ case "$PRNUM" in ;; esac -curl -s https://api.github.com/repos/openssl/openssl/pulls/$PRNUM >/tmp/gh$$ +curl -s https://api.github.com/repos/openssl/$WHAT/pulls/$PRNUM >/tmp/gh$$ TEAM=$* set -- `python -c ' from __future__ import print_function @@ -61,7 +67,7 @@ function cleanup { trap 'cleanup' EXIT -git pull --rebase https://github.com/$WHO/openssl.git $BRANCH +git pull --rebase https://github.com/$WHO/$WHAT.git $BRANCH git rebase $REL echo Diff against $REL git diff $REL From rsalz at openssl.org Mon May 21 14:28:35 2018 From: rsalz at openssl.org (Rich Salz) Date: Mon, 21 May 2018 14:28:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526912915.218729.21682.nullmailer@dev.openssl.org> The branch master has been updated via 8e51a340f40fc80331ddac19203ef7a3e7e02d1a (commit) from ee94ec2ef88e0ec25dedf2829d8e48dff0aa1c50 (commit) - Log ----------------------------------------------------------------- commit 8e51a340f40fc80331ddac19203ef7a3e7e02d1a Author: Rich Salz Date: Mon May 21 10:28:16 2018 -0400 Check malloc failure via app_malloc Thanks to GitHUb user murugesandins for reporting this. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6322) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/speed.c b/apps/speed.c index c0a34ee..e513263 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -3152,7 +3152,7 @@ static int do_multi(int multi, int size_num) int *fds; static char sep[] = ":"; - fds = malloc(sizeof(*fds) * multi); + fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi"); for (n = 0; n < multi; ++n) { if (pipe(fd) == -1) { BIO_printf(bio_err, "pipe failure\n"); From appro at openssl.org Mon May 21 19:53:10 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 21 May 2018 19:53:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526932390.877694.14041.nullmailer@dev.openssl.org> The branch master has been updated via 6671c775e661b6bda139ec8154905bf566fb77c9 (commit) from 8e51a340f40fc80331ddac19203ef7a3e7e02d1a (commit) - Log ----------------------------------------------------------------- commit 6671c775e661b6bda139ec8154905bf566fb77c9 Author: Andy Polyakov Date: Sun May 20 23:03:47 2018 +0200 apps/s_socket.c: address rare TLSProxy failures on Windows. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/s_socket.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/apps/s_socket.c b/apps/s_socket.c index d16108c..f4264cd 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -321,6 +321,10 @@ int do_server(int *accept_sock, const char *host, const char *port, if (accept_sock != NULL) *accept_sock = asock; for (;;) { + char sink[64]; + struct timeval timeout; + fd_set readfds; + if (type == SOCK_STREAM) { BIO_ADDR_free(ourpeer); ourpeer = BIO_ADDR_new(); @@ -351,6 +355,20 @@ int do_server(int *accept_sock, const char *host, const char *port, * TCP-RST. This seems to allow the peer to read the alert data. */ shutdown(sock, 1); /* SHUT_WR */ + /* + * We just said we have nothing else to say, but it doesn't mean + * that the other side has nothing. It's even recommended to + * consume incoming data. [In testing context this ensures that + * alerts are passed on...] + */ + timeout.tv_sec = 0; + timeout.tv_usec = 500000; /* some extreme round-trip */ + do { + FD_ZERO(&readfds); + openssl_fdset(sock, &readfds); + } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 + && readsocket(sock, sink, sizeof(sink)) > 0); + BIO_closesocket(sock); } else { i = (*cb)(asock, type, protocol, context); From appro at openssl.org Mon May 21 19:58:44 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 21 May 2018 19:58:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526932724.695872.15726.nullmailer@dev.openssl.org> The branch master has been updated via d61e6040a02464f1dd41942ee1e17ef59822102d (commit) from 6671c775e661b6bda139ec8154905bf566fb77c9 (commit) - Log ----------------------------------------------------------------- commit d61e6040a02464f1dd41942ee1e17ef59822102d Author: Tilman Keskin?z Date: Thu May 17 13:04:31 2018 +0200 ssl/ssl_txt: fix NULL-check NULL-check for cipher is redundant, instead check if cipher->name is NULL While here fix formatting of BIO_printf calls as suggested by Andy Polyakov. CLA: trivial Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6282) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_txt.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index b1254b0..2056de9 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -44,18 +44,18 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (x->cipher == NULL) { if (((x->cipher_id) & 0xff000000) == 0x02000000) { - if (BIO_printf - (bp, " Cipher : %06lX\n", x->cipher_id & 0xffffff) <= 0) + if (BIO_printf(bp, " Cipher : %06lX\n", + x->cipher_id & 0xffffff) <= 0) goto err; } else { - if (BIO_printf - (bp, " Cipher : %04lX\n", x->cipher_id & 0xffff) <= 0) + if (BIO_printf(bp, " Cipher : %04lX\n", + x->cipher_id & 0xffff) <= 0) goto err; } } else { - if (BIO_printf - (bp, " Cipher : %s\n", - ((x->cipher == NULL) ? "unknown" : x->cipher->name)) <= 0) + if (BIO_printf(bp, " Cipher : %s\n", + ((x->cipher->name == NULL) ? "unknown" + : x->cipher->name)) <= 0) goto err; } if (BIO_puts(bp, " Session-ID: ") <= 0) From appro at openssl.org Mon May 21 19:59:33 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 21 May 2018 19:59:33 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1526932773.506511.16601.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 1caa3bbf25796c1fb4dcfee1a3d5a554b8a161f9 (commit) from bbe75a29dfdb6561f21b7d010ac18c52da4beb78 (commit) - Log ----------------------------------------------------------------- commit 1caa3bbf25796c1fb4dcfee1a3d5a554b8a161f9 Author: Tilman Keskin?z Date: Thu May 17 13:04:31 2018 +0200 ssl/ssl_txt: fix NULL-check NULL-check for cipher is redundant, instead check if cipher->name is NULL While here fix formatting of BIO_printf calls as suggested by Andy Polyakov. CLA: trivial Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6282) (cherry picked from commit d61e6040a02464f1dd41942ee1e17ef59822102d) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_txt.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index dbbf9d9..0534c8f 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -70,18 +70,18 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (x->cipher == NULL) { if (((x->cipher_id) & 0xff000000) == 0x02000000) { - if (BIO_printf - (bp, " Cipher : %06lX\n", x->cipher_id & 0xffffff) <= 0) + if (BIO_printf(bp, " Cipher : %06lX\n", + x->cipher_id & 0xffffff) <= 0) goto err; } else { - if (BIO_printf - (bp, " Cipher : %04lX\n", x->cipher_id & 0xffff) <= 0) + if (BIO_printf(bp, " Cipher : %04lX\n", + x->cipher_id & 0xffff) <= 0) goto err; } } else { - if (BIO_printf - (bp, " Cipher : %s\n", - ((x->cipher == NULL) ? "unknown" : x->cipher->name)) <= 0) + if (BIO_printf(bp, " Cipher : %s\n", + ((x->cipher->name == NULL) ? "unknown" + : x->cipher->name)) <= 0) goto err; } if (BIO_puts(bp, " Session-ID: ") <= 0) From rsalz at openssl.org Mon May 21 20:09:36 2018 From: rsalz at openssl.org (Rich Salz) Date: Mon, 21 May 2018 20:09:36 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1526933376.971541.19809.nullmailer@dev.openssl.org> The branch master has been updated via c0ba851e324ad25cf4734ea93b22e315a51e5106 (commit) from a3215cfa675b64baaa570f374c55f098479b0df6 (commit) - Log ----------------------------------------------------------------- commit c0ba851e324ad25cf4734ea93b22e315a51e5106 Author: Rich Salz Date: Mon May 21 08:13:07 2018 -0400 Add --tools flag Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/tools/pull/14) ----------------------------------------------------------------------- Summary of changes: review-tools/ghmerge | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/review-tools/ghmerge b/review-tools/ghmerge index ea6b0ec..7f00b7c 100755 --- a/review-tools/ghmerge +++ b/review-tools/ghmerge @@ -12,6 +12,9 @@ if [ ! -d .git ] ; then exit 1 fi +if [ "$1" = "--tools" ] ; then + WHAT=tools ; MERGE=yes ; BUILD=no ; shift +fi if [ "$1" = "--web" ] ; then WHAT=web ; MERGE=yes ; BUILD=no ; shift fi @@ -82,6 +85,7 @@ if [ "$MERGE" == "yes" ] ; then else git rebase $WORK fi + # echo Rebuilding # opensslbuild |& tail -3 From openssl at openssl.org Tue May 22 01:08:18 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 22 May 2018 01:08:18 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1526951298.998955.21972.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: d61e604 ssl/ssl_txt: fix NULL-check 6671c77 apps/s_socket.c: address rare TLSProxy failures on Windows. 8e51a34 Check malloc failure via app_malloc ee94ec2 Don't cache stateless tickets in TLSv1.3 511190b Fix undefined behaviour in X509_NAME_cmp() Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c ../openssl/test/sslapitest.c:1233:12: error: unused function 'test_tickets' [-Werror,-Wunused-function] static int test_tickets(int idx) ^ 1 error generated. clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c Makefile:8718: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Tue May 22 10:25:31 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 22 May 2018 10:25:31 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1526984731.529791.23531.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: d61e604 ssl/ssl_txt: fix NULL-check 6671c77 apps/s_socket.c: address rare TLSProxy failures on Windows. 8e51a34 Check malloc failure via app_malloc ee94ec2 Don't cache stateless tickets in TLSv1.3 511190b Fix undefined behaviour in X509_NAME_cmp() Build log ended with (last 100 lines): clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/curve448_internal_test.d.tmp -MT test/curve448_internal_test.o -c -o test/curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c ../openssl/test/sslapitest.c:1206:19: error: use of undeclared identifier 'new_called' sesscache[new_called] = sess; ^ ../openssl/test/sslapitest.c:1211:5: error: use of undeclared identifier 'new_called' new_called++; ^ ../openssl/test/sslapitest.c:1242:5: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1264:34: error: use of undeclared identifier 'new_called' || !TEST_int_eq(idx, new_called)) ^ ../openssl/test/sslapitest.c:1269:38: error: use of undeclared identifier 'new_called' || !TEST_int_eq(idx * 2, new_called)) ^ ../openssl/test/sslapitest.c:1283:9: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1295:33: error: use of undeclared identifier 'new_called' || !TEST_int_eq(new_called, 1)) ^ ../openssl/test/sslapitest.c:1298:9: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1301:33: error: use of undeclared identifier 'new_called' || !TEST_int_eq(new_called, 1)) ^ 9 errors generated. clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/stack_test.d.tmp -MT test/stack_test.o -c -o test/stack_test.o ../openssl/test/stack_test.c Makefile:9120: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-tls' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From matt at openssl.org Tue May 22 12:25:32 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 22 May 2018 12:25:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1526991932.115827.7580.nullmailer@dev.openssl.org> The branch master has been updated via 1aac20f5095fca8691ef4495c3e7438c935a33dc (commit) from d61e6040a02464f1dd41942ee1e17ef59822102d (commit) - Log ----------------------------------------------------------------- commit 1aac20f5095fca8691ef4495c3e7438c935a33dc Author: Matt Caswell Date: Mon May 21 12:20:18 2018 +0100 Fix no-ec in combination with no-dh Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6321) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_srvr.c | 11 +++++++++-- test/dtlstest.c | 11 ++++++++++- test/sslapitest.c | 4 +++- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 65b9d3b..7c756c0 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -721,6 +721,7 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { +#ifndef OPENSSL_NO_TLS1_3 unsigned int format, version, key_share, group_id; EVP_MD_CTX *hctx; EVP_PKEY *pkey; @@ -936,6 +937,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->hello_retry_request = 1; s->ext.cookieok = 1; +#endif return 1; } @@ -1694,14 +1696,16 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, /* SSLfatal() already called */ return EXT_RETURN_FAIL; } -#endif - return EXT_RETURN_SENT; +#else + return EXT_RETURN_FAIL; +#endif } EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { +#ifndef OPENSSL_NO_TLS1_3 unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie; unsigned char *hmac, *hmac2; size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen; @@ -1826,6 +1830,9 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); return ret; +#else + return EXT_RETURN_FAIL; +#endif } EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, diff --git a/test/dtlstest.c b/test/dtlstest.c index 859ec6b..c41aac8 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -116,7 +116,16 @@ static int test_dtls_unprocessed(int testidx) #define CLI_TO_SRV_EPOCH_0_RECS 3 #define CLI_TO_SRV_EPOCH_1_RECS 1 -#define SRV_TO_CLI_EPOCH_0_RECS 12 +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) +# define SRV_TO_CLI_EPOCH_0_RECS 12 +#else +/* + * In this case we have no ServerKeyExchange message, because we don't have + * ECDHE or DHE. When it is present it gets fragmented into 3 records in this + * test. + */ +# define SRV_TO_CLI_EPOCH_0_RECS 9 +#endif #define SRV_TO_CLI_EPOCH_1_RECS 1 #define TOTAL_FULL_HAND_RECORDS \ (CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \ diff --git a/test/sslapitest.c b/test/sslapitest.c index fe1c1e6..f2978aa 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4473,7 +4473,9 @@ static int test_info_callback(int tst) int tlsvers; if (tst < 2) { -#ifndef OPENSSL_NO_TLS1_2 +/* We need either ECDHE or DHE for the TLSv1.2 test to work */ +#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \ + || !defined(OPENSSL_NO_DH)) tlsvers = TLS1_2_VERSION; #else return 1; From kurt at openssl.org Tue May 22 20:46:29 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Tue, 22 May 2018 20:46:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527021989.222830.16497.nullmailer@dev.openssl.org> The branch master has been updated via 693cf80c6ff54ae276a44d305d4ad07168ec6895 (commit) from 1aac20f5095fca8691ef4495c3e7438c935a33dc (commit) - Log ----------------------------------------------------------------- commit 693cf80c6ff54ae276a44d305d4ad07168ec6895 Author: Kurt Roeckx Date: Tue May 15 19:01:41 2018 +0200 Enable SSL_MODE_AUTO_RETRY by default Because TLS 1.3 sends more non-application data records some clients run into problems because they don't expect SSL_read() to return and set SSL_ERROR_WANT_READ after processing it. This can cause problems for clients that use blocking I/O and use select() to see if data is available. It can be cleared using SSL_CTX_clear_mode(). Reviewed-by: Matt Caswell GH: #6260 ----------------------------------------------------------------------- Summary of changes: CHANGES | 11 +++++++++++ apps/s_client.c | 2 ++ apps/s_server.c | 3 +++ ssl/ssl_lib.c | 1 + test/sslapitest.c | 9 --------- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index c67a9c6..612da59 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,17 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking + I/O in combination with something like select() or poll() will hang. This + can be turned off again using SSL_CTX_clear_mode(). + Many applications do not properly handle non-application data records, and + TLS 1.3 sends more of such records. Setting SSL_MODE_AUTO_RETRY works + around the problems in those applications, but can also break some. + It's recommended to read the manpages about SSL_read(), SSL_write(), + SSL_get_error(), SSL_shutdown(), SSL_CTX_set_mode() and + SSL_CTX_set_read_ahead() again. + [Kurt Roeckx] + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. [Richard Levitte] diff --git a/apps/s_client.c b/apps/s_client.c index 5934236..9122d48 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1675,6 +1675,8 @@ int s_client_main(int argc, char **argv) goto end; } + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); + if (sdebug) ssl_ctx_security_debug(ctx, sdebug); diff --git a/apps/s_server.c b/apps/s_server.c index 6180617..b0d38e4 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1753,6 +1753,9 @@ int s_server_main(int argc, char *argv[]) ERR_print_errors(bio_err); goto end; } + + SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); + if (sdebug) ssl_ctx_security_debug(ctx, sdebug); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1dd355d..22f729c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2896,6 +2896,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->method = meth; ret->min_proto_version = 0; ret->max_proto_version = 0; + ret->mode = SSL_MODE_AUTO_RETRY; ret->session_cache_mode = SSL_SESS_CACHE_SERVER; ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; /* We take the system default. */ diff --git a/test/sslapitest.c b/test/sslapitest.c index f2978aa..10bfc8a 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -2351,15 +2351,6 @@ static int test_early_data_not_sent(int idx) || !TEST_size_t_eq(written, strlen(MSG2))) goto end; - /* - * Should block due to the NewSessionTicket arrival unless we're using - * read_ahead, or PSKs - */ - if (idx != 1 && idx != 2) { - if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))) - goto end; - } - if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) goto end; From openssl at openssl.org Wed May 23 01:07:56 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 23 May 2018 01:07:56 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1527037676.025307.11111.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 693cf80 Enable SSL_MODE_AUTO_RETRY by default 1aac20f Fix no-ec in combination with no-dh Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o -c -o test/casttest.o ../openssl/test/casttest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/chacha_internal_test.d.tmp -MT test/chacha_internal_test.o -c -o test/chacha_internal_test.o ../openssl/test/chacha_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherbytes_test.d.tmp -MT test/cipherbytes_test.o -c -o test/cipherbytes_test.o ../openssl/test/cipherbytes_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cipherlist_test.d.tmp -MT test/cipherlist_test.o -c -o test/cipherlist_test.o ../openssl/test/cipherlist_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ciphername_test.d.tmp -MT test/ciphername_test.o -c -o test/ciphername_test.o ../openssl/test/ciphername_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/clienthellotest.d.tmp -MT test/clienthellotest.o -c -o test/clienthellotest.o ../openssl/test/clienthellotest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/cmsapitest.d.tmp -MT test/cmsapitest.o -c -o test/cmsapitest.o ../openssl/test/cmsapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/conf_include_test.d.tmp -MT test/conf_include_test.o -c -o test/conf_include_test.o ../openssl/test/conf_include_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/constant_time_test.d.tmp -MT test/constant_time_test.o -c -o test/constant_time_test.o ../openssl/test/constant_time_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/crltest.d.tmp -MT test/crltest.o -c -o test/crltest.o ../openssl/test/crltest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c ../openssl/test/sslapitest.c:1233:12: error: unused function 'test_tickets' [-Werror,-Wunused-function] static int test_tickets(int idx) ^ clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c 1 error generated. Makefile:8718: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From matt at openssl.org Wed May 23 09:49:57 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 23 May 2018 09:49:57 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527068997.206111.17796.nullmailer@dev.openssl.org> The branch master has been updated via 04225915731e913b4ad077aff6b6d7bbeb8b916b (commit) from 693cf80c6ff54ae276a44d305d4ad07168ec6895 (commit) - Log ----------------------------------------------------------------- commit 04225915731e913b4ad077aff6b6d7bbeb8b916b Author: Matt Caswell Date: Mon May 21 10:46:58 2018 +0100 Fix no-ec, no-tls1_3 and no-tls Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6321) ----------------------------------------------------------------------- Summary of changes: test/sslapitest.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/sslapitest.c b/test/sslapitest.c index 10bfc8a..9b0237e 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1197,6 +1197,7 @@ static int test_session_with_both_cache(void) #endif } +#ifndef OPENSSL_NO_TLS1_3 static SSL_SESSION *sesscache[6]; static int do_cache; @@ -1324,6 +1325,7 @@ static int test_tickets(int idx) return testresult; } +#endif #define USE_NULL 0 #define USE_BIO_1 1 From levitte at openssl.org Wed May 23 09:57:19 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 23 May 2018 09:57:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527069439.587417.22580.nullmailer@dev.openssl.org> The branch master has been updated via b501ab6bee469eafb8b67ac38896bb689ab632fa (commit) via 8cc1dc3632ee685f7609c4923c7fb6e75154ea0d (commit) from 04225915731e913b4ad077aff6b6d7bbeb8b916b (commit) - Log ----------------------------------------------------------------- commit b501ab6bee469eafb8b67ac38896bb689ab632fa Author: Richard Levitte Date: Tue May 22 23:09:01 2018 +0200 INSTALL: Provide better documentation for enable-ec_nistp_64_gcc_128 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6328) commit 8cc1dc3632ee685f7609c4923c7fb6e75154ea0d Author: Richard Levitte Date: Tue May 22 13:57:29 2018 +0200 Better error code when lacking __SIZEOF_INT128__ Fixes #6327 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6328) ----------------------------------------------------------------------- Summary of changes: INSTALL | 9 +++++++-- crypto/ec/ecp_nistp224.c | 2 +- crypto/ec/ecp_nistp256.c | 2 +- crypto/ec/ecp_nistp521.c | 2 +- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/INSTALL b/INSTALL index a0ebef9..52e3f2a 100644 --- a/INSTALL +++ b/INSTALL @@ -336,8 +336,13 @@ enable-ec_nistp_64_gcc_128 Enable support for optimised implementations of some commonly - used NIST elliptic curves. This is only supported on some - platforms. + used NIST elliptic curves. + This is only supported on platforms: + - with little-endian storage of non-byte types + - that tolerate misaligned memory references + - where the compiler: + - supports the non-standard type __uint128_t + - defines the built-in macro __SIZEOF_INT128__ enable-egd Build support for gathering entropy from EGD (Entropy diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 5b8da3f..364b7f2 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -45,7 +45,7 @@ NON_EMPTY_TRANSLATION_UNIT typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit * platforms */ # else -# error "Need GCC 4.0 or later to define type uint128_t" +# error "Your compiler doesn't appear to support 128-bit integer types" # endif typedef uint8_t u8; diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 5eee25c..19caa03 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -47,7 +47,7 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit * platforms */ typedef __int128_t int128_t; # else -# error "Need GCC 4.0 or later to define type uint128_t" +# error "Your compiler doesn't appear to support 128-bit integer types" # endif typedef uint8_t u8; diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 97846f8..3f68ae3 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -45,7 +45,7 @@ NON_EMPTY_TRANSLATION_UNIT typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit * platforms */ # else -# error "Need GCC 4.0 or later to define type uint128_t" +# error "Your compiler doesn't appear to support 128-bit integer types" # endif typedef uint8_t u8; From openssl at openssl.org Wed May 23 10:21:58 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 23 May 2018 10:21:58 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1527070918.535616.18264.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: 693cf80 Enable SSL_MODE_AUTO_RETRY by default 1aac20f Fix no-ec in combination with no-dh Build log ended with (last 100 lines): clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ct_test.d.tmp -MT test/ct_test.o -c -o test/ct_test.o ../openssl/test/ct_test.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ctype_internal_test.d.tmp -MT test/ctype_internal_test.o -c -o test/ctype_internal_test.o ../openssl/test/ctype_internal_test.c clang -I. -Iinclude -Icrypto/ec/curve448 -I../openssl -I../openssl/include -I../openssl/crypto/ec/curve448 -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/curve448_internal_test.d.tmp -MT test/curve448_internal_test.o -c -o test/curve448_internal_test.o ../openssl/test/curve448_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/d2i_test.d.tmp -MT test/d2i_test.o -c -o test/d2i_test.o ../openssl/test/d2i_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/danetest.d.tmp -MT test/danetest.o -c -o test/danetest.o ../openssl/test/danetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/destest.d.tmp -MT test/destest.o -c -o test/destest.o ../openssl/test/destest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dhtest.d.tmp -MT test/dhtest.o -c -o test/dhtest.o ../openssl/test/dhtest.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_data.d.tmp -MT test/drbg_cavs_data.o -c -o test/drbg_cavs_data.o ../openssl/test/drbg_cavs_data.c clang -Iinclude -Itest -I. -I../openssl/include -I../openssl/test -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbg_cavs_test.d.tmp -MT test/drbg_cavs_test.o -c -o test/drbg_cavs_test.o ../openssl/test/drbg_cavs_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/drbgtest.d.tmp -MT test/drbgtest.o -c -o test/drbgtest.o ../openssl/test/drbgtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dsatest.d.tmp -MT test/dsatest.o -c -o test/dsatest.o ../openssl/test/dsatest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtls_mtu_test.d.tmp -MT test/dtls_mtu_test.o -c -o test/dtls_mtu_test.o ../openssl/test/dtls_mtu_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlstest.d.tmp -MT test/dtlstest.o -c -o test/dtlstest.o ../openssl/test/dtlstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/dtlsv1listentest.d.tmp -MT test/dtlsv1listentest.o -c -o test/dtlsv1listentest.o ../openssl/test/dtlsv1listentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecdsatest.d.tmp -MT test/ecdsatest.o -c -o test/ecdsatest.o ../openssl/test/ecdsatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ecstresstest.d.tmp -MT test/ecstresstest.o -c -o test/ecstresstest.o ../openssl/test/ecstresstest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ectest.d.tmp -MT test/ectest.o -c -o test/ectest.o ../openssl/test/ectest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/enginetest.d.tmp -MT test/enginetest.o -c -o test/enginetest.o ../openssl/test/enginetest.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_extra_test.d.tmp -MT test/evp_extra_test.o -c -o test/evp_extra_test.o ../openssl/test/evp_extra_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/evp_test.d.tmp -MT test/evp_test.o -c -o test/evp_test.o ../openssl/test/evp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exdatatest.d.tmp -MT test/exdatatest.o -c -o test/exdatatest.o ../openssl/test/exdatatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/exptest.d.tmp -MT test/exptest.o -c -o test/exptest.o ../openssl/test/exptest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/fatalerrtest.d.tmp -MT test/fatalerrtest.o -c -o test/fatalerrtest.o ../openssl/test/fatalerrtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/gmdifftest.d.tmp -MT test/gmdifftest.o -c -o test/gmdifftest.o ../openssl/test/gmdifftest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/hmactest.d.tmp -MT test/hmactest.o -c -o test/hmactest.o ../openssl/test/hmactest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ideatest.d.tmp -MT test/ideatest.o -c -o test/ideatest.o ../openssl/test/ideatest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/igetest.d.tmp -MT test/igetest.o -c -o test/igetest.o ../openssl/test/igetest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/lhash_test.d.tmp -MT test/lhash_test.o -c -o test/lhash_test.o ../openssl/test/lhash_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/md2test.d.tmp -MT test/md2test.o -c -o test/md2test.o ../openssl/test/md2test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2_internal_test.d.tmp -MT test/mdc2_internal_test.o -c -o test/mdc2_internal_test.o ../openssl/test/mdc2_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/mdc2test.d.tmp -MT test/mdc2test.o -c -o test/mdc2test.o ../openssl/test/mdc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/memleaktest.d.tmp -MT test/memleaktest.o -c -o test/memleaktest.o ../openssl/test/memleaktest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/modes_internal_test.d.tmp -MT test/modes_internal_test.o -c -o test/modes_internal_test.o ../openssl/test/modes_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ocspapitest.d.tmp -MT test/ocspapitest.o -c -o test/ocspapitest.o ../openssl/test/ocspapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/packettest.d.tmp -MT test/packettest.o -c -o test/packettest.o ../openssl/test/packettest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pbelutest.d.tmp -MT test/pbelutest.o -c -o test/pbelutest.o ../openssl/test/pbelutest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pemtest.d.tmp -MT test/pemtest.o -c -o test/pemtest.o ../openssl/test/pemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_kdf_test.d.tmp -MT test/pkey_meth_kdf_test.o -c -o test/pkey_meth_kdf_test.o ../openssl/test/pkey_meth_kdf_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/pkey_meth_test.d.tmp -MT test/pkey_meth_test.o -c -o test/pkey_meth_test.o ../openssl/test/pkey_meth_test.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/poly1305_internal_test.d.tmp -MT test/poly1305_internal_test.o -c -o test/poly1305_internal_test.o ../openssl/test/poly1305_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc2test.d.tmp -MT test/rc2test.o -c -o test/rc2test.o ../openssl/test/rc2test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc4test.d.tmp -MT test/rc4test.o -c -o test/rc4test.o ../openssl/test/rc4test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rc5test.d.tmp -MT test/rc5test.o -c -o test/rc5test.o ../openssl/test/rc5test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rdrand_sanitytest.d.tmp -MT test/rdrand_sanitytest.o -c -o test/rdrand_sanitytest.o ../openssl/test/rdrand_sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/recordlentest.d.tmp -MT test/recordlentest.o -c -o test/recordlentest.o ../openssl/test/recordlentest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_mp_test.d.tmp -MT test/rsa_mp_test.o -c -o test/rsa_mp_test.o ../openssl/test/rsa_mp_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/rsa_test.d.tmp -MT test/rsa_test.o -c -o test/rsa_test.o ../openssl/test/rsa_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sanitytest.d.tmp -MT test/sanitytest.o -c -o test/sanitytest.o ../openssl/test/sanitytest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/secmemtest.d.tmp -MT test/secmemtest.o -c -o test/secmemtest.o ../openssl/test/secmemtest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/servername_test.d.tmp -MT test/servername_test.o -c -o test/servername_test.o ../openssl/test/servername_test.c clang -Iinclude -Icrypto/include -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/shlibloadtest.d.tmp -MT test/shlibloadtest.o -c -o test/shlibloadtest.o ../openssl/test/shlibloadtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/siphash_internal_test.d.tmp -MT test/siphash_internal_test.o -c -o test/siphash_internal_test.o ../openssl/test/siphash_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2crypttest.d.tmp -MT test/sm2crypttest.o -c -o test/sm2crypttest.o ../openssl/test/sm2crypttest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm2sigtest.d.tmp -MT test/sm2sigtest.o -c -o test/sm2sigtest.o ../openssl/test/sm2sigtest.c clang -I. -Iinclude -Icrypto/include -I../openssl -I../openssl/include -I../openssl/crypto/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sm4_internal_test.d.tmp -MT test/sm4_internal_test.o -c -o test/sm4_internal_test.o ../openssl/test/sm4_internal_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/srptest.d.tmp -MT test/srptest.o -c -o test/srptest.o ../openssl/test/srptest.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_cert_table_internal_test.d.tmp -MT test/ssl_cert_table_internal_test.o -c -o test/ssl_cert_table_internal_test.o ../openssl/test/ssl_cert_table_internal_test.c clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/handshake_helper.d.tmp -MT test/handshake_helper.o -c -o test/handshake_helper.o ../openssl/test/handshake_helper.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test.d.tmp -MT test/ssl_test.o -c -o test/ssl_test.o ../openssl/test/ssl_test.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx.d.tmp -MT test/ssl_test_ctx.o -c -o test/ssl_test_ctx.o ../openssl/test/ssl_test_ctx.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssl_test_ctx_test.d.tmp -MT test/ssl_test_ctx_test.o -c -o test/ssl_test_ctx_test.o ../openssl/test/ssl_test_ctx_test.c clang -Iinclude -I. -I../openssl/include -I../openssl -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslapitest.d.tmp -MT test/sslapitest.o -c -o test/sslapitest.o ../openssl/test/sslapitest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslbuffertest.d.tmp -MT test/sslbuffertest.o -c -o test/sslbuffertest.o ../openssl/test/sslbuffertest.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/sslcorrupttest.d.tmp -MT test/sslcorrupttest.o -c -o test/sslcorrupttest.o ../openssl/test/sslcorrupttest.c ../openssl/test/sslapitest.c:1206:19: error: use of undeclared identifier 'new_called' sesscache[new_called] = sess; ^ ../openssl/test/sslapitest.c:1211:5: error: use of undeclared identifier 'new_called' new_called++; ^ ../openssl/test/sslapitest.c:1242:5: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1264:34: error: use of undeclared identifier 'new_called' || !TEST_int_eq(idx, new_called)) ^ ../openssl/test/sslapitest.c:1269:38: error: use of undeclared identifier 'new_called' || !TEST_int_eq(idx * 2, new_called)) ^ ../openssl/test/sslapitest.c:1283:9: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1295:33: error: use of undeclared identifier 'new_called' || !TEST_int_eq(new_called, 1)) ^ ../openssl/test/sslapitest.c:1298:9: error: use of undeclared identifier 'new_called' new_called = 0; ^ ../openssl/test/sslapitest.c:1301:33: error: use of undeclared identifier 'new_called' || !TEST_int_eq(new_called, 1)) ^ clang -I. -Iinclude -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/ssltest_old.d.tmp -MT test/ssltest_old.o -c -o test/ssltest_old.o ../openssl/test/ssltest_old.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/stack_test.d.tmp -MT test/stack_test.o -c -o test/stack_test.o ../openssl/test/stack_test.c 9 errors generated. Makefile:9120: recipe for target 'test/sslapitest.o' failed make[1]: *** [test/sslapitest.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-tls' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From matt at openssl.org Wed May 23 14:07:25 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 23 May 2018 14:07:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527084445.769166.14189.nullmailer@dev.openssl.org> The branch master has been updated via de9f5b3554274e27949941cbe74a07c8a5f25dbf (commit) from b501ab6bee469eafb8b67ac38896bb689ab632fa (commit) - Log ----------------------------------------------------------------- commit de9f5b3554274e27949941cbe74a07c8a5f25dbf Author: Matt Caswell Date: Fri May 18 17:33:19 2018 +0100 Use the client app traffic secret for PHA Finished message The TLSv1.3 spec requires us to use the client application traffic secret during generation of the Finished message following a post handshake authentication. Fixes #6263 Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/6297) ----------------------------------------------------------------------- Summary of changes: ssl/tls13_enc.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 1613004..1e6db92 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -247,12 +247,23 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, goto err; } - if (str == s->method->ssl3_enc->server_finished_label) + if (str == s->method->ssl3_enc->server_finished_label) { key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, s->server_finished_secret, hashlen); - else + } else if (SSL_IS_FIRST_HANDSHAKE(s)) { key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, s->client_finished_secret, hashlen); + } else { + unsigned char finsecret[EVP_MAX_MD_SIZE]; + + if (!tls13_derive_finishedkey(s, ssl_handshake_md(s), + s->client_app_traffic_secret, + finsecret, hashlen)) + goto err; + + key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret, + hashlen); + } if (key == NULL || ctx == NULL From matt at openssl.org Wed May 23 14:15:44 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 23 May 2018 14:15:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1527084944.659283.16425.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d8908c3310240bb0efd9b17c663a8b9e47bf31dc (commit) from f2bb6b8d81944261f65e3231f6eb707a9185162a (commit) - Log ----------------------------------------------------------------- commit d8908c3310240bb0efd9b17c663a8b9e47bf31dc Author: Matt Caswell Date: Tue May 22 13:34:42 2018 +0100 Fix a bogus warning about an uninitialised var The variable in question can never be used uninitialised, but we silence the compiler anyway. Fixes #6301 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6329) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_oaep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 9a01b4a..9def7a0 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, int plen, const EVP_MD *md, const EVP_MD *mgf1md) { - int i, dblen, mlen = -1, one_index = 0, msg_index; + int i, dblen = 0, mlen = -1, one_index = 0, msg_index; unsigned int good, found_one_byte; const unsigned char *maskedseed, *maskeddb; /* From viktor at openssl.org Wed May 23 15:09:12 2018 From: viktor at openssl.org (Viktor Dukhovni) Date: Wed, 23 May 2018 15:09:12 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527088152.005360.26352.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 6d3cfd13a904a03fc3522da935136dcdd12e9014 (commit) via c2c2c7b3f1df94f9a447cc3cf8196579543cc57e (commit) from 1caa3bbf25796c1fb4dcfee1a3d5a554b8a161f9 (commit) - Log ----------------------------------------------------------------- commit 6d3cfd13a904a03fc3522da935136dcdd12e9014 Author: Viktor Dukhovni Date: Tue May 22 14:46:02 2018 -0400 Skip CN DNS name constraint checks when not needed Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson commit c2c2c7b3f1df94f9a447cc3cf8196579543cc57e Author: Viktor Dukhovni Date: Fri May 18 09:09:51 2018 -0400 Limit scope of CN name constraints Don't apply DNS name constraints to the subject CN when there's a least one DNS-ID subjectAlternativeName. Don't apply DNS name constraints to subject CN's that are sufficiently unlike DNS names. Checked name must have at least two labels, with all labels non-empty, no trailing '.' and all hyphens must be internal in each label. In addition to the usual LDH characters, we also allow "_", since some sites use these for hostnames despite all the standards. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_strex.c | 50 ----------- crypto/include/internal/asn1_int.h | 2 - crypto/x509/x509_vfy.c | 28 +++++- crypto/x509v3/v3_ncons.c | 135 ++++++++++++++++++++++++----- doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 21 ++++- doc/crypto/X509_check_host.pod | 7 +- doc/ssl/SSL_set1_host.pod | 2 +- test/certs/alt1-cert.pem | 39 ++++----- test/certs/alt1-key.pem | 52 +++++------ test/certs/badalt6-cert.pem | 35 ++++---- test/certs/badalt6-key.pem | 52 +++++------ test/certs/badalt7-cert.pem | 33 ++++--- test/certs/badalt7-key.pem | 52 +++++------ test/certs/badcn1-cert.pem | 20 +++++ test/certs/badcn1-key.pem | 28 ++++++ test/certs/goodcn1-cert.pem | 22 +++++ test/certs/goodcn1-key.pem | 28 ++++++ test/certs/setup.sh | 25 ++++-- test/recipes/25-test_verify.t | 8 +- 19 files changed, 419 insertions(+), 220 deletions(-) create mode 100644 test/certs/badcn1-cert.pem create mode 100644 test/certs/badcn1-key.pem create mode 100644 test/certs/goodcn1-cert.pem create mode 100644 test/certs/goodcn1-key.pem diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 75bc431..ec7ac5a 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -613,53 +613,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) *out = stmp.data; return stmp.length; } - -/* Return 1 if host is a valid hostname and 0 otherwise */ -int asn1_valid_host(const ASN1_STRING *host) -{ - int hostlen = host->length; - const unsigned char *hostptr = host->data; - int type = host->type; - int i; - signed char width = -1; - unsigned short chflags = 0, prevchflags; - - if (type > 0 && type < 31) - width = tag2nbyte[type]; - if (width == -1 || hostlen == 0) - return 0; - /* Treat UTF8String as width 1 as any MSB set is invalid */ - if (width == 0) - width = 1; - for (i = 0 ; i < hostlen; i+= width) { - prevchflags = chflags; - /* Value must be <= 0x7F: check upper bytes are all zeroes */ - if (width == 4) { - if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0) - return 0; - } else if (width == 2) { - if (*hostptr++ != 0) - return 0; - } - if (*hostptr > 0x7f) - return 0; - chflags = char_type[*hostptr++]; - if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) { - /* Nothing else allowed at start or end of string */ - if (i == 0 || i == hostlen - 1) - return 0; - /* Otherwise invalid if not dot or hyphen */ - if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN))) - return 0; - /* - * If previous is dot or hyphen then illegal unless both - * are hyphens: as .- -. .. are all illegal - */ - if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN) - && ((prevchflags & CHARTYPE_HOST_DOT) - || (chflags & CHARTYPE_HOST_DOT))) - return 0; - } - } - return 1; -} diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h index f70e3b4..a0c6531 100644 --- a/crypto/include/internal/asn1_int.h +++ b/crypto/include/internal/asn1_int.h @@ -90,5 +90,3 @@ struct asn1_pctx_st { unsigned long oid_flags; unsigned long str_flags; } /* ASN1_PCTX */ ; - -int asn1_valid_host(const ASN1_STRING *host); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 3fa2e5c..766db8e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -558,6 +558,27 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) return 1; } +static int has_san_id(X509 *x, int gtype) +{ + int i; + int ret = 0; + GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + + if (gs == NULL) + return 0; + + for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) { + GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i); + + if (g->type == gtype) { + ret = 1; + break; + } + } + GENERAL_NAMES_free(gs); + return ret; +} + static int check_name_constraints(X509_STORE_CTX *ctx) { int i; @@ -656,7 +677,12 @@ static int check_name_constraints(X509_STORE_CTX *ctx) int rv = NAME_CONSTRAINTS_check(x, nc); /* If EE certificate check commonName too */ - if (rv == X509_V_OK && i == 0) + if (rv == X509_V_OK && i == 0 + && (ctx->param->hostflags + & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0 + && ((ctx->param->hostflags + & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0 + || !has_san_id(x, GEN_DNS))) rv = NAME_CONSTRAINTS_check_CN(x, nc); switch (rv) { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 2eec405..6fe6c44 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -297,47 +297,140 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) } +static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) +{ + int utf8_length; + unsigned char *utf8_value; + int i; + int isdnsname = 0; + + /* Don't leave outputs uninitialized */ + *dnsid = NULL; + *idlen = 0; + + /*- + * Per RFC 6125, DNS-IDs representing internationalized domain names appear + * in certificates in A-label encoded form: + * + * https://tools.ietf.org/html/rfc6125#section-6.4.2 + * + * The same applies to CNs which are intended to represent DNS names. + * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be + * needlessly encoded in 16-bit Unicode. We perform a conversion to UTF-8 + * to ensure that we get an ASCII representation of any CNs that are + * representable as ASCII, but just not encoded as ASCII. The UTF-8 form + * may contain some non-ASCII octets, and that's fine, such CNs are not + * valid legacy DNS names. + * + * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what + * we must use for 'utf8_length'. + */ + if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0) + return X509_V_ERR_OUT_OF_MEM; + + /* + * Some certificates have had names that include a *trailing* NUL byte. + * Remove these harmless NUL characters. They would otherwise yield false + * alarms with the following embedded NUL check. + */ + while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0') + --utf8_length; + + /* Reject *embedded* NULs */ + if ((size_t)utf8_length != strlen((char *)utf8_value)) { + OPENSSL_free(utf8_value); + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + } + + /* + * XXX: Deviation from strict DNS name syntax, also check names with '_' + * Check DNS name syntax, any '-' or '.' must be internal, + * and on either side of each '.' we can't have a '-' or '.'. + * + * If the name has just one label, we don't consider it a DNS name. This + * means that "CN=sometld" cannot be precluded by DNS name constraints, but + * that is not a problem. + */ + for (i = 0; i < utf8_length; ++i) { + unsigned char c = utf8_value[i]; + + if ((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || (c >= '0' && c <= '9') + || c == '_') + continue; + + /* Dot and hyphen cannot be first or last. */ + if (i > 0 && i < utf8_length - 1) { + if (c == '-') + continue; + /* + * Next to a dot the preceding and following characters must not be + * another dot or a hyphen. Otherwise, record that the name is + * plausible, since it has two or more labels. + */ + if (c == '.' + && utf8_value[i + 1] != '.' + && utf8_value[i - 1] != '-' + && utf8_value[i + 1] != '-') { + isdnsname = 1; + continue; + } + } + isdnsname = 0; + break; + } + + if (isdnsname) { + *dnsid = utf8_value; + *idlen = (size_t)utf8_length; + return X509_V_OK; + } + OPENSSL_free(utf8_value); + return X509_V_OK; +} + +/* + * Check CN against DNS-ID name constraints. + */ int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) { int r, i; - X509_NAME *nm; - + X509_NAME *nm = X509_get_subject_name(x); ASN1_STRING stmp; GENERAL_NAME gntmp; + stmp.flags = 0; stmp.type = V_ASN1_IA5STRING; gntmp.type = GEN_DNS; gntmp.d.dNSName = &stmp; - nm = X509_get_subject_name(x); - /* Process any commonName attributes in subject name */ for (i = -1;;) { X509_NAME_ENTRY *ne; - ASN1_STRING *hn; + ASN1_STRING *cn; + unsigned char *idval; + size_t idlen; + i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); if (i == -1) break; ne = X509_NAME_get_entry(nm, i); - hn = X509_NAME_ENTRY_get_data(ne); - /* Only process attributes that look like host names */ - if (asn1_valid_host(hn)) { - unsigned char *h; - int hlen = ASN1_STRING_to_UTF8(&h, hn); - if (hlen <= 0) - return X509_V_ERR_OUT_OF_MEM; + cn = X509_NAME_ENTRY_get_data(ne); - stmp.length = hlen; - stmp.data = h; - - r = nc_match(&gntmp, nc); - - OPENSSL_free(h); + /* Only process attributes that look like host names */ + if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK) + return r; + if (idlen == 0) + continue; - if (r != X509_V_OK) - return r; - } + stmp.length = idlen; + stmp.data = idval; + r = nc_match(&gntmp, nc); + OPENSSL_free(idval); + if (r != X509_V_OK) + return r; } return X509_V_OK; } diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 55077e5..320b258 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -133,14 +133,29 @@ B clearing any previously specified host name or names. If B is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If B is NUL-terminated, B may be zero, otherwise B -must be set to the length of B. When a hostname is specified, +must be set to the length of B. + +When a hostname is specified, certificate verification automatically invokes L with flags equal to the B argument given to X509_VERIFY_PARAM_set_hostflags() (default zero). Applications are strongly advised to use this interface in preference to explicitly -calling L, hostname checks are out of scope +calling L, hostname checks may be out of scope with the DANE-EE(3) certificate usage, and the internal check will -be suppressed as appropriate when DANE support is added to OpenSSL. +be suppressed as appropriate when DANE verification is enabled. + +When the subject CommonName will not be ignored, whether as a result of the +B host flag, or because no DNS subject +alternative names are present in the certificate, any DNS name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension. + +When the subject CommonName will be ignored, whether as a result of the +B host flag, or because some DNS subject +alternative names are present in the certificate, DNS name constraints in +issuer certificates will not be applied to the subject DN. +As described in X509_check_host(3) the B +flag takes precendence over the B flag. X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a call to X509_VERIFY_PARAM_set_hostflags(). diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index 9384815..06089e1 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -93,6 +93,9 @@ consider the subject DN even if the certificate contains no subject alternative names of the right type (DNS name or email address as appropriate); the default is to use the subject DN when no corresponding subject alternative names are present. +If both B and +B are specified, the latter takes +precedence and the subject DN is not checked for matching names. If set, B disables wildcard expansion; this only applies to B. @@ -128,9 +131,9 @@ NULs. Applications are encouraged to use X509_VERIFY_PARAM_set1_host() rather than explicitly calling L. Host name -checks are out of scope with the DANE-EE(3) certificate usage, +checks may be out of scope with the DANE-EE(3) certificate usage, and the internal checks will be suppressed as appropriate when -DANE support is added to OpenSSL. +DANE support is enabled. =head1 SEE ALSO diff --git a/doc/ssl/SSL_set1_host.pod b/doc/ssl/SSL_set1_host.pod index 3339a0e..1fc1054 100644 --- a/doc/ssl/SSL_set1_host.pod +++ b/doc/ssl/SSL_set1_host.pod @@ -56,7 +56,7 @@ is cleared or freed, or a renegotiation takes place. Applications must not free the return value. SSL clients are advised to use these functions in preference to -explicitly calling L. Hostname checks are out +explicitly calling L. Hostname checks may be out of scope with the RFC7671 DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE is enabled. diff --git a/test/certs/alt1-cert.pem b/test/certs/alt1-cert.pem index b94d0ea..d68b0e5 100644 --- a/test/certs/alt1-cert.pem +++ b/test/certs/alt1-cert.pem @@ -1,22 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 -IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGgxIzAh -BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu -Z29vZC5vcmcxEzARBgNVBAMMCkpvZSBCbG9nZ3MxFTATBgNVBAMMDGFueS5nb29k -LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAv1X8S8uUpnjTa -3bv7m1jJbbX7bC9w7k4TfxiU5XL/m3EhN//EUBJSoamy6vFC6oy/6jA8XmptlVrY -Sp3ZKFdjdZh+CyYZKcrv4JReF2lfRIINn6d6EgcAobGTNwdcv67xuNtMi0meAvmK -gLjOa/IhCHNC+l8vNDJx/a+7mxH+yNxPL6lC/kJMja6oaYndx74WJpPC22LJ/cCp -xspKKsoPYYjk0BX9RvbKO8s4b86Wjzzntht+NpQ4LLh9XwPZog11qGE4UIrsV8XA -YxJrMGQNZd69cnCOz8vnOVCszFOa4qVvXeAGr0iFlZAXbQJevpiiXaXHMEt8C1qH -xpcW8DcCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUw8nB25NP0gUaFCrOwAO5KzllnREw -HwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMwCQYDVR0TBAIwADBIBgNV -HREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNvbYENZ29vZEBnb29kLm9y -Z4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBUnDMrg1py -8/iYXzs11Qbw7bBhc/HQDpu5QVgriaX2zDUpTLSEUV7qZFSHmwWm91ILw2VA1Xni -ua2sF19o/tJT0ZHpapkfqGpfsym2H04NDMKy0l0fSZhlCB5Kv5wpiFt9hBUrxS/2 -Dd6Kg+Ka02nD5QBXSAk/xz0FmgezzGGCLjg85/Sfe9Y7tNhQXh3HuGXuJizYccdQ -Fh1IAFYW3DZoDKS7dDTCltvDEma/2IE684+CRJiA6PH9rYfJ1CCUfAMpyA85CxKT -P68GDKI++WoUgM8LDfxS0KOL7A9cqcpM2L27hjyEgnqIBPHFfm9fxztBotuCTl5L -vRlTFVjv65nn +MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDIzODEzWhgPMjExODA1MTcwMjM4MTNaMFQxIzAh +BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRgwFgYDVQQDDA93d3cu +ZXhhbXBsZS5uZXQxEzARBgNVBAMMCkpvZSBCbG9nZ3MwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDTqvf6j+WxCtn4RU8/6uXXgCTcksv6NDXCZ9JAz4Vv +cQbJfhFbDWpGZQZDOCqwtj+7CSVIraxItHzPlrt36cevsoPmpuqGbHrUaOLneme2 +x81SXUq0z/DmDvwxVENmRj1u7iCt3sL7awcid4SiotLOY2F1jBazmqprqKZBUiyQ +XqpSp+9uSav77ydwDXCrQozBdns1YRshgU9omQrTcIqHCj1f9Lo+A2y4+TZYZkvS +DuUZiTfPTPouR6sopM8JLyAZc+TvFFncEg24N+zz3O3jwH82BZEjzavw92J9npJB +UXvKb8O9z7UA65WYuL2he7kSQCsPNLoRWZnVpchwr3VHAgMBAAGjgZgwgZUwHQYD +VR0OBBYEFHvLhGWckFjVXdDI3ds9Wti6zgXAMB8GA1UdIwQYMBaAFAjRm/nm1WRw +oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYDVR0RBEEwP4IMd3d3Lmdvb2Qub3Jn +ggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgA +ATANBgkqhkiG9w0BAQsFAAOCAQEATVcTyrAxsehdQNrkL6kquXxWlyegJcxvVxUe +hfh9+Lw4620b2S1/l2YxFM3peLAsRgJOznmJOeG18+y7/kx/3UNqYGY7e8iJQ3Gl +JwDIJp5JCaUOlodjhMJtRc7jn9RcsL97oizXdcryyWT0vSlM9Pie9NtHG5iq5X4+ +oL3X8+OG25MOkF2h3YVCEG3vDu7quyTlHc2ebwpdLZRndcOewO2Cap1ettyWXUPP +Mha6wyJE8LJhrGmrI8Lw+i7gGscP0xYZn3yCLk5BtOabn4dvCiDmb+TPruKQQARw +BG45LEZzGxz+Ad3xRdZyVi1I67v9YShoYTCpMTSxJaR0erH74g== -----END CERTIFICATE----- diff --git a/test/certs/alt1-key.pem b/test/certs/alt1-key.pem index b5d4d32..6df050a 100644 --- a/test/certs/alt1-key.pem +++ b/test/certs/alt1-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwL9V/EvLlKZ40 -2t27+5tYyW21+2wvcO5OE38YlOVy/5txITf/xFASUqGpsurxQuqMv+owPF5qbZVa -2Eqd2ShXY3WYfgsmGSnK7+CUXhdpX0SCDZ+nehIHAKGxkzcHXL+u8bjbTItJngL5 -ioC4zmvyIQhzQvpfLzQycf2vu5sR/sjcTy+pQv5CTI2uqGmJ3ce+FiaTwttiyf3A -qcbKSirKD2GI5NAV/Ub2yjvLOG/Olo8857YbfjaUOCy4fV8D2aINdahhOFCK7FfF -wGMSazBkDWXevXJwjs/L5zlQrMxTmuKlb13gBq9IhZWQF20CXr6Yol2lxzBLfAta -h8aXFvA3AgMBAAECggEAa073DcqQvhq3DSIw4wm/+DfW5nwXzF1QB6XAR0yI453j -IuhEnzcGPeKuLBmZFxDWoptRG8fpCZFs4kPSTomxFGizewlp6O5ykfPAKR2VzMwF -geCiWPL0f+dWlD1Byu4moXsASDE6tL/UuAAvnl+7R2HvL6SfsdGiTQc4qAvvyukM -szks+MePHSlXmL5Eld7HfKgpvxY1SbYOQU0aPXAQAnLaOT931q+tgZMG6nBWN+pu -w5bgKCA26BMAAaUAdIIDEa9fjzkpXjElCT4qhJYVKQn9Pb7aSc4jihSpCknqbb9c -55nW5PWMZJyCbCOUG/SVTblXV+NmhdtwrgUbHImXIQKBgQDcb/7vp+rq06uNx3b4 -AjTZdzCVbHM8gp7b1GkGD0SncrzX6RxPSzNn7d4AUKY065bwa89A+TRwV8DSo7G8 -hxjzdU/FKCg8ce0eqoCtWjIT2r+rV2P9dFhfRT5jdOwHrym8LeSGzANjIBNV7FOf -FIRkQ1BVD0QSPla+26ASqsw60wKBgQDMnEzChQWgAsBelALmGaj/wDdWDUXK8xRg -s7dG1Sx41SLk39SAjCUYXPyy8IHBitJtPZNDp23tR4/m8Ui1pB2T0EnlzBsuzrZ/ -0aCbJnQ08FXE8iVajrgce4ZCdT8vkeH8EVhqDpJIlAhoKy3HaoAr4o2/uRoGDpHZ -iAbDLTEOjQKBgFrp4dXLhkqFNArMShetKUjLLIFj8f7xzDzT1ODH6UO6QYI2xRM6 -65+gbd/pYzMOOvk7LYYZgXQX7RGyq3oaqcK3Dkg88KNFRUtRfLKCMYcYv9YVu8pr -cosQTtPMBBCDQI44yziA6aC3OOJGDpLcbmG/lWEPY762cSZUBCfOw147AoGAd8S+ -AdcPtdwmcrY9BCfdDuea/JoEUon7UaehDqtVvt0z8bk7kIt4Y0x69ttleL8j8aHr -g9yLsisDhvGR2BFa5t0zhHn3J20E0skINAlMWHieHAyJ5PpJtxJvQpOTCutf1sbo -dBxXcHiGe0NbJrGmmQmiY6mcHBOHOEgxfSoE3zkCgYAc+ozIr3xmUcooUeA7uqpd -LvGGqHThGrtXVFIErOIcajC9bHEeZw4Do/oT5L7Wr7pOZ20VUmuRvwytd7IYYTVV -g+nIyKaMttEaCzHEsO0CQUHexOkJbL4rpc3HiK5hIhL8Yo2L/obQgCxYmvyChpo3 -sXJAoFllBNfAK3aanFOR1Q== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDTqvf6j+WxCtn4 +RU8/6uXXgCTcksv6NDXCZ9JAz4VvcQbJfhFbDWpGZQZDOCqwtj+7CSVIraxItHzP +lrt36cevsoPmpuqGbHrUaOLneme2x81SXUq0z/DmDvwxVENmRj1u7iCt3sL7awci +d4SiotLOY2F1jBazmqprqKZBUiyQXqpSp+9uSav77ydwDXCrQozBdns1YRshgU9o +mQrTcIqHCj1f9Lo+A2y4+TZYZkvSDuUZiTfPTPouR6sopM8JLyAZc+TvFFncEg24 +N+zz3O3jwH82BZEjzavw92J9npJBUXvKb8O9z7UA65WYuL2he7kSQCsPNLoRWZnV +pchwr3VHAgMBAAECggEACPTB+1sdV+lioaulF8pDoWOtq5uWf+a3o5sq/U0Kk1WP ++PSZnWWq6oGZyzxUKhf8CFjxt+qJUKY6Zbo2AnPk3B1MkXTclYV/iP9LIoo+WzCH +EoYaBB6MTd+ycg/jri8oqEnxHgo/681yhtXRyePj0ZHI7OVZjI3tyhJfvoHQmuci +u6qYYUP0GWuyM+kHS11vn6Q1U8nOZWvXpEDXDDdJ7+2QRuv01AXcjFxpbFzkMn2W +JkhKkCTIQpUU66VMRHwNexi+TR2rRESq0G+fa+6gaVFVIs0vBukq48IeC5W21j1L +zyftHxci67FlYC9iaiUxDVt3KB+lcukx6Cz5mjtzqQKBgQD/GrAtFfjiXKj9O5ld +K7dnnBHE8fzyWQWyOfwpVjNAC1J7tgwFvDpBpTHOwS5JnCwMWWM3rkBPRhCusmrF +AtfE8b643G+cJbTgDuEhGh11QR0p9VWMVFQL9kZxx12PegDtFBfzcfcI3XQwKVKL +ZbQn4ibW3BKSt9+Nh3APa0s5iwKBgQDUaTxZBajTdzoDd6Pg3warL5BhsxWr2tUQ +qf+iVoba2Y9NTBdxBht2whSaYweU9kxmeNZvnCu95B8HeRGE69Dxb7IWwpsaxoaf +ND0NcCF7aPZgx7hvhbHF7duzt3nuv+q5sOuuyHPzm+nF2snAuY3Zg+Bpv3nlYekf +18aXZdwStQKBgEpF8e9ei1UUl1sLZC6dUMvIw9+sePHye1cVzNYYM9m8sio0qbFt +ySRdvW+uDRT/dE+wItQOVsj95FOIvM9ZcYr0u4vFGnXDALOPgXqKyPLfn2cc9+hg +kQvei0oLOrFQWz6rcAHAN6WMHIz9KvxNAzPtg1NhRcMT5/Gj8jt7CK7bAoGAIeKz +7OO5Phr8F0eDzkDmGHMbDmr6XxMnAGSOUoCJPOqOMN+dsbsusHBfxw1bTUlJgONw +GhgI5l85EAEhaVoRWCLgfz8GbWwUV9uGjdlAjiZ9f4z9AFWMua2rae0wN4VIVd1C +i/yQeuF5lsXDf8paNcQTDeus74oCHcFXfhmS1S0CgYB2q8E+H0kFHbUxkIZYwhsM +r0lTecn+kVsyPPje2UlzfTwvcC9dFIC4ppCdJGUJAwi/PJnr6xNyOH6I1pjUA8ER +Aofm4Oj2DwX8W+81oO71/RXSfEFUjdOw0H6iRDyvWa1gqftj2/aWjV7Ifdo49thx +EzX/9GdsRInifN6FfOfo/A== -----END PRIVATE KEY----- diff --git a/test/certs/badalt6-cert.pem b/test/certs/badalt6-cert.pem index fbe040b..f41568f 100644 --- a/test/certs/badalt6-cert.pem +++ b/test/certs/badalt6-cert.pem @@ -1,22 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 -IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGkxIjAg +MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDMyNjMyWhgPMjExODA1MTcwMzI2MzJaMGkxIjAg BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v -ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKz8F/ndKz0vuv -BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu -9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd -7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+ -6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb -jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8 -1L6m8ngXAgMBAAGjgZgwgZUwHQYDVR0OBBYEFBIKyD5bUUNIFxlQJl/rBvvIm0XZ -MB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYD -VR0RBEEwP4IMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5v -cmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG9w0BAQsFAAOCAQEAa2lydA7a -YgRhYeIuPEtR+bKyDkIKNjvx2IRL/FL70s/IWFWDK1rpsMYLGNa7rWpW5gq4T6zb -JIwC/770Rw1p+0j9eAC95d2wCEhyNcLdoP4ch7whr0MhxYHUJ8zQGPdQ97DWGoEB -2seLjrhMrX004TM4UlM+lpjsb88QEcD+kOEhdDTKm0ABUygOr1KRay437mtUhAzb -WyUbAjKbhgyv6IFRNHKy6YtCMugPihn+Pd1NY6c2ACRVOAUS/+rvVyjxBCATW5Wk -zAtNIxYgcm3rYRroGYT2BGj8Ic7oqPOWPdGWhsieX0c+y2ZnS727Kwc5tXFfW9By -GH32QmEN5o5jZQ== +ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl46xhstHmmYhp +XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ +E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP +DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc +qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg +gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2 +KRL2Le8jAgMBAAGjezB5MB0GA1UdDgQWBBRJJljvheyfKr9neNplhIMIFx25QjAf +BgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAAMCwGA1Ud +EQQlMCOBDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG +9w0BAQsFAAOCAQEAPfRFkpkTsPlH54n/i3kxR8Hw17kUOV0/v39fnNzV+PXS/IIU +9OFfP7qNeuoWVQKXCwNWGWYXb7O0LNJMJQWWtyXtzWH3rOSxdSRIrTsCVHA41Lbo +te2nrfnGMtg6em51Do6Kk0JM304sVAWl5OY/eckBmuDgN/5WfZudOLd8Ohv8vZ6U +ZNoSBNpu1x5gfEPywMUGAgbkNZVpzNAfulx3/D2kWk0qwEKqnphUyaXiTVqO49gr +n1LwSVdqBcmapBmEO3puV4TBWFwM49iMMNGn0fp/JBVsLjt+q7TK96qGBo/BSEL+ +e2TXTNpdkn3l+ZK2FYdf7s8fytoe+6o92dN+fA== -----END CERTIFICATE----- diff --git a/test/certs/badalt6-key.pem b/test/certs/badalt6-key.pem index 203a4c7..782d693 100644 --- a/test/certs/badalt6-key.pem +++ b/test/certs/badalt6-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKz8F/ndKz0vuv -BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu -9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd -7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+ -6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb -jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8 -1L6m8ngXAgMBAAECggEBAJNMHK8BAvzTqTPPsfAGu4bTvgxRdKGy609FFAiqxUF3 -UmQsCZEfgwyqCszFPfSeS43xuPRukObE6L6MV4ls8GwWqvp1nKfCClJX3/9jK6tq -2tDQ416a7Wb+FvfgW0tDEg7oLKfcqRyAoQFNuxWHbGDiTQlz2dzzFYkzhlzBDUYH -/pu9qkNFGfYMFwsBUd8pp8zMnv552CCIgalBBFr1hy9q47HBaJPaF2/CjZJmsqkp -rVMBH7+j0y1DW3JO5rSKcRdz+mgEd9m/yQIazvBPJKxeGza8JfLBuACYFLIoO1S+ -b8s/zmQPHeZwTxSsM64M1uYi4dmJy0viozLlWsjrE1ECgYEA/GxGG/lB1mL+Hzmc -kXzWmA2nLPxZXGxMBOYH/n8l4OyDmKi2Bmly7kS0kLdY6gYTVBWFCRcvPxf+UJu9 -x4NcKDkjXVXSg7Muux3Bh1JoRCOKB2Hk3pqdDe55GcT5bSikkd5PYCNobcnqzSK1 -HzKveDdukraZxIPFpVs1VM9/gxMCgYEAza+BJUAEWoq925a1RKlMwdXW1ONBhFqU -fXon15fgycHkiYIBGbGE65Oyz8BwE6jNAT+SwKlNCc6jPAkXvEUpczEi5Rcox8Ec -hNoXBHcBxHEhtfV2VKX5I9JFAadmvnfS5St7HjRLzE2Y6xym1+fKfnAlSLpdb3W2 -eRqVBi3F020CgYEA6K/yrQTHwRX+BdC42JCIzSAA1IJG6eDW7skR43NX+pBr+sTD -DwQTszrYbHLnXst888zmluutXO8EO1Bl0E3yHQ4W4IolhcweLtUOOm0nunA8Y/PE -48MJNfd34N5nw01s7x5Mc2YQdOxmKvVsmzbA9AO9RTdYZgPGpVh/wA+LDssCgYBh -F2+G/ekQNF3awhFfD+vDtAVtCLlsmLVvZbJY+sCJfJU8s7mBP2LXMSk/GD/Ph+b9 -p9zGRSSwdHJpbIFfxeYDEja+nWgKowWrUKd83BBhgmW/Vtc8rfwlBKS+Wx8M2dMb -iqLbZyRAlICSuzumvyu+84EmC5L/gjlYgUvHVuQDIQKBgHH7q3hrKI5mQ0BR9h75 -4yP98c+Duz8IsQllIG0gzCiiOYIVTl3uzTCa/E9Sa+jG+kFsCeUDchmC6LmHdF/Z -ZHfECcQT4B37xMMwvjwNW7E6/FyRx3XC762Fd5vlz3fBuVKburfh1JpfpcO85Wvo -R1UfsJugW9Yetsqd9WB6q3ln +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDl46xhstHmmYhp +XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ +E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP +DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc +qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg +gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2 +KRL2Le8jAgMBAAECggEBAMcDjTTa2GmYWoZUr+UPizqyvsTnMmg/NoFBhy9WJVne +kpR3kJvvm30XNiEGbCV1GGryL5p7w5UVuPXjhQ7xIkY3feQNC4H361iP93HK7dXJ +i9V9AfGCdLzSuILsT2Wpm88MifUQIpqrRmqtqakKHkyMFG655409rpYlZNVogl9H +vzrTE8rjysNMjP+bpbgkxUJfeATw8OYhEwd9ahj/E0r0r2enYhGEP3j+1zYsGdmM +L2Uy4M+modaAWpZg5pUWpFjxl+V2cSJHdaQc8KYg8Z8RUyzYipFk3YzjP5jtprq5 +dHf9FqlcXk+MtzcYe+x8mIb3uwZhOtdpnUqe5l+GTyECgYEA9j++rS9sajQzMqp0 +p+EptacD/p7A3wldIDGEpPJsSQL+vhcigyn4iPCM1pGWR4iuR7Od9RpQSf3Tfnqc +ZwUJQOpiYpxo1+QlqlBJkDjDRztp+kETZAgzc084ZhwQv9PfYyxa+8layQFhnClt +Z9G0o4AV1povVeQLO5+9CQZQ4VMCgYEA7v4WuydzlLGKppsJEG8vvieR64mjOfO4 +gHBMEYnzEeTZPDvIfEfguM1upJCvt5GXp3huVHCAsFgs6kDjVbpIL1A2HzrMPtOa +MNDSOrpuLcakAgEgx2VFv4TMnA1QKPg3//YCqEqqTJyX0C4OwaADRZJS7YfHp9lg +mpv90baE8PECgYAv3oxulj15F9SsEL7Es9yr11/La4kK0oMr8vRaLFYoi1CCG3U2 +Ej6iQEDgpUSVe1iFz8DxGMBq4dDvUV5+GFiIKggeK1GmRk+cICdsxdwQSNh9MZFX +bNCzpb7M+r+2yrUuTj0RnT7svDwBY3xFJlr7PbcBFNAG3mHgoVjaHEQ0yQKBgHbS +zepvSv/65bzACFmrbklU0zAQVp9RlcIGE0wFEl0rMvbHon5oHkrDmOcpKLRUJtqU +/gXtiY4jyPEPIfhVjd44OzB7w2DZRChRKrUYS/9ma9SzSuDYcT0vgat00w4Lm4wf +fGK//Lvqf3B59cw/CmFkxuZiQ9ooMees9x11adOBAoGBAMdb0r8sAtgh+KTbA8Kq +guIWiknOk6/LYUTuT3fidPIPbErrUQQR9WWHuXjrj2RyHI/RLjYLFamikvhU7PmE +jPjPAo4p1a0WBwrYgjGDIRjTVjbUK282vuYkunGWYfgnZurAyjJCndL/eNZuX2F5 +m1rTfab8O+tOOGKGyzfouD2A -----END PRIVATE KEY----- diff --git a/test/certs/badalt7-cert.pem b/test/certs/badalt7-cert.pem index b515ba4..4fa81b3 100644 --- a/test/certs/badalt7-cert.pem +++ b/test/certs/badalt7-cert.pem @@ -1,23 +1,22 @@ -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 -IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMIGmMTsw +MIIDtjCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDMyNzA5WhgPMjExODA1MTcwMzI3MDlaMIGmMTsw OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBANStByWr70u2A49OO+LYu0ivQP+uBu2n3E6RoEYf+op/+JF3clwfMQCGqiSg -QxOJMHkcu4gJDudRLCSXqHPnR0hOd+mQ5wQQJmLj8A99ImcD2oN5R3V5I4bSlXP9 -GCq2pFDnwXuEcJ3d2Dt1HYO4jA4Ol/RBT3NIqmwSnQzXv98mjYFpy6AuAIaYGmbh -1DLWxsTPI2NjNafJYS85NrQDLkTpq48nCmQCJ+ly6Zzu7WuJiDKD1Rxs7ZwgNtLi -Zhp41TeFHxCbfSFKe9u4rnUmImKxwgc9KuzOLpLAzD9avWpPGHtkCsLFsiw/EJYf -UdeCXc7tz9WhXZzOk/ffLOcrorMCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUwYsR1XfZ -2cPcAR7i5i9obalnJcIwHwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMw -CQYDVR0TBAIwADBIBgNVHREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNv -bYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEB -CwUAA4IBAQAN/klfzMLi2acp5KdH9UZR4XCk3cZBOuMuI0vU+wrU/ETgY6rFhAwY -gSZsO6vX0mt/G6QfOmY5+kW4FY5XavGhhNVY2x5ATZKvQCf+orIsUHOBxVTjH6az -uEnxGDRTbjXSkBTCTSoOqdJNeOmEwiaHEVy/atumUW2B2KP5FeBGdud/94c4Q9/O -WBJ0EICGF6hYTDra63lAjxyARTvocVakIE8zytT1SbU4yO05mYPyNdXxiXikepFE -phPQWNSLx4EPBIorGCFj7MPDmFCH/+EjDjGz3SNUvqsak6MstzK94KVriQyIHKex -IL5WuKFm0XSGKTX8SzyMGErMGeriveL2 +ggEBAOG4PegItzkmJDwlSA/FyVHWLWUIQrnxgS0KSds3On2CMsjDJ+X77B4s1IPI +yKHuqNbXqV/hJGAxKnZRZe0D6VsmKlYOYpz9QtFxvpo5DwA3q6BTx6sIElFn/lip +Pbu5ZeIMNeN4bot7x5sBobr6OgidAVaAuqQHHJnD7mQ1s22qY0UqkBqNBhhJWOmx +YC0Q56WDi9+C7Cy2+kiiSlT4jCZ8m1K0F7tTK5mF0p4HppXmXLzcecZ/Sw8jOqQK +JM/4UCj/nxWCGYKWkv8zLJtG+ryfZMf15/0Cd1dzHAS9mYU4mFssPdFyT+WFpw7b +K3TOTXkS/tAPbj0xin2wqBJz8m8CAwEAAaN7MHkwHQYDVR0OBBYEFOWYNq+H1LH6 +lZUpgijb/S/sAiDsMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkG +A1UdEwQCMAAwLAYDVR0RBCUwI4ENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29t +hwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQAwUxnqq0gBgKmEHIRgZVu10KtOknjt +p/wEcqQ9METvXb+4/a4U6ftjTgaOrPVjamNFlaoUcTgx2nk2zRsjM+e+tpnxDgRR +/yoVB3HsISpdeN70s/WYAgvev/FdV3O+JWhUYHdKrDB4DMfPhlRIfSgOymJljo6+ +wL8qa7lVonF91Im4SCbq4dqtAnbg4ttblQ3yjFfQtuwzyJD/3ism6FQPLbg1K4eu +1Si0EDL4Fct581Gb5D+NU8PYiwg7Nk8ubNlRHXydoVGDLmT0hLE+/IsPd1M8tMqm +sifRl2Is+lGVeg4pPHFjB0npTNkaYafu89dz/3PNRRr5If06B+apk4AX -----END CERTIFICATE----- diff --git a/test/certs/badalt7-key.pem b/test/certs/badalt7-key.pem index 50557e8..b453f1f 100644 --- a/test/certs/badalt7-key.pem +++ b/test/certs/badalt7-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUrQclq+9LtgOP -Tjvi2LtIr0D/rgbtp9xOkaBGH/qKf/iRd3JcHzEAhqokoEMTiTB5HLuICQ7nUSwk -l6hz50dITnfpkOcEECZi4/APfSJnA9qDeUd1eSOG0pVz/RgqtqRQ58F7hHCd3dg7 -dR2DuIwODpf0QU9zSKpsEp0M17/fJo2BacugLgCGmBpm4dQy1sbEzyNjYzWnyWEv -OTa0Ay5E6auPJwpkAifpcumc7u1riYgyg9UcbO2cIDbS4mYaeNU3hR8Qm30hSnvb -uK51JiJiscIHPSrszi6SwMw/Wr1qTxh7ZArCxbIsPxCWH1HXgl3O7c/VoV2czpP3 -3yznK6KzAgMBAAECggEADjQ0Kv7tr3fLixGljEP/Vh5mT+02hz7TxueQ9b4DBKcB -We3JVH+8zRUxXdraP/7EnwIdQDuipC5WrWb3mC4VI64h8hZ8Z1gQyEAC83XfC1RF -jsxVynG5vrJnyuRXbdre5Ixl7rLsto5vd6EdxINZz0KIQYbvIHr07tzbYlUyelvA -mu0kYdtbjm2p2AGJJ99zN3EiQ9lZDyiFirOXEA9P/YdKKVlIwpDPbn/TmNY/k6Ul -mRxgAJKwKiR6Gg3QMdTUKeaXBpKf/pa+5rzR7zxNbiQO3IXOVx7ZzQ2R0Wuivpqk -yjMaqUa7dDuvtIHJBpJB7TIL6SlQkiS1lEQFhO7EAQKBgQDz30obdymxqQVy7IsH -NLo5xRX1hRRN9h34Y4qC0JXkCTG1fWJ19KYHod0S5peaIo/ThDVf1UXln6amdCjM -oIfhmo0baNIdMMpxxBdsdLfUKwyVh8qROaBscPE4FGBUrfEW/wSn1WRYcWh+oda3 -LuLVf5Qt9a9f6ZYuy1X6dDi8swKBgQDfQJTSFUNkV8yKfMX54x0DcUkiWOu3LaET -GSu0UXqBVn1Q+u6CUAkh5jA9fpyM5sp9+t5FuwjO+ITHfiNFoD/LCeMUfYVDF7O2 -uCLTsN+7gTGpKMnfL/rg9exrsfDdsmbQe4BhrUFBsYfKgBlBraL0QGD+25qgU8CS -CQ6toGCCAQKBgQDCYJskwRoObPXW4AsAN1qnaRtTkjrY2O6SaGSiV7bhByMD0WiF -M/aR5sXapsj3Jc0Vfi88rzUDDPk7eyJ51wn3G8SUsDuo4Ja7jtxMqctL5PQmyxD+ -J7xiMrNRS4xscifTeHgxfbh5dgsfw8bsQwaxvPpSl5ytCfWWXqOs+K2wWQKBgBM4 -Mher8PNQg7FgcILExJipRgyI7zID4ZwNTK/nW86KrZstHx9k2IRslraUkdGnhMM3 -t671HRsEVhn+h/bUhulp3nzDGZffEH+odocW8QvpYWcYtdha/xQi18mltgC//Q3x -s+m0yqtnJzONt57p3d99M1x9d2BaFXf9A6B68BQBAoGBAOatu9+wGaIEB//fpaQt -mnsS2XBJco5gHTjOegCSNe3gQQsB5mhTEekOeMzJ8WLTMVXQVCXx9/8HxKoycbq8 -M/7ScH1iT/wJTkSsjyeycUgH31GPeRvmo9YU2PsW3NN6ZyNpxWJFdcPYHAzZqJeA -cZtQWiEyaf026DdR8YBYn6tf +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDhuD3oCLc5JiQ8 +JUgPxclR1i1lCEK58YEtCknbNzp9gjLIwyfl++weLNSDyMih7qjW16lf4SRgMSp2 +UWXtA+lbJipWDmKc/ULRcb6aOQ8AN6ugU8erCBJRZ/5YqT27uWXiDDXjeG6Le8eb +AaG6+joInQFWgLqkBxyZw+5kNbNtqmNFKpAajQYYSVjpsWAtEOelg4vfguwstvpI +okpU+IwmfJtStBe7UyuZhdKeB6aV5ly83HnGf0sPIzqkCiTP+FAo/58VghmClpL/ +MyybRvq8n2TH9ef9AndXcxwEvZmFOJhbLD3Rck/lhacO2yt0zk15Ev7QD249MYp9 +sKgSc/JvAgMBAAECggEAZG2cJawTEXtV7ejMii//Jck8g1JMlfzM86Q7Pizxejw+ +qjKiguI2qSpbF5NzKRFNz+E+e+lpTN8zPFd1GSJ/Zk2x0n4uBBlu7E9GdcnjUb5z +Py9njEJYHB4//WS3kdmoag3ywBWqYaceJWpxcga5YXGx0bIO2MJNSGDzpWR7Q9QQ +tG/lWmno5goY2BxI08BTKSlqNIBkg/rr9jJo3axRcEmbx7hj4vUkAlypFKtmR4dW +bNo0f6VAd5Y6c9YbnKybR/44lScBksuSkZjm076cbbbp5PpsiLGe/12bqUcwCH+T +8hRVndmOLdOxC11OZOvMbX6x2uXNh3/Qr/GMyfzZcQKBgQD4we7E9vOygk1J5Vbl +1zETR9x3dujpBBx3xaHXUSJNUTNwmnZ+0JoFTqPkRmmPMNK7XfZuPymBehtk8WYt +NnezM2UNTdbfVOnJWnU6igRNGBaDW6F9AezlADBNwIbFVw6RqP4fTUFsmm9TQ/8M +4kZmmlW4uLZyX0WQO+AJa7NShwKBgQDoSpnQgmWqXMcaHwY2l8fEDuDc41nDoJIm +/CMppPbr7GkUX4OU785p6E0N0o1ONt+xCBT1lxHwWEeMAKZXrNC1XGpfvhpVZ72v +VruATDFs1rcL3S2Sty7A+jhFKKXlGeDWNcpaKY8nDvv2uJG0+J3bLprdMqnY/gQ1 +C+FzyQ6S2QKBgDnHIaRSD6xoo3cEc7iS0O0/ha+hyNtGfy46kyqlx6fZsm73EYrG +/N86ssp0qFP/7RJj8rcMqKFQMUiy4R6jRg4zY8dBSyU4XczM2+mq4PDfJWuBPvMA +HXvbHV0R2LvBSrr+W3f9w7Jr9GuMoZLmg5+VPU/YZ1gNVOT5Y0IM5+vFAoGBANx9 +CzlGvLeTrw1VS3GAaobn1Hr2dlrhTDki9UFvK03PLgK/ksdJRLV0YcdwBt6p6XRB +hpuC1O087lSuvTXVfJnZacMNUDOm7/7BpeJm8DcuK7tgKwTrSb61A7ppleY7xRWv +Iy6n6hCaAYIzuWJ85mGJAEhb8apdmqK7bzmXK3UpAoGBALdOvJfqbF0YlHbdQCVi +ftjtxs/dZKdF1rNARR0VMqUtZX+WP2b6OPXlwux94Cr//iNv5ih3B4Z4LIgTpgBJ +AKGXEBGMMthAlptC4BcOAEs9cYeWGLAoYk8jpNmXvXjhGqvzhPO2YrX5xy46dVOG +iiCseyA7Kr8Axt9QhUzoi5f7 -----END PRIVATE KEY----- diff --git a/test/certs/badcn1-cert.pem b/test/certs/badcn1-cert.pem new file mode 100644 index 0000000..3b3bad6 --- /dev/null +++ b/test/certs/badcn1-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDI0MTMyWhgPMjExODA1MTcwMjQxMzJaME4xIzAh +BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu +Z29vZC5vcmcxEDAOBgNVBAMMB2JhZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDN9WI6OyxnW+R98FqrWwMo3JE165bRB8iQOdDP3xE1+bvUMDYh +8wFR9gfNrKhqXubJ3lCHKgaApTXNKM/jwrT/pqhF6iNfPIbKAMTT4VZPy4/eI45R +03Yn+dJnZLDz7BDpnuhORp8XzQqfxSGBX0Rdr17xYOwGHcruwoitRyS/w8p8EKos +/LIDvjzye5GaPXqXkAkcBcLBpWlgMm+j8xE+LzGw1NVw8vWMSpP2WX9kp7aPbh+A +jSbT522yHy1r6WeElbSY7WOFvnmgbZ19pUdyz8CN6KKb87dBA0joyWSly5ZsNbjh +/YuRhCgRExvdQ6kImwdKAfO7RLkxho6jny1HAgMBAAGjXjBcMB0GA1UdDgQWBBT5 +fenRjyFKUb1XvUnm4GV9kZmONDAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa +3fVQQzAJBgNVHRMEAjAAMA8GA1UdEQQIMAaHBMCoAAEwDQYJKoZIhvcNAQELBQAD +ggEBACKtfZCcP/pY8Bu+lb/pGZj5txsmNbJ1l2RVACQA7CGjwfUr7VaQGMuT+FuA +Erlh+UnEC3R/e1xQwgJeuAXBOWFkxA61isVSrmM7YM6vDB0+t8N9lMUFjPbRyEkM +A5kaSLPrgSOg7ONsO6YGbaWm1XCoUC6Ilrdzy+ckzklgjYRth99b2d5WrjIxEWIq +BX2DI2ruetjXYGRzsqSK+O9d4fsqrb5M0ZCNWQZ4WnrMNaAeHWpW6NqSvof/N21x +WC5zcU7GXLrDigwWPMDLQhVtu4OihWjsqugh6Jl7DxDBhi8JKO6tJQAISHjKaL98 +yXZFsQ//q7ATwlcHyB81B+X16AI= +-----END CERTIFICATE----- diff --git a/test/certs/badcn1-key.pem b/test/certs/badcn1-key.pem new file mode 100644 index 0000000..dbcf4b5 --- /dev/null +++ b/test/certs/badcn1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDN9WI6OyxnW+R9 +8FqrWwMo3JE165bRB8iQOdDP3xE1+bvUMDYh8wFR9gfNrKhqXubJ3lCHKgaApTXN +KM/jwrT/pqhF6iNfPIbKAMTT4VZPy4/eI45R03Yn+dJnZLDz7BDpnuhORp8XzQqf +xSGBX0Rdr17xYOwGHcruwoitRyS/w8p8EKos/LIDvjzye5GaPXqXkAkcBcLBpWlg +Mm+j8xE+LzGw1NVw8vWMSpP2WX9kp7aPbh+AjSbT522yHy1r6WeElbSY7WOFvnmg +bZ19pUdyz8CN6KKb87dBA0joyWSly5ZsNbjh/YuRhCgRExvdQ6kImwdKAfO7RLkx +ho6jny1HAgMBAAECggEBAKDxiUHx7cATShm0ElZnd6+dtQfKwv8zsuIpm+hk62Ef +d0zYI+UhrT1sIiryKmV9JaJITOtixtQOxl088D+Obrx8cnC4B84rUTVXpnfgVf9j +FljDtjpxIZsZmPbc836ZUZoOaICKpVYHD69Mb+NWG+mN2oaLc8VP0L4FXKLzvl7u +69NQlTPG2CS61BktVqMtWWc/9CvdOwqwVbckyISj9QLUgSXIyB4IP3bjp0RYSpOu +m3nhuhil1G3c05R4UfiE2d9Er7SBBoQ304ld892YRinSgtZqC1G25uZmWJ3ekAAM +bg6P0hBd86F/G2TxNdelYrxTazjqZShYi1N48SK6kUECgYEA+51O19Q5XkskD/Dn +VfaCjSOTFwDlb5ATmVCrJu+13/5IJfmJgWA6xdqfWoqxSOsJzXBEETKWgkahoo4K +OU1UaBTHEJ588xOpoMzbJkKlb5hPseEQsvu055Ky0euMgmlrALPQQ9e1DUSlowui +Cq9wCak4dqq9NNs6FMIeGhqczGECgYEA0YxcajJFxPHJsdFCVa4tdy9jgfC64t4Y +CWDzRfUnuX24ILbW9+olvvoZkMSzoVpiQ9YU8kPJUaOyFrw6jUV5GRHUCMgfkx2Y +nqe+7aSFmv0Nlo0RMV2PqaOZzlxnG9FzyNE+4PygZqtFhN21b5Idc69k2Ltu7K4J +J4MG1kMUGqcCgYEA0ttUPEisPtoHgZhntUFczHx4gnmMzH5X/k5876dIqkrFGZXR +5urGthHtIwpBYZMeZtxjHmpfeRNJ1xjjdnvYdVScMdAvc+ERcSDbsmd9jlR8zNuI +jAWl576nPoX//TXspu0JZiE5p8HUcRuJkxzMbjwyhje1Ubs6JDU81rFgn2ECgYAG +3WVNqVX1zMIBzEwzCGC+7dOBt0Q4GHSLIhz2JsDlZ8P3dmX2ezo/Vmwt/POxjod3 +l3TaNvRKc2VrL0FvzV3ZP2dF3mCCbk7Iq9AqcuBZon6mdvqgNmN1eEGarBZIqAT2 +CDzaHAyZMHU3lBfUjuHeH1nba9CHenAcVkOME2h+MwKBgQDiHAnTK4ovCNmT5E9i +03x/wPSH8FZ3Wrb1GMtNlTc7lOtB5eYIvwkaloJkNKHbUDv57V66hnYT6CyH4u45 +dPtuohtafL9mdScYqmicGLtbLLglSQpJYt4J59hffNZ30E84dKXtyDN7E5P5Z00Z +8PbOMUy3oK6j+GMP/xRNI76RtA== +-----END PRIVATE KEY----- diff --git a/test/certs/goodcn1-cert.pem b/test/certs/goodcn1-cert.pem new file mode 100644 index 0000000..d9205e0 --- /dev/null +++ b/test/certs/goodcn1-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkTCCAnmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDI0MDA0WhgPMjExODA1MTcwMjQwMDRaMIGeMSMw +IQYDVQQKDBpHb29kIE5DIFRlc3QgQ2VydGlmaWNhdGUgMTEVMBMGA1UEAwwMd3d3 +Lmdvb2Qub3JnMRUwEwYDVQQDDAxhbnkuZ29vZC5jb20xETAPBgNVBAMMCG5vdC4u +ZG5zMRAwDgYDVQQDDAdub3RAZG5zMREwDwYDVQQDDAhub3QtLmRuczERMA8GA1UE +AwwIbm90LmRucy4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDigxI +nlYVjHtrFI+Iv/3b0jeZbs1jVnPF6ZREk46BTNAVNZsq24jKFG6yK4n9vKA/JuS7 +jZe+gMX+sWh/S1IlsNDY8/Io1UsG/s1tmsvE2UrURUX4s8HnqB6AZ4Y9Cp4rSADe +mD/YdekRf3HFA0IKQvIFRkpegj8uuWwILC0n/ozMNUlNmxCBlOmtFwjFxmNr9Txa +ZeFvWvvc6oTubAETK4HcjLdimx1tePdd4+0mxJ/akQ3wVzUAI2ysijMmMJDzTxLs +FPkw4yUtJHK0/H2yJtpoJ4wQjsWd6a8F7wY/pHszAud1M8QZJKQDzkJOMnqLKNLT +OKw6dm1UG2J7iuqtAgMBAAGjXjBcMB0GA1UdDgQWBBSTKvqap2ab0z/UPrdDgc0V +m88R3TAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAA +MA8GA1UdEQQIMAaHBMCoAAEwDQYJKoZIhvcNAQELBQADggEBADcdm62qaOHbIDoa +5oUjXGHSQjV1g4BFe6DLH5/CZ0wOws3QzfQbPIxJrp3yJgDcQyZNOE/xQlq/nASS +thU6cUTB07voFVnbotB8YQuNU1wM9TAJOHC9LT1Y0J2GIP6QeXts6Cz6aBlqaQEZ +IrGRLuKVZePTO0Haup0mZ91XoXs3CBzkSerl0XpFL7BeugSigrhprFRPB4UC3IWb +pdNar61Wk4bN/COb6utRkK3iYk5YUTqYFib9EG4VBdxYfXv/tiBIGqQLnqPbId6w +q+McpSEPF1DIcCyL0vEDdIVN0SzxMfnfHMx0Qp0sh2aydIZk4xfEqXHZgZthSrse +u7nhn7s= +-----END CERTIFICATE----- diff --git a/test/certs/goodcn1-key.pem b/test/certs/goodcn1-key.pem new file mode 100644 index 0000000..2ad660c --- /dev/null +++ b/test/certs/goodcn1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDigxInlYVjHtr +FI+Iv/3b0jeZbs1jVnPF6ZREk46BTNAVNZsq24jKFG6yK4n9vKA/JuS7jZe+gMX+ +sWh/S1IlsNDY8/Io1UsG/s1tmsvE2UrURUX4s8HnqB6AZ4Y9Cp4rSADemD/YdekR +f3HFA0IKQvIFRkpegj8uuWwILC0n/ozMNUlNmxCBlOmtFwjFxmNr9TxaZeFvWvvc +6oTubAETK4HcjLdimx1tePdd4+0mxJ/akQ3wVzUAI2ysijMmMJDzTxLsFPkw4yUt +JHK0/H2yJtpoJ4wQjsWd6a8F7wY/pHszAud1M8QZJKQDzkJOMnqLKNLTOKw6dm1U +G2J7iuqtAgMBAAECggEAeQ1xZVOAf36kuTnVUhdplTii6v3JcQIIUjG0dG/U/P8M +otS45uNZ36CelvaVStwHaJEvcVzK4EjgSjiSNJvwkxzPbkA3XkgNVptPmdcG5yqO +RLNOChVeqYdOurdcR1XXbXv57dPbUqpMS2TWjdzieW/QXKuTRsbjTo3D75tJqUO6 +1Bm4sSM3PogmsQwTP8HlZAmJXuSD+ZSB22Np5pT1dn5TvQU6xeA3NJR4ZO/HEZz4 +CHJEiOx2BuGD6M0V1ZL6DzEsyIS/KKsvj4I2F4ROAK1j3lSD5VqrYPXn3oEsQdlm +OW8aVnHPYO6FI0LVLgcIEKxhdwGV3i6v/GRUe0Y9kQKBgQD0Zqn1trAuP5Peiy1K +Wc91yRjQxQTwSD00hzXMtvKzkEIiLEuVZq9qrqQ2TRRa5xneDGHDuUY9eZY8JwEr +l7f8CcfYC93PXLyRM2Gaz0jMxZxVPz5w7zssK3DZ+7JvH3nKkCUl7+Y0tH26qTO0 +wTD9w9jd9bf85SLVgk3zSbUDwwKBgQDM0b2ffZpxyA16h7w8ZBuk1Z+iumrxnn5/ +lKtffR2b4dZN37KiWw2c265vYhRfe/ANnVuagXb9aRM97yeQloRlWR10AaXJz3EB +sromqFShkorYRhwZoRiJC0laLG3W76wKMRr2T6TM1UG9gJ0szdGFG/yUDU+9pTRo +uq514rGgzwKBgQCGtsAgLF7YXzsGg/im7vInnn0LNk4OlAMInS7OdFk7GN0bMQdI +hp1SVIk3VS1PHetoNbL9y3YoFIj3BxjiCnLjfhClyYSt9BQMhSHbzz31gUc2xfGJ +FpSrOBawUMh97/+V4/ZV/vIJQyO6a+GQVJzIg9daIUMVJsgYoAaPf6VDOQKBgFyH +eHnf/XDfpq8vOOuzcgWieG7EduHW72DlohIObNzqRq2BnKraJakyWXh6P6fvTsBn +0WVYjY/n80hsjVw1k3RRsQuiXupv66aPvqcOLsWbdVxFOBaf/3yR+75gCfMq7Xbh +PkP+MP5UbVGWE+uUw821mgKsjNSpGKcjhwM8uXBjAoGAFEU3O8gQXfocVB8lxUeU +c0inLdAIgiw/36NPuW4NwKxzLOmHzlmvn7C98ihnbnGoQ0XBRfLw8siTbD3INgHY +NA0JeK8Qrt56b6wK14w9RzLQTu9gy1pULW21p1wswdNK4tlxfnnnozISZAYxeqAx +YMTtYZN77nb+yY4oE6XEugQ= +-----END PRIVATE KEY----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 7e1086a..018e5fc 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -241,15 +241,30 @@ NC="$NC excluded;DNS:bad.ok.good.com" NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \ ncca1-key ncca1-cert -# all subjectAltNames allowed by CA1. +# all subjectAltNames allowed by CA1. Some CNs are not! ./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \ - "1.CN=www.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ + "1.CN=www.example.net" "2.CN=Joe Bloggs" | \ ./mkcert.sh geneealt alt1-key alt1-cert ncca1-key ncca1-cert \ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ "email.1 = good at good.org" "email.2 = any at good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" +# all DNS-like CNs allowed by CA1, no DNS SANs. + +./mkcert.sh req goodcn1-key "O = Good NC Test Certificate 1" \ + "1.CN=www.good.org" "2.CN=any.good.com" \ + "3.CN=not..dns" "4.CN=not at dns" "5.CN=not-.dns" "6.CN=not.dns." | \ + ./mkcert.sh geneealt goodcn1-key goodcn1-cert ncca1-key ncca1-cert \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + +# Some DNS-like CNs not permitted by CA1, no DNS SANs. + +./mkcert.sh req badcn1-key "O = Good NC Test Certificate 1" \ + "1.CN=www.good.org" "3.CN=bad.net" | \ + ./mkcert.sh geneealt badcn1-key badcn1-cert ncca1-key ncca1-cert \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + # no subjectAltNames excluded by CA2. ./mkcert.sh req alt2-key "O = Good NC Test Certificate 2" | \ @@ -293,19 +308,17 @@ NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \ "email.1 = good at good.org" "email.2 = any at good.com" \ "IP = 127.0.0.2" -# all subject alt names OK but subject CN not allowed by CA1. +# No DNS-ID SANs and subject CN not allowed by CA1. ./mkcert.sh req badalt6-key "O = Bad NC Test Certificate 6" \ "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ ./mkcert.sh geneealt badalt6-key badalt6-cert ncca1-key ncca1-cert \ - "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ "email.1 = good at good.org" "email.2 = any at good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" -# all subject alt names OK but subject CN not allowed by CA1, BMPSTRING +# No DNS-ID SANS and subject CN not allowed by CA1, BMPSTRING REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ ./mkcert.sh geneealt badalt7-key badalt7-cert ncca1-key ncca1-cert \ - "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ "email.1 = good at good.org" "email.2 = any at good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 11bd430..c23e114 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -30,7 +30,7 @@ sub verify { run(app([@args])); } -plan tests => 127; +plan tests => 129; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -326,6 +326,12 @@ ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ), ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), "Name Constraints nested test all permitted"); +ok(verify("goodcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints CNs permitted"); + +ok(!verify("badcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints CNs not permitted"); + ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), "Name Constraints hostname not permitted"); From viktor at openssl.org Wed May 23 15:19:35 2018 From: viktor at openssl.org (Viktor Dukhovni) Date: Wed, 23 May 2018 15:19:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527088775.417172.28993.nullmailer@dev.openssl.org> The branch master has been updated via 55a6250f1e7336e8a7d89fb609eb23398715ff6f (commit) via d02d80b2e80adfdde49f76cf7c7af4e013f45005 (commit) from de9f5b3554274e27949941cbe74a07c8a5f25dbf (commit) - Log ----------------------------------------------------------------- commit 55a6250f1e7336e8a7d89fb609eb23398715ff6f Author: Viktor Dukhovni Date: Tue May 22 01:09:25 2018 -0400 Skip CN DNS name constraint checks when not needed Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson commit d02d80b2e80adfdde49f76cf7c7af4e013f45005 Author: Viktor Dukhovni Date: Tue May 15 23:41:20 2018 -0400 Limit scope of CN name constraints Don't apply DNS name constraints to the subject CN when there's a least one DNS-ID subjectAlternativeName. Don't apply DNS name constraints to subject CN's that are sufficiently unlike DNS names. Checked name must have at least two labels, with all labels non-empty, no trailing '.' and all hyphens must be internal in each label. In addition to the usual LDH characters, we also allow "_", since some sites use these for hostnames despite all the standards. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_strex.c | 50 ------------ crypto/include/internal/asn1_int.h | 1 - crypto/x509/x509_vfy.c | 28 ++++++- crypto/x509v3/v3_ncons.c | 134 ++++++++++++++++++++++++++----- doc/man3/SSL_set1_host.pod | 2 +- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 21 ++++- doc/man3/X509_check_host.pod | 7 +- test/certs/alt1-cert.pem | 39 +++++---- test/certs/alt1-key.pem | 52 ++++++------ test/certs/badalt6-cert.pem | 35 ++++---- test/certs/badalt6-key.pem | 52 ++++++------ test/certs/badalt7-cert.pem | 33 ++++---- test/certs/badalt7-key.pem | 52 ++++++------ test/certs/badcn1-cert.pem | 20 +++++ test/certs/badcn1-key.pem | 28 +++++++ test/certs/goodcn1-cert.pem | 22 +++++ test/certs/goodcn1-key.pem | 28 +++++++ test/certs/setup.sh | 25 ++++-- test/recipes/25-test_verify.t | 8 +- 19 files changed, 418 insertions(+), 219 deletions(-) create mode 100644 test/certs/badcn1-cert.pem create mode 100644 test/certs/badcn1-key.pem create mode 100644 test/certs/goodcn1-cert.pem create mode 100644 test/certs/goodcn1-key.pem diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 6a67bc8..ea4dd1c 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -624,53 +624,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) *out = stmp.data; return stmp.length; } - -/* Return 1 if host is a valid hostname and 0 otherwise */ -int asn1_valid_host(const ASN1_STRING *host) -{ - int hostlen = host->length; - const unsigned char *hostptr = host->data; - int type = host->type; - int i; - signed char width = -1; - unsigned short chflags = 0, prevchflags; - - if (type > 0 && type < 31) - width = tag2nbyte[type]; - if (width == -1 || hostlen == 0) - return 0; - /* Treat UTF8String as width 1 as any MSB set is invalid */ - if (width == 0) - width = 1; - for (i = 0 ; i < hostlen; i+= width) { - prevchflags = chflags; - /* Value must be <= 0x7F: check upper bytes are all zeroes */ - if (width == 4) { - if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0) - return 0; - } else if (width == 2) { - if (*hostptr++ != 0) - return 0; - } - if (*hostptr > 0x7f) - return 0; - chflags = char_type[*hostptr++]; - if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) { - /* Nothing else allowed at start or end of string */ - if (i == 0 || i == hostlen - 1) - return 0; - /* Otherwise invalid if not dot or hyphen */ - if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN))) - return 0; - /* - * If previous is dot or hyphen then illegal unless both - * are hyphens: as .- -. .. are all illegal - */ - if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN) - && ((prevchflags & CHARTYPE_HOST_DOT) - || (chflags & CHARTYPE_HOST_DOT))) - return 0; - } - } - return 1; -} diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h index fdd5f1e..962c3c6 100644 --- a/crypto/include/internal/asn1_int.h +++ b/crypto/include/internal/asn1_int.h @@ -107,5 +107,4 @@ struct asn1_pctx_st { unsigned long str_flags; } /* ASN1_PCTX */ ; -int asn1_valid_host(const ASN1_STRING *host); int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 447f5e0..3a60d41 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -560,6 +560,27 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) return 1; } +static int has_san_id(X509 *x, int gtype) +{ + int i; + int ret = 0; + GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + + if (gs == NULL) + return 0; + + for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) { + GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i); + + if (g->type == gtype) { + ret = 1; + break; + } + } + GENERAL_NAMES_free(gs); + return ret; +} + static int check_name_constraints(X509_STORE_CTX *ctx) { int i; @@ -658,7 +679,12 @@ static int check_name_constraints(X509_STORE_CTX *ctx) int rv = NAME_CONSTRAINTS_check(x, nc); /* If EE certificate check commonName too */ - if (rv == X509_V_OK && i == 0) + if (rv == X509_V_OK && i == 0 + && (ctx->param->hostflags + & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0 + && ((ctx->param->hostflags + & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0 + || !has_san_id(x, GEN_DNS))) rv = NAME_CONSTRAINTS_check_CN(x, nc); switch (rv) { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 1f1996b..dea6c6c 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -297,48 +297,140 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) } +static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) +{ + int utf8_length; + unsigned char *utf8_value; + int i; + int isdnsname = 0; + + /* Don't leave outputs uninitialized */ + *dnsid = NULL; + *idlen = 0; + + /*- + * Per RFC 6125, DNS-IDs representing internationalized domain names appear + * in certificates in A-label encoded form: + * + * https://tools.ietf.org/html/rfc6125#section-6.4.2 + * + * The same applies to CNs which are intended to represent DNS names. + * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be + * needlessly encoded in 16-bit Unicode. We perform a conversion to UTF-8 + * to ensure that we get an ASCII representation of any CNs that are + * representable as ASCII, but just not encoded as ASCII. The UTF-8 form + * may contain some non-ASCII octets, and that's fine, such CNs are not + * valid legacy DNS names. + * + * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what + * we must use for 'utf8_length'. + */ + if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0) + return X509_V_ERR_OUT_OF_MEM; + + /* + * Some certificates have had names that include a *trailing* NUL byte. + * Remove these harmless NUL characters. They would otherwise yield false + * alarms with the following embedded NUL check. + */ + while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0') + --utf8_length; + + /* Reject *embedded* NULs */ + if ((size_t)utf8_length != strlen((char *)utf8_value)) { + OPENSSL_free(utf8_value); + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + } + + /* + * XXX: Deviation from strict DNS name syntax, also check names with '_' + * Check DNS name syntax, any '-' or '.' must be internal, + * and on either side of each '.' we can't have a '-' or '.'. + * + * If the name has just one label, we don't consider it a DNS name. This + * means that "CN=sometld" cannot be precluded by DNS name constraints, but + * that is not a problem. + */ + for (i = 0; i < utf8_length; ++i) { + unsigned char c = utf8_value[i]; + + if ((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || (c >= '0' && c <= '9') + || c == '_') + continue; + + /* Dot and hyphen cannot be first or last. */ + if (i > 0 && i < utf8_length - 1) { + if (c == '-') + continue; + /* + * Next to a dot the preceding and following characters must not be + * another dot or a hyphen. Otherwise, record that the name is + * plausible, since it has two or more labels. + */ + if (c == '.' + && utf8_value[i + 1] != '.' + && utf8_value[i - 1] != '-' + && utf8_value[i + 1] != '-') { + isdnsname = 1; + continue; + } + } + isdnsname = 0; + break; + } + + if (isdnsname) { + *dnsid = utf8_value; + *idlen = (size_t)utf8_length; + return X509_V_OK; + } + OPENSSL_free(utf8_value); + return X509_V_OK; +} + +/* + * Check CN against DNS-ID name constraints. + */ int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) { int r, i; - X509_NAME *nm; - + X509_NAME *nm = X509_get_subject_name(x); ASN1_STRING stmp; GENERAL_NAME gntmp; + stmp.flags = 0; stmp.type = V_ASN1_IA5STRING; gntmp.type = GEN_DNS; gntmp.d.dNSName = &stmp; - nm = X509_get_subject_name(x); - /* Process any commonName attributes in subject name */ for (i = -1;;) { X509_NAME_ENTRY *ne; - ASN1_STRING *hn; + ASN1_STRING *cn; + unsigned char *idval; + size_t idlen; i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); if (i == -1) break; ne = X509_NAME_get_entry(nm, i); - hn = X509_NAME_ENTRY_get_data(ne); - /* Only process attributes that look like host names */ - if (asn1_valid_host(hn)) { - unsigned char *h; - int hlen = ASN1_STRING_to_UTF8(&h, hn); - if (hlen <= 0) - return X509_V_ERR_OUT_OF_MEM; + cn = X509_NAME_ENTRY_get_data(ne); - stmp.length = hlen; - stmp.data = h; - - r = nc_match(&gntmp, nc); - - OPENSSL_free(h); + /* Only process attributes that look like host names */ + if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK) + return r; + if (idlen == 0) + continue; - if (r != X509_V_OK) - return r; - } + stmp.length = idlen; + stmp.data = idval; + r = nc_match(&gntmp, nc); + OPENSSL_free(idval); + if (r != X509_V_OK) + return r; } return X509_V_OK; } diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod index 9e0210d..b4d7d5e 100644 --- a/doc/man3/SSL_set1_host.pod +++ b/doc/man3/SSL_set1_host.pod @@ -56,7 +56,7 @@ is cleared or freed, or a renegotiation takes place. Applications must not free the return value. SSL clients are advised to use these functions in preference to -explicitly calling L. Hostname checks are out +explicitly calling L. Hostname checks may be out of scope with the RFC7671 DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE is enabled. diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 7765029..61b52ef 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -133,14 +133,29 @@ B clearing any previously specified host name or names. If B is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If B is NUL-terminated, B may be zero, otherwise B -must be set to the length of B. When a hostname is specified, +must be set to the length of B. + +When a hostname is specified, certificate verification automatically invokes L with flags equal to the B argument given to X509_VERIFY_PARAM_set_hostflags() (default zero). Applications are strongly advised to use this interface in preference to explicitly -calling L, hostname checks are out of scope +calling L, hostname checks may be out of scope with the DANE-EE(3) certificate usage, and the internal check will -be suppressed as appropriate when DANE support is added to OpenSSL. +be suppressed as appropriate when DANE verification is enabled. + +When the subject CommonName will not be ignored, whether as a result of the +B host flag, or because no DNS subject +alternative names are present in the certificate, any DNS name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension. + +When the subject CommonName will be ignored, whether as a result of the +B host flag, or because some DNS subject +alternative names are present in the certificate, DNS name constraints in +issuer certificates will not be applied to the subject DN. +As described in X509_check_host(3) the B +flag takes precendence over the B flag. X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a call to X509_VERIFY_PARAM_set_hostflags(). diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod index 7b96b7c..dba6a69 100644 --- a/doc/man3/X509_check_host.pod +++ b/doc/man3/X509_check_host.pod @@ -93,6 +93,9 @@ consider the subject DN even if the certificate contains no subject alternative names of the right type (DNS name or email address as appropriate); the default is to use the subject DN when no corresponding subject alternative names are present. +If both B and +B are specified, the latter takes +precedence and the subject DN is not checked for matching names. If set, B disables wildcard expansion; this only applies to B. @@ -128,9 +131,9 @@ NULs. Applications are encouraged to use X509_VERIFY_PARAM_set1_host() rather than explicitly calling L. Host name -checks are out of scope with the DANE-EE(3) certificate usage, +checks may be out of scope with the DANE-EE(3) certificate usage, and the internal checks will be suppressed as appropriate when -DANE support is added to OpenSSL. +DANE support is enabled. =head1 SEE ALSO diff --git a/test/certs/alt1-cert.pem b/test/certs/alt1-cert.pem index b94d0ea..d68b0e5 100644 --- a/test/certs/alt1-cert.pem +++ b/test/certs/alt1-cert.pem @@ -1,22 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 -IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGgxIzAh -BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu -Z29vZC5vcmcxEzARBgNVBAMMCkpvZSBCbG9nZ3MxFTATBgNVBAMMDGFueS5nb29k -LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAv1X8S8uUpnjTa -3bv7m1jJbbX7bC9w7k4TfxiU5XL/m3EhN//EUBJSoamy6vFC6oy/6jA8XmptlVrY -Sp3ZKFdjdZh+CyYZKcrv4JReF2lfRIINn6d6EgcAobGTNwdcv67xuNtMi0meAvmK -gLjOa/IhCHNC+l8vNDJx/a+7mxH+yNxPL6lC/kJMja6oaYndx74WJpPC22LJ/cCp -xspKKsoPYYjk0BX9RvbKO8s4b86Wjzzntht+NpQ4LLh9XwPZog11qGE4UIrsV8XA -YxJrMGQNZd69cnCOz8vnOVCszFOa4qVvXeAGr0iFlZAXbQJevpiiXaXHMEt8C1qH -xpcW8DcCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUw8nB25NP0gUaFCrOwAO5KzllnREw -HwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMwCQYDVR0TBAIwADBIBgNV -HREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNvbYENZ29vZEBnb29kLm9y -Z4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQBUnDMrg1py -8/iYXzs11Qbw7bBhc/HQDpu5QVgriaX2zDUpTLSEUV7qZFSHmwWm91ILw2VA1Xni -ua2sF19o/tJT0ZHpapkfqGpfsym2H04NDMKy0l0fSZhlCB5Kv5wpiFt9hBUrxS/2 -Dd6Kg+Ka02nD5QBXSAk/xz0FmgezzGGCLjg85/Sfe9Y7tNhQXh3HuGXuJizYccdQ -Fh1IAFYW3DZoDKS7dDTCltvDEma/2IE684+CRJiA6PH9rYfJ1CCUfAMpyA85CxKT -P68GDKI++WoUgM8LDfxS0KOL7A9cqcpM2L27hjyEgnqIBPHFfm9fxztBotuCTl5L -vRlTFVjv65nn +MIIDgTCCAmmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDIzODEzWhgPMjExODA1MTcwMjM4MTNaMFQxIzAh +BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRgwFgYDVQQDDA93d3cu +ZXhhbXBsZS5uZXQxEzARBgNVBAMMCkpvZSBCbG9nZ3MwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDTqvf6j+WxCtn4RU8/6uXXgCTcksv6NDXCZ9JAz4Vv +cQbJfhFbDWpGZQZDOCqwtj+7CSVIraxItHzPlrt36cevsoPmpuqGbHrUaOLneme2 +x81SXUq0z/DmDvwxVENmRj1u7iCt3sL7awcid4SiotLOY2F1jBazmqprqKZBUiyQ +XqpSp+9uSav77ydwDXCrQozBdns1YRshgU9omQrTcIqHCj1f9Lo+A2y4+TZYZkvS +DuUZiTfPTPouR6sopM8JLyAZc+TvFFncEg24N+zz3O3jwH82BZEjzavw92J9npJB +UXvKb8O9z7UA65WYuL2he7kSQCsPNLoRWZnVpchwr3VHAgMBAAGjgZgwgZUwHQYD +VR0OBBYEFHvLhGWckFjVXdDI3ds9Wti6zgXAMB8GA1UdIwQYMBaAFAjRm/nm1WRw +oPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYDVR0RBEEwP4IMd3d3Lmdvb2Qub3Jn +ggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgA +ATANBgkqhkiG9w0BAQsFAAOCAQEATVcTyrAxsehdQNrkL6kquXxWlyegJcxvVxUe +hfh9+Lw4620b2S1/l2YxFM3peLAsRgJOznmJOeG18+y7/kx/3UNqYGY7e8iJQ3Gl +JwDIJp5JCaUOlodjhMJtRc7jn9RcsL97oizXdcryyWT0vSlM9Pie9NtHG5iq5X4+ +oL3X8+OG25MOkF2h3YVCEG3vDu7quyTlHc2ebwpdLZRndcOewO2Cap1ettyWXUPP +Mha6wyJE8LJhrGmrI8Lw+i7gGscP0xYZn3yCLk5BtOabn4dvCiDmb+TPruKQQARw +BG45LEZzGxz+Ad3xRdZyVi1I67v9YShoYTCpMTSxJaR0erH74g== -----END CERTIFICATE----- diff --git a/test/certs/alt1-key.pem b/test/certs/alt1-key.pem index b5d4d32..6df050a 100644 --- a/test/certs/alt1-key.pem +++ b/test/certs/alt1-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCwL9V/EvLlKZ40 -2t27+5tYyW21+2wvcO5OE38YlOVy/5txITf/xFASUqGpsurxQuqMv+owPF5qbZVa -2Eqd2ShXY3WYfgsmGSnK7+CUXhdpX0SCDZ+nehIHAKGxkzcHXL+u8bjbTItJngL5 -ioC4zmvyIQhzQvpfLzQycf2vu5sR/sjcTy+pQv5CTI2uqGmJ3ce+FiaTwttiyf3A -qcbKSirKD2GI5NAV/Ub2yjvLOG/Olo8857YbfjaUOCy4fV8D2aINdahhOFCK7FfF -wGMSazBkDWXevXJwjs/L5zlQrMxTmuKlb13gBq9IhZWQF20CXr6Yol2lxzBLfAta -h8aXFvA3AgMBAAECggEAa073DcqQvhq3DSIw4wm/+DfW5nwXzF1QB6XAR0yI453j -IuhEnzcGPeKuLBmZFxDWoptRG8fpCZFs4kPSTomxFGizewlp6O5ykfPAKR2VzMwF -geCiWPL0f+dWlD1Byu4moXsASDE6tL/UuAAvnl+7R2HvL6SfsdGiTQc4qAvvyukM -szks+MePHSlXmL5Eld7HfKgpvxY1SbYOQU0aPXAQAnLaOT931q+tgZMG6nBWN+pu -w5bgKCA26BMAAaUAdIIDEa9fjzkpXjElCT4qhJYVKQn9Pb7aSc4jihSpCknqbb9c -55nW5PWMZJyCbCOUG/SVTblXV+NmhdtwrgUbHImXIQKBgQDcb/7vp+rq06uNx3b4 -AjTZdzCVbHM8gp7b1GkGD0SncrzX6RxPSzNn7d4AUKY065bwa89A+TRwV8DSo7G8 -hxjzdU/FKCg8ce0eqoCtWjIT2r+rV2P9dFhfRT5jdOwHrym8LeSGzANjIBNV7FOf -FIRkQ1BVD0QSPla+26ASqsw60wKBgQDMnEzChQWgAsBelALmGaj/wDdWDUXK8xRg -s7dG1Sx41SLk39SAjCUYXPyy8IHBitJtPZNDp23tR4/m8Ui1pB2T0EnlzBsuzrZ/ -0aCbJnQ08FXE8iVajrgce4ZCdT8vkeH8EVhqDpJIlAhoKy3HaoAr4o2/uRoGDpHZ -iAbDLTEOjQKBgFrp4dXLhkqFNArMShetKUjLLIFj8f7xzDzT1ODH6UO6QYI2xRM6 -65+gbd/pYzMOOvk7LYYZgXQX7RGyq3oaqcK3Dkg88KNFRUtRfLKCMYcYv9YVu8pr -cosQTtPMBBCDQI44yziA6aC3OOJGDpLcbmG/lWEPY762cSZUBCfOw147AoGAd8S+ -AdcPtdwmcrY9BCfdDuea/JoEUon7UaehDqtVvt0z8bk7kIt4Y0x69ttleL8j8aHr -g9yLsisDhvGR2BFa5t0zhHn3J20E0skINAlMWHieHAyJ5PpJtxJvQpOTCutf1sbo -dBxXcHiGe0NbJrGmmQmiY6mcHBOHOEgxfSoE3zkCgYAc+ozIr3xmUcooUeA7uqpd -LvGGqHThGrtXVFIErOIcajC9bHEeZw4Do/oT5L7Wr7pOZ20VUmuRvwytd7IYYTVV -g+nIyKaMttEaCzHEsO0CQUHexOkJbL4rpc3HiK5hIhL8Yo2L/obQgCxYmvyChpo3 -sXJAoFllBNfAK3aanFOR1Q== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDTqvf6j+WxCtn4 +RU8/6uXXgCTcksv6NDXCZ9JAz4VvcQbJfhFbDWpGZQZDOCqwtj+7CSVIraxItHzP +lrt36cevsoPmpuqGbHrUaOLneme2x81SXUq0z/DmDvwxVENmRj1u7iCt3sL7awci +d4SiotLOY2F1jBazmqprqKZBUiyQXqpSp+9uSav77ydwDXCrQozBdns1YRshgU9o +mQrTcIqHCj1f9Lo+A2y4+TZYZkvSDuUZiTfPTPouR6sopM8JLyAZc+TvFFncEg24 +N+zz3O3jwH82BZEjzavw92J9npJBUXvKb8O9z7UA65WYuL2he7kSQCsPNLoRWZnV +pchwr3VHAgMBAAECggEACPTB+1sdV+lioaulF8pDoWOtq5uWf+a3o5sq/U0Kk1WP ++PSZnWWq6oGZyzxUKhf8CFjxt+qJUKY6Zbo2AnPk3B1MkXTclYV/iP9LIoo+WzCH +EoYaBB6MTd+ycg/jri8oqEnxHgo/681yhtXRyePj0ZHI7OVZjI3tyhJfvoHQmuci +u6qYYUP0GWuyM+kHS11vn6Q1U8nOZWvXpEDXDDdJ7+2QRuv01AXcjFxpbFzkMn2W +JkhKkCTIQpUU66VMRHwNexi+TR2rRESq0G+fa+6gaVFVIs0vBukq48IeC5W21j1L +zyftHxci67FlYC9iaiUxDVt3KB+lcukx6Cz5mjtzqQKBgQD/GrAtFfjiXKj9O5ld +K7dnnBHE8fzyWQWyOfwpVjNAC1J7tgwFvDpBpTHOwS5JnCwMWWM3rkBPRhCusmrF +AtfE8b643G+cJbTgDuEhGh11QR0p9VWMVFQL9kZxx12PegDtFBfzcfcI3XQwKVKL +ZbQn4ibW3BKSt9+Nh3APa0s5iwKBgQDUaTxZBajTdzoDd6Pg3warL5BhsxWr2tUQ +qf+iVoba2Y9NTBdxBht2whSaYweU9kxmeNZvnCu95B8HeRGE69Dxb7IWwpsaxoaf +ND0NcCF7aPZgx7hvhbHF7duzt3nuv+q5sOuuyHPzm+nF2snAuY3Zg+Bpv3nlYekf +18aXZdwStQKBgEpF8e9ei1UUl1sLZC6dUMvIw9+sePHye1cVzNYYM9m8sio0qbFt +ySRdvW+uDRT/dE+wItQOVsj95FOIvM9ZcYr0u4vFGnXDALOPgXqKyPLfn2cc9+hg +kQvei0oLOrFQWz6rcAHAN6WMHIz9KvxNAzPtg1NhRcMT5/Gj8jt7CK7bAoGAIeKz +7OO5Phr8F0eDzkDmGHMbDmr6XxMnAGSOUoCJPOqOMN+dsbsusHBfxw1bTUlJgONw +GhgI5l85EAEhaVoRWCLgfz8GbWwUV9uGjdlAjiZ9f4z9AFWMua2rae0wN4VIVd1C +i/yQeuF5lsXDf8paNcQTDeus74oCHcFXfhmS1S0CgYB2q8E+H0kFHbUxkIZYwhsM +r0lTecn+kVsyPPje2UlzfTwvcC9dFIC4ppCdJGUJAwi/PJnr6xNyOH6I1pjUA8ER +Aofm4Oj2DwX8W+81oO71/RXSfEFUjdOw0H6iRDyvWa1gqftj2/aWjV7Ifdo49thx +EzX/9GdsRInifN6FfOfo/A== -----END PRIVATE KEY----- diff --git a/test/certs/badalt6-cert.pem b/test/certs/badalt6-cert.pem index fbe040b..f41568f 100644 --- a/test/certs/badalt6-cert.pem +++ b/test/certs/badalt6-cert.pem @@ -1,22 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 -IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMGkxIjAg +MIIDeDCCAmCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDMyNjMyWhgPMjExODA1MTcwMzI2MzJaMGkxIjAg BgNVBAoMGUJhZCBOQyBUZXN0IENlcnRpZmljYXRlIDYxFzAVBgNVBAMMDm90aGVy Lmdvb2Qub3JnMRMwEQYDVQQDDApKb2UgQmxvZ2dzMRUwEwYDVQQDDAxhbnkuZ29v -ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKz8F/ndKz0vuv -BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu -9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd -7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+ -6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb -jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8 -1L6m8ngXAgMBAAGjgZgwgZUwHQYDVR0OBBYEFBIKyD5bUUNIFxlQJl/rBvvIm0XZ -MB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkGA1UdEwQCMAAwSAYD -VR0RBEEwP4IMd3d3Lmdvb2Qub3JnggxhbnkuZ29vZC5jb22BDWdvb2RAZ29vZC5v -cmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG9w0BAQsFAAOCAQEAa2lydA7a -YgRhYeIuPEtR+bKyDkIKNjvx2IRL/FL70s/IWFWDK1rpsMYLGNa7rWpW5gq4T6zb -JIwC/770Rw1p+0j9eAC95d2wCEhyNcLdoP4ch7whr0MhxYHUJ8zQGPdQ97DWGoEB -2seLjrhMrX004TM4UlM+lpjsb88QEcD+kOEhdDTKm0ABUygOr1KRay437mtUhAzb -WyUbAjKbhgyv6IFRNHKy6YtCMugPihn+Pd1NY6c2ACRVOAUS/+rvVyjxBCATW5Wk -zAtNIxYgcm3rYRroGYT2BGj8Ic7oqPOWPdGWhsieX0c+y2ZnS727Kwc5tXFfW9By -GH32QmEN5o5jZQ== +ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl46xhstHmmYhp +XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ +E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP +DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc +qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg +gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2 +KRL2Le8jAgMBAAGjezB5MB0GA1UdDgQWBBRJJljvheyfKr9neNplhIMIFx25QjAf +BgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAAMCwGA1Ud +EQQlMCOBDWdvb2RAZ29vZC5vcmeBDGFueUBnb29kLmNvbYcEwKgAATANBgkqhkiG +9w0BAQsFAAOCAQEAPfRFkpkTsPlH54n/i3kxR8Hw17kUOV0/v39fnNzV+PXS/IIU +9OFfP7qNeuoWVQKXCwNWGWYXb7O0LNJMJQWWtyXtzWH3rOSxdSRIrTsCVHA41Lbo +te2nrfnGMtg6em51Do6Kk0JM304sVAWl5OY/eckBmuDgN/5WfZudOLd8Ohv8vZ6U +ZNoSBNpu1x5gfEPywMUGAgbkNZVpzNAfulx3/D2kWk0qwEKqnphUyaXiTVqO49gr +n1LwSVdqBcmapBmEO3puV4TBWFwM49iMMNGn0fp/JBVsLjt+q7TK96qGBo/BSEL+ +e2TXTNpdkn3l+ZK2FYdf7s8fytoe+6o92dN+fA== -----END CERTIFICATE----- diff --git a/test/certs/badalt6-key.pem b/test/certs/badalt6-key.pem index 203a4c7..782d693 100644 --- a/test/certs/badalt6-key.pem +++ b/test/certs/badalt6-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKz8F/ndKz0vuv -BymjTUjtrWSQsnsuisR+oW8CIliNBi8yqqeNrtoa2s+e2GBC7gxDlK9IOqGo4Ulu -9jY5On6RysrFWLpK97I7EP9cg63alH+NRFEwczRzErHtYx54yiBjcovcCVeTtdnd -7/P4T8hIGy6QjdW68lzwnN/I9x11NWoipIKvAOGXz0L/WaPPWZ0GJFlBqEX//O3+ -6sweSUX4ivAC9txou3rwDA8kJx5Ge9trQ9dPPG/jpL96f1DLE9H2SkVff1KLTPmb -jUwiYj161lsKLxGkbdmPWRjt1pP4+5UUhioo1Y0WrTd5ELwB1eKTtWsOlRsdLOa8 -1L6m8ngXAgMBAAECggEBAJNMHK8BAvzTqTPPsfAGu4bTvgxRdKGy609FFAiqxUF3 -UmQsCZEfgwyqCszFPfSeS43xuPRukObE6L6MV4ls8GwWqvp1nKfCClJX3/9jK6tq -2tDQ416a7Wb+FvfgW0tDEg7oLKfcqRyAoQFNuxWHbGDiTQlz2dzzFYkzhlzBDUYH -/pu9qkNFGfYMFwsBUd8pp8zMnv552CCIgalBBFr1hy9q47HBaJPaF2/CjZJmsqkp -rVMBH7+j0y1DW3JO5rSKcRdz+mgEd9m/yQIazvBPJKxeGza8JfLBuACYFLIoO1S+ -b8s/zmQPHeZwTxSsM64M1uYi4dmJy0viozLlWsjrE1ECgYEA/GxGG/lB1mL+Hzmc -kXzWmA2nLPxZXGxMBOYH/n8l4OyDmKi2Bmly7kS0kLdY6gYTVBWFCRcvPxf+UJu9 -x4NcKDkjXVXSg7Muux3Bh1JoRCOKB2Hk3pqdDe55GcT5bSikkd5PYCNobcnqzSK1 -HzKveDdukraZxIPFpVs1VM9/gxMCgYEAza+BJUAEWoq925a1RKlMwdXW1ONBhFqU -fXon15fgycHkiYIBGbGE65Oyz8BwE6jNAT+SwKlNCc6jPAkXvEUpczEi5Rcox8Ec -hNoXBHcBxHEhtfV2VKX5I9JFAadmvnfS5St7HjRLzE2Y6xym1+fKfnAlSLpdb3W2 -eRqVBi3F020CgYEA6K/yrQTHwRX+BdC42JCIzSAA1IJG6eDW7skR43NX+pBr+sTD -DwQTszrYbHLnXst888zmluutXO8EO1Bl0E3yHQ4W4IolhcweLtUOOm0nunA8Y/PE -48MJNfd34N5nw01s7x5Mc2YQdOxmKvVsmzbA9AO9RTdYZgPGpVh/wA+LDssCgYBh -F2+G/ekQNF3awhFfD+vDtAVtCLlsmLVvZbJY+sCJfJU8s7mBP2LXMSk/GD/Ph+b9 -p9zGRSSwdHJpbIFfxeYDEja+nWgKowWrUKd83BBhgmW/Vtc8rfwlBKS+Wx8M2dMb -iqLbZyRAlICSuzumvyu+84EmC5L/gjlYgUvHVuQDIQKBgHH7q3hrKI5mQ0BR9h75 -4yP98c+Duz8IsQllIG0gzCiiOYIVTl3uzTCa/E9Sa+jG+kFsCeUDchmC6LmHdF/Z -ZHfECcQT4B37xMMwvjwNW7E6/FyRx3XC762Fd5vlz3fBuVKburfh1JpfpcO85Wvo -R1UfsJugW9Yetsqd9WB6q3ln +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDl46xhstHmmYhp +XY/FcnQStR4XHtHcNRyvq1perl0fezeCY85KkddGppic5qIWQDL4ViP3HfvhMlDZ +E0tAjEfr8Auac9gpa2IFVJAzMnnzOkhO6cr5kmid4392tNCG5sUWS99t2Z4f9sOP +DQKdoN7lnmxnpZqNf9NUERsN5i4fcvErfQZ4LqV5ld810ZAQZUfarn1rg6/U/ADc +qA0uQgk9RxVgSDt3M5mi8AaC73Be9nAefXQUybzs6J8EfsDijhD85msxs4Fha4pg +gM+bXHv9C7whxM5F2WTeET0cIcAfE3+jzQlkjcjlS1rTEq4d0Pd+1rXkhMwZeze2 +KRL2Le8jAgMBAAECggEBAMcDjTTa2GmYWoZUr+UPizqyvsTnMmg/NoFBhy9WJVne +kpR3kJvvm30XNiEGbCV1GGryL5p7w5UVuPXjhQ7xIkY3feQNC4H361iP93HK7dXJ +i9V9AfGCdLzSuILsT2Wpm88MifUQIpqrRmqtqakKHkyMFG655409rpYlZNVogl9H +vzrTE8rjysNMjP+bpbgkxUJfeATw8OYhEwd9ahj/E0r0r2enYhGEP3j+1zYsGdmM +L2Uy4M+modaAWpZg5pUWpFjxl+V2cSJHdaQc8KYg8Z8RUyzYipFk3YzjP5jtprq5 +dHf9FqlcXk+MtzcYe+x8mIb3uwZhOtdpnUqe5l+GTyECgYEA9j++rS9sajQzMqp0 +p+EptacD/p7A3wldIDGEpPJsSQL+vhcigyn4iPCM1pGWR4iuR7Od9RpQSf3Tfnqc +ZwUJQOpiYpxo1+QlqlBJkDjDRztp+kETZAgzc084ZhwQv9PfYyxa+8layQFhnClt +Z9G0o4AV1povVeQLO5+9CQZQ4VMCgYEA7v4WuydzlLGKppsJEG8vvieR64mjOfO4 +gHBMEYnzEeTZPDvIfEfguM1upJCvt5GXp3huVHCAsFgs6kDjVbpIL1A2HzrMPtOa +MNDSOrpuLcakAgEgx2VFv4TMnA1QKPg3//YCqEqqTJyX0C4OwaADRZJS7YfHp9lg +mpv90baE8PECgYAv3oxulj15F9SsEL7Es9yr11/La4kK0oMr8vRaLFYoi1CCG3U2 +Ej6iQEDgpUSVe1iFz8DxGMBq4dDvUV5+GFiIKggeK1GmRk+cICdsxdwQSNh9MZFX +bNCzpb7M+r+2yrUuTj0RnT7svDwBY3xFJlr7PbcBFNAG3mHgoVjaHEQ0yQKBgHbS +zepvSv/65bzACFmrbklU0zAQVp9RlcIGE0wFEl0rMvbHon5oHkrDmOcpKLRUJtqU +/gXtiY4jyPEPIfhVjd44OzB7w2DZRChRKrUYS/9ma9SzSuDYcT0vgat00w4Lm4wf +fGK//Lvqf3B59cw/CmFkxuZiQ9ooMees9x11adOBAoGBAMdb0r8sAtgh+KTbA8Kq +guIWiknOk6/LYUTuT3fidPIPbErrUQQR9WWHuXjrj2RyHI/RLjYLFamikvhU7PmE +jPjPAo4p1a0WBwrYgjGDIRjTVjbUK282vuYkunGWYfgnZurAyjJCndL/eNZuX2F5 +m1rTfab8O+tOOGKGyzfouD2A -----END PRIVATE KEY----- diff --git a/test/certs/badalt7-cert.pem b/test/certs/badalt7-cert.pem index b515ba4..4fa81b3 100644 --- a/test/certs/badalt7-cert.pem +++ b/test/certs/badalt7-cert.pem @@ -1,23 +1,22 @@ -----BEGIN CERTIFICATE----- -MIID1DCCArygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 -IE5DIENBIDEwIBcNMTYwNzA5MTQ0ODExWhgPMjExNjA3MTAxNDQ4MTFaMIGmMTsw +MIIDtjCCAp6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDMyNzA5WhgPMjExODA1MTcwMzI3MDlaMIGmMTsw OQYDVQQKHjIAQgBhAGQAIABOAEMAIABUAGUAcwB0ACAAQwBlAHIAdABpAGYAaQBj AGEAdABlACAANzElMCMGA1UEAx4cAG8AdABoAGUAcgAuAGcAbwBvAGQALgBvAHIA ZzEdMBsGA1UEAx4UAEoAbwBlACAAQgBsAG8AZwBnAHMxITAfBgNVBAMeGABhAG4A eQAuAGcAbwBvAGQALgBjAG8AbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBANStByWr70u2A49OO+LYu0ivQP+uBu2n3E6RoEYf+op/+JF3clwfMQCGqiSg -QxOJMHkcu4gJDudRLCSXqHPnR0hOd+mQ5wQQJmLj8A99ImcD2oN5R3V5I4bSlXP9 -GCq2pFDnwXuEcJ3d2Dt1HYO4jA4Ol/RBT3NIqmwSnQzXv98mjYFpy6AuAIaYGmbh -1DLWxsTPI2NjNafJYS85NrQDLkTpq48nCmQCJ+ly6Zzu7WuJiDKD1Rxs7ZwgNtLi -Zhp41TeFHxCbfSFKe9u4rnUmImKxwgc9KuzOLpLAzD9avWpPGHtkCsLFsiw/EJYf -UdeCXc7tz9WhXZzOk/ffLOcrorMCAwEAAaOBmDCBlTAdBgNVHQ4EFgQUwYsR1XfZ -2cPcAR7i5i9obalnJcIwHwYDVR0jBBgwFoAUCNGb+ebVZHCg8Wsanu1S2t31UEMw -CQYDVR0TBAIwADBIBgNVHREEQTA/ggx3d3cuZ29vZC5vcmeCDGFueS5nb29kLmNv -bYENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29thwTAqAABMA0GCSqGSIb3DQEB -CwUAA4IBAQAN/klfzMLi2acp5KdH9UZR4XCk3cZBOuMuI0vU+wrU/ETgY6rFhAwY -gSZsO6vX0mt/G6QfOmY5+kW4FY5XavGhhNVY2x5ATZKvQCf+orIsUHOBxVTjH6az -uEnxGDRTbjXSkBTCTSoOqdJNeOmEwiaHEVy/atumUW2B2KP5FeBGdud/94c4Q9/O -WBJ0EICGF6hYTDra63lAjxyARTvocVakIE8zytT1SbU4yO05mYPyNdXxiXikepFE -phPQWNSLx4EPBIorGCFj7MPDmFCH/+EjDjGz3SNUvqsak6MstzK94KVriQyIHKex -IL5WuKFm0XSGKTX8SzyMGErMGeriveL2 +ggEBAOG4PegItzkmJDwlSA/FyVHWLWUIQrnxgS0KSds3On2CMsjDJ+X77B4s1IPI +yKHuqNbXqV/hJGAxKnZRZe0D6VsmKlYOYpz9QtFxvpo5DwA3q6BTx6sIElFn/lip +Pbu5ZeIMNeN4bot7x5sBobr6OgidAVaAuqQHHJnD7mQ1s22qY0UqkBqNBhhJWOmx +YC0Q56WDi9+C7Cy2+kiiSlT4jCZ8m1K0F7tTK5mF0p4HppXmXLzcecZ/Sw8jOqQK +JM/4UCj/nxWCGYKWkv8zLJtG+ryfZMf15/0Cd1dzHAS9mYU4mFssPdFyT+WFpw7b +K3TOTXkS/tAPbj0xin2wqBJz8m8CAwEAAaN7MHkwHQYDVR0OBBYEFOWYNq+H1LH6 +lZUpgijb/S/sAiDsMB8GA1UdIwQYMBaAFAjRm/nm1WRwoPFrGp7tUtrd9VBDMAkG +A1UdEwQCMAAwLAYDVR0RBCUwI4ENZ29vZEBnb29kLm9yZ4EMYW55QGdvb2QuY29t +hwTAqAABMA0GCSqGSIb3DQEBCwUAA4IBAQAwUxnqq0gBgKmEHIRgZVu10KtOknjt +p/wEcqQ9METvXb+4/a4U6ftjTgaOrPVjamNFlaoUcTgx2nk2zRsjM+e+tpnxDgRR +/yoVB3HsISpdeN70s/WYAgvev/FdV3O+JWhUYHdKrDB4DMfPhlRIfSgOymJljo6+ +wL8qa7lVonF91Im4SCbq4dqtAnbg4ttblQ3yjFfQtuwzyJD/3ism6FQPLbg1K4eu +1Si0EDL4Fct581Gb5D+NU8PYiwg7Nk8ubNlRHXydoVGDLmT0hLE+/IsPd1M8tMqm +sifRl2Is+lGVeg4pPHFjB0npTNkaYafu89dz/3PNRRr5If06B+apk4AX -----END CERTIFICATE----- diff --git a/test/certs/badalt7-key.pem b/test/certs/badalt7-key.pem index 50557e8..b453f1f 100644 --- a/test/certs/badalt7-key.pem +++ b/test/certs/badalt7-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUrQclq+9LtgOP -Tjvi2LtIr0D/rgbtp9xOkaBGH/qKf/iRd3JcHzEAhqokoEMTiTB5HLuICQ7nUSwk -l6hz50dITnfpkOcEECZi4/APfSJnA9qDeUd1eSOG0pVz/RgqtqRQ58F7hHCd3dg7 -dR2DuIwODpf0QU9zSKpsEp0M17/fJo2BacugLgCGmBpm4dQy1sbEzyNjYzWnyWEv -OTa0Ay5E6auPJwpkAifpcumc7u1riYgyg9UcbO2cIDbS4mYaeNU3hR8Qm30hSnvb -uK51JiJiscIHPSrszi6SwMw/Wr1qTxh7ZArCxbIsPxCWH1HXgl3O7c/VoV2czpP3 -3yznK6KzAgMBAAECggEADjQ0Kv7tr3fLixGljEP/Vh5mT+02hz7TxueQ9b4DBKcB -We3JVH+8zRUxXdraP/7EnwIdQDuipC5WrWb3mC4VI64h8hZ8Z1gQyEAC83XfC1RF -jsxVynG5vrJnyuRXbdre5Ixl7rLsto5vd6EdxINZz0KIQYbvIHr07tzbYlUyelvA -mu0kYdtbjm2p2AGJJ99zN3EiQ9lZDyiFirOXEA9P/YdKKVlIwpDPbn/TmNY/k6Ul -mRxgAJKwKiR6Gg3QMdTUKeaXBpKf/pa+5rzR7zxNbiQO3IXOVx7ZzQ2R0Wuivpqk -yjMaqUa7dDuvtIHJBpJB7TIL6SlQkiS1lEQFhO7EAQKBgQDz30obdymxqQVy7IsH -NLo5xRX1hRRN9h34Y4qC0JXkCTG1fWJ19KYHod0S5peaIo/ThDVf1UXln6amdCjM -oIfhmo0baNIdMMpxxBdsdLfUKwyVh8qROaBscPE4FGBUrfEW/wSn1WRYcWh+oda3 -LuLVf5Qt9a9f6ZYuy1X6dDi8swKBgQDfQJTSFUNkV8yKfMX54x0DcUkiWOu3LaET -GSu0UXqBVn1Q+u6CUAkh5jA9fpyM5sp9+t5FuwjO+ITHfiNFoD/LCeMUfYVDF7O2 -uCLTsN+7gTGpKMnfL/rg9exrsfDdsmbQe4BhrUFBsYfKgBlBraL0QGD+25qgU8CS -CQ6toGCCAQKBgQDCYJskwRoObPXW4AsAN1qnaRtTkjrY2O6SaGSiV7bhByMD0WiF -M/aR5sXapsj3Jc0Vfi88rzUDDPk7eyJ51wn3G8SUsDuo4Ja7jtxMqctL5PQmyxD+ -J7xiMrNRS4xscifTeHgxfbh5dgsfw8bsQwaxvPpSl5ytCfWWXqOs+K2wWQKBgBM4 -Mher8PNQg7FgcILExJipRgyI7zID4ZwNTK/nW86KrZstHx9k2IRslraUkdGnhMM3 -t671HRsEVhn+h/bUhulp3nzDGZffEH+odocW8QvpYWcYtdha/xQi18mltgC//Q3x -s+m0yqtnJzONt57p3d99M1x9d2BaFXf9A6B68BQBAoGBAOatu9+wGaIEB//fpaQt -mnsS2XBJco5gHTjOegCSNe3gQQsB5mhTEekOeMzJ8WLTMVXQVCXx9/8HxKoycbq8 -M/7ScH1iT/wJTkSsjyeycUgH31GPeRvmo9YU2PsW3NN6ZyNpxWJFdcPYHAzZqJeA -cZtQWiEyaf026DdR8YBYn6tf +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDhuD3oCLc5JiQ8 +JUgPxclR1i1lCEK58YEtCknbNzp9gjLIwyfl++weLNSDyMih7qjW16lf4SRgMSp2 +UWXtA+lbJipWDmKc/ULRcb6aOQ8AN6ugU8erCBJRZ/5YqT27uWXiDDXjeG6Le8eb +AaG6+joInQFWgLqkBxyZw+5kNbNtqmNFKpAajQYYSVjpsWAtEOelg4vfguwstvpI +okpU+IwmfJtStBe7UyuZhdKeB6aV5ly83HnGf0sPIzqkCiTP+FAo/58VghmClpL/ +MyybRvq8n2TH9ef9AndXcxwEvZmFOJhbLD3Rck/lhacO2yt0zk15Ev7QD249MYp9 +sKgSc/JvAgMBAAECggEAZG2cJawTEXtV7ejMii//Jck8g1JMlfzM86Q7Pizxejw+ +qjKiguI2qSpbF5NzKRFNz+E+e+lpTN8zPFd1GSJ/Zk2x0n4uBBlu7E9GdcnjUb5z +Py9njEJYHB4//WS3kdmoag3ywBWqYaceJWpxcga5YXGx0bIO2MJNSGDzpWR7Q9QQ +tG/lWmno5goY2BxI08BTKSlqNIBkg/rr9jJo3axRcEmbx7hj4vUkAlypFKtmR4dW +bNo0f6VAd5Y6c9YbnKybR/44lScBksuSkZjm076cbbbp5PpsiLGe/12bqUcwCH+T +8hRVndmOLdOxC11OZOvMbX6x2uXNh3/Qr/GMyfzZcQKBgQD4we7E9vOygk1J5Vbl +1zETR9x3dujpBBx3xaHXUSJNUTNwmnZ+0JoFTqPkRmmPMNK7XfZuPymBehtk8WYt +NnezM2UNTdbfVOnJWnU6igRNGBaDW6F9AezlADBNwIbFVw6RqP4fTUFsmm9TQ/8M +4kZmmlW4uLZyX0WQO+AJa7NShwKBgQDoSpnQgmWqXMcaHwY2l8fEDuDc41nDoJIm +/CMppPbr7GkUX4OU785p6E0N0o1ONt+xCBT1lxHwWEeMAKZXrNC1XGpfvhpVZ72v +VruATDFs1rcL3S2Sty7A+jhFKKXlGeDWNcpaKY8nDvv2uJG0+J3bLprdMqnY/gQ1 +C+FzyQ6S2QKBgDnHIaRSD6xoo3cEc7iS0O0/ha+hyNtGfy46kyqlx6fZsm73EYrG +/N86ssp0qFP/7RJj8rcMqKFQMUiy4R6jRg4zY8dBSyU4XczM2+mq4PDfJWuBPvMA +HXvbHV0R2LvBSrr+W3f9w7Jr9GuMoZLmg5+VPU/YZ1gNVOT5Y0IM5+vFAoGBANx9 +CzlGvLeTrw1VS3GAaobn1Hr2dlrhTDki9UFvK03PLgK/ksdJRLV0YcdwBt6p6XRB +hpuC1O087lSuvTXVfJnZacMNUDOm7/7BpeJm8DcuK7tgKwTrSb61A7ppleY7xRWv +Iy6n6hCaAYIzuWJ85mGJAEhb8apdmqK7bzmXK3UpAoGBALdOvJfqbF0YlHbdQCVi +ftjtxs/dZKdF1rNARR0VMqUtZX+WP2b6OPXlwux94Cr//iNv5ih3B4Z4LIgTpgBJ +AKGXEBGMMthAlptC4BcOAEs9cYeWGLAoYk8jpNmXvXjhGqvzhPO2YrX5xy46dVOG +iiCseyA7Kr8Axt9QhUzoi5f7 -----END PRIVATE KEY----- diff --git a/test/certs/badcn1-cert.pem b/test/certs/badcn1-cert.pem new file mode 100644 index 0000000..3b3bad6 --- /dev/null +++ b/test/certs/badcn1-cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDI0MTMyWhgPMjExODA1MTcwMjQxMzJaME4xIzAh +BgNVBAoMGkdvb2QgTkMgVGVzdCBDZXJ0aWZpY2F0ZSAxMRUwEwYDVQQDDAx3d3cu +Z29vZC5vcmcxEDAOBgNVBAMMB2JhZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDN9WI6OyxnW+R98FqrWwMo3JE165bRB8iQOdDP3xE1+bvUMDYh +8wFR9gfNrKhqXubJ3lCHKgaApTXNKM/jwrT/pqhF6iNfPIbKAMTT4VZPy4/eI45R +03Yn+dJnZLDz7BDpnuhORp8XzQqfxSGBX0Rdr17xYOwGHcruwoitRyS/w8p8EKos +/LIDvjzye5GaPXqXkAkcBcLBpWlgMm+j8xE+LzGw1NVw8vWMSpP2WX9kp7aPbh+A +jSbT522yHy1r6WeElbSY7WOFvnmgbZ19pUdyz8CN6KKb87dBA0joyWSly5ZsNbjh +/YuRhCgRExvdQ6kImwdKAfO7RLkxho6jny1HAgMBAAGjXjBcMB0GA1UdDgQWBBT5 +fenRjyFKUb1XvUnm4GV9kZmONDAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa +3fVQQzAJBgNVHRMEAjAAMA8GA1UdEQQIMAaHBMCoAAEwDQYJKoZIhvcNAQELBQAD +ggEBACKtfZCcP/pY8Bu+lb/pGZj5txsmNbJ1l2RVACQA7CGjwfUr7VaQGMuT+FuA +Erlh+UnEC3R/e1xQwgJeuAXBOWFkxA61isVSrmM7YM6vDB0+t8N9lMUFjPbRyEkM +A5kaSLPrgSOg7ONsO6YGbaWm1XCoUC6Ilrdzy+ckzklgjYRth99b2d5WrjIxEWIq +BX2DI2ruetjXYGRzsqSK+O9d4fsqrb5M0ZCNWQZ4WnrMNaAeHWpW6NqSvof/N21x +WC5zcU7GXLrDigwWPMDLQhVtu4OihWjsqugh6Jl7DxDBhi8JKO6tJQAISHjKaL98 +yXZFsQ//q7ATwlcHyB81B+X16AI= +-----END CERTIFICATE----- diff --git a/test/certs/badcn1-key.pem b/test/certs/badcn1-key.pem new file mode 100644 index 0000000..dbcf4b5 --- /dev/null +++ b/test/certs/badcn1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDN9WI6OyxnW+R9 +8FqrWwMo3JE165bRB8iQOdDP3xE1+bvUMDYh8wFR9gfNrKhqXubJ3lCHKgaApTXN +KM/jwrT/pqhF6iNfPIbKAMTT4VZPy4/eI45R03Yn+dJnZLDz7BDpnuhORp8XzQqf +xSGBX0Rdr17xYOwGHcruwoitRyS/w8p8EKos/LIDvjzye5GaPXqXkAkcBcLBpWlg +Mm+j8xE+LzGw1NVw8vWMSpP2WX9kp7aPbh+AjSbT522yHy1r6WeElbSY7WOFvnmg +bZ19pUdyz8CN6KKb87dBA0joyWSly5ZsNbjh/YuRhCgRExvdQ6kImwdKAfO7RLkx +ho6jny1HAgMBAAECggEBAKDxiUHx7cATShm0ElZnd6+dtQfKwv8zsuIpm+hk62Ef +d0zYI+UhrT1sIiryKmV9JaJITOtixtQOxl088D+Obrx8cnC4B84rUTVXpnfgVf9j +FljDtjpxIZsZmPbc836ZUZoOaICKpVYHD69Mb+NWG+mN2oaLc8VP0L4FXKLzvl7u +69NQlTPG2CS61BktVqMtWWc/9CvdOwqwVbckyISj9QLUgSXIyB4IP3bjp0RYSpOu +m3nhuhil1G3c05R4UfiE2d9Er7SBBoQ304ld892YRinSgtZqC1G25uZmWJ3ekAAM +bg6P0hBd86F/G2TxNdelYrxTazjqZShYi1N48SK6kUECgYEA+51O19Q5XkskD/Dn +VfaCjSOTFwDlb5ATmVCrJu+13/5IJfmJgWA6xdqfWoqxSOsJzXBEETKWgkahoo4K +OU1UaBTHEJ588xOpoMzbJkKlb5hPseEQsvu055Ky0euMgmlrALPQQ9e1DUSlowui +Cq9wCak4dqq9NNs6FMIeGhqczGECgYEA0YxcajJFxPHJsdFCVa4tdy9jgfC64t4Y +CWDzRfUnuX24ILbW9+olvvoZkMSzoVpiQ9YU8kPJUaOyFrw6jUV5GRHUCMgfkx2Y +nqe+7aSFmv0Nlo0RMV2PqaOZzlxnG9FzyNE+4PygZqtFhN21b5Idc69k2Ltu7K4J +J4MG1kMUGqcCgYEA0ttUPEisPtoHgZhntUFczHx4gnmMzH5X/k5876dIqkrFGZXR +5urGthHtIwpBYZMeZtxjHmpfeRNJ1xjjdnvYdVScMdAvc+ERcSDbsmd9jlR8zNuI +jAWl576nPoX//TXspu0JZiE5p8HUcRuJkxzMbjwyhje1Ubs6JDU81rFgn2ECgYAG +3WVNqVX1zMIBzEwzCGC+7dOBt0Q4GHSLIhz2JsDlZ8P3dmX2ezo/Vmwt/POxjod3 +l3TaNvRKc2VrL0FvzV3ZP2dF3mCCbk7Iq9AqcuBZon6mdvqgNmN1eEGarBZIqAT2 +CDzaHAyZMHU3lBfUjuHeH1nba9CHenAcVkOME2h+MwKBgQDiHAnTK4ovCNmT5E9i +03x/wPSH8FZ3Wrb1GMtNlTc7lOtB5eYIvwkaloJkNKHbUDv57V66hnYT6CyH4u45 +dPtuohtafL9mdScYqmicGLtbLLglSQpJYt4J59hffNZ30E84dKXtyDN7E5P5Z00Z +8PbOMUy3oK6j+GMP/xRNI76RtA== +-----END PRIVATE KEY----- diff --git a/test/certs/goodcn1-cert.pem b/test/certs/goodcn1-cert.pem new file mode 100644 index 0000000..d9205e0 --- /dev/null +++ b/test/certs/goodcn1-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkTCCAnmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxUZXN0 +IE5DIENBIDEwIBcNMTgwNTE2MDI0MDA0WhgPMjExODA1MTcwMjQwMDRaMIGeMSMw +IQYDVQQKDBpHb29kIE5DIFRlc3QgQ2VydGlmaWNhdGUgMTEVMBMGA1UEAwwMd3d3 +Lmdvb2Qub3JnMRUwEwYDVQQDDAxhbnkuZ29vZC5jb20xETAPBgNVBAMMCG5vdC4u +ZG5zMRAwDgYDVQQDDAdub3RAZG5zMREwDwYDVQQDDAhub3QtLmRuczERMA8GA1UE +AwwIbm90LmRucy4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDigxI +nlYVjHtrFI+Iv/3b0jeZbs1jVnPF6ZREk46BTNAVNZsq24jKFG6yK4n9vKA/JuS7 +jZe+gMX+sWh/S1IlsNDY8/Io1UsG/s1tmsvE2UrURUX4s8HnqB6AZ4Y9Cp4rSADe +mD/YdekRf3HFA0IKQvIFRkpegj8uuWwILC0n/ozMNUlNmxCBlOmtFwjFxmNr9Txa +ZeFvWvvc6oTubAETK4HcjLdimx1tePdd4+0mxJ/akQ3wVzUAI2ysijMmMJDzTxLs +FPkw4yUtJHK0/H2yJtpoJ4wQjsWd6a8F7wY/pHszAud1M8QZJKQDzkJOMnqLKNLT +OKw6dm1UG2J7iuqtAgMBAAGjXjBcMB0GA1UdDgQWBBSTKvqap2ab0z/UPrdDgc0V +m88R3TAfBgNVHSMEGDAWgBQI0Zv55tVkcKDxaxqe7VLa3fVQQzAJBgNVHRMEAjAA +MA8GA1UdEQQIMAaHBMCoAAEwDQYJKoZIhvcNAQELBQADggEBADcdm62qaOHbIDoa +5oUjXGHSQjV1g4BFe6DLH5/CZ0wOws3QzfQbPIxJrp3yJgDcQyZNOE/xQlq/nASS +thU6cUTB07voFVnbotB8YQuNU1wM9TAJOHC9LT1Y0J2GIP6QeXts6Cz6aBlqaQEZ +IrGRLuKVZePTO0Haup0mZ91XoXs3CBzkSerl0XpFL7BeugSigrhprFRPB4UC3IWb +pdNar61Wk4bN/COb6utRkK3iYk5YUTqYFib9EG4VBdxYfXv/tiBIGqQLnqPbId6w +q+McpSEPF1DIcCyL0vEDdIVN0SzxMfnfHMx0Qp0sh2aydIZk4xfEqXHZgZthSrse +u7nhn7s= +-----END CERTIFICATE----- diff --git a/test/certs/goodcn1-key.pem b/test/certs/goodcn1-key.pem new file mode 100644 index 0000000..2ad660c --- /dev/null +++ b/test/certs/goodcn1-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDigxInlYVjHtr +FI+Iv/3b0jeZbs1jVnPF6ZREk46BTNAVNZsq24jKFG6yK4n9vKA/JuS7jZe+gMX+ +sWh/S1IlsNDY8/Io1UsG/s1tmsvE2UrURUX4s8HnqB6AZ4Y9Cp4rSADemD/YdekR +f3HFA0IKQvIFRkpegj8uuWwILC0n/ozMNUlNmxCBlOmtFwjFxmNr9TxaZeFvWvvc +6oTubAETK4HcjLdimx1tePdd4+0mxJ/akQ3wVzUAI2ysijMmMJDzTxLsFPkw4yUt +JHK0/H2yJtpoJ4wQjsWd6a8F7wY/pHszAud1M8QZJKQDzkJOMnqLKNLTOKw6dm1U +G2J7iuqtAgMBAAECggEAeQ1xZVOAf36kuTnVUhdplTii6v3JcQIIUjG0dG/U/P8M +otS45uNZ36CelvaVStwHaJEvcVzK4EjgSjiSNJvwkxzPbkA3XkgNVptPmdcG5yqO +RLNOChVeqYdOurdcR1XXbXv57dPbUqpMS2TWjdzieW/QXKuTRsbjTo3D75tJqUO6 +1Bm4sSM3PogmsQwTP8HlZAmJXuSD+ZSB22Np5pT1dn5TvQU6xeA3NJR4ZO/HEZz4 +CHJEiOx2BuGD6M0V1ZL6DzEsyIS/KKsvj4I2F4ROAK1j3lSD5VqrYPXn3oEsQdlm +OW8aVnHPYO6FI0LVLgcIEKxhdwGV3i6v/GRUe0Y9kQKBgQD0Zqn1trAuP5Peiy1K +Wc91yRjQxQTwSD00hzXMtvKzkEIiLEuVZq9qrqQ2TRRa5xneDGHDuUY9eZY8JwEr +l7f8CcfYC93PXLyRM2Gaz0jMxZxVPz5w7zssK3DZ+7JvH3nKkCUl7+Y0tH26qTO0 +wTD9w9jd9bf85SLVgk3zSbUDwwKBgQDM0b2ffZpxyA16h7w8ZBuk1Z+iumrxnn5/ +lKtffR2b4dZN37KiWw2c265vYhRfe/ANnVuagXb9aRM97yeQloRlWR10AaXJz3EB +sromqFShkorYRhwZoRiJC0laLG3W76wKMRr2T6TM1UG9gJ0szdGFG/yUDU+9pTRo +uq514rGgzwKBgQCGtsAgLF7YXzsGg/im7vInnn0LNk4OlAMInS7OdFk7GN0bMQdI +hp1SVIk3VS1PHetoNbL9y3YoFIj3BxjiCnLjfhClyYSt9BQMhSHbzz31gUc2xfGJ +FpSrOBawUMh97/+V4/ZV/vIJQyO6a+GQVJzIg9daIUMVJsgYoAaPf6VDOQKBgFyH +eHnf/XDfpq8vOOuzcgWieG7EduHW72DlohIObNzqRq2BnKraJakyWXh6P6fvTsBn +0WVYjY/n80hsjVw1k3RRsQuiXupv66aPvqcOLsWbdVxFOBaf/3yR+75gCfMq7Xbh +PkP+MP5UbVGWE+uUw821mgKsjNSpGKcjhwM8uXBjAoGAFEU3O8gQXfocVB8lxUeU +c0inLdAIgiw/36NPuW4NwKxzLOmHzlmvn7C98ihnbnGoQ0XBRfLw8siTbD3INgHY +NA0JeK8Qrt56b6wK14w9RzLQTu9gy1pULW21p1wswdNK4tlxfnnnozISZAYxeqAx +YMTtYZN77nb+yY4oE6XEugQ= +-----END PRIVATE KEY----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 98bac02..aa69de1 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -241,15 +241,30 @@ NC="$NC excluded;DNS:bad.ok.good.com" NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \ ncca1-key ncca1-cert -# all subjectAltNames allowed by CA1. +# all subjectAltNames allowed by CA1. Some CNs are not! ./mkcert.sh req alt1-key "O = Good NC Test Certificate 1" \ - "1.CN=www.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ + "1.CN=www.example.net" "2.CN=Joe Bloggs" | \ ./mkcert.sh geneealt alt1-key alt1-cert ncca1-key ncca1-cert \ "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ "email.1 = good at good.org" "email.2 = any at good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" +# all DNS-like CNs allowed by CA1, no DNS SANs. + +./mkcert.sh req goodcn1-key "O = Good NC Test Certificate 1" \ + "1.CN=www.good.org" "2.CN=any.good.com" \ + "3.CN=not..dns" "4.CN=not at dns" "5.CN=not-.dns" "6.CN=not.dns." | \ + ./mkcert.sh geneealt goodcn1-key goodcn1-cert ncca1-key ncca1-cert \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + +# Some DNS-like CNs not permitted by CA1, no DNS SANs. + +./mkcert.sh req badcn1-key "O = Good NC Test Certificate 1" \ + "1.CN=www.good.org" "3.CN=bad.net" | \ + ./mkcert.sh geneealt badcn1-key badcn1-cert ncca1-key ncca1-cert \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + # no subjectAltNames excluded by CA2. ./mkcert.sh req alt2-key "O = Good NC Test Certificate 2" | \ @@ -293,19 +308,17 @@ NC=$NC ./mkcert.sh genca "Test NC sub CA" ncca3-key ncca3-cert \ "email.1 = good at good.org" "email.2 = any at good.com" \ "IP = 127.0.0.2" -# all subject alt names OK but subject CN not allowed by CA1. +# No DNS-ID SANs and subject CN not allowed by CA1. ./mkcert.sh req badalt6-key "O = Bad NC Test Certificate 6" \ "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ ./mkcert.sh geneealt badalt6-key badalt6-cert ncca1-key ncca1-cert \ - "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ "email.1 = good at good.org" "email.2 = any at good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" -# all subject alt names OK but subject CN not allowed by CA1, BMPSTRING +# No DNS-ID SANS and subject CN not allowed by CA1, BMPSTRING REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ "1.CN=other.good.org" "2.CN=Joe Bloggs" "3.CN=any.good.com" | \ ./mkcert.sh geneealt badalt7-key badalt7-cert ncca1-key ncca1-cert \ - "DNS.1 = www.good.org" "DNS.2 = any.good.com" \ "email.1 = good at good.org" "email.2 = any at good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index a196129..a85fe0f 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -27,7 +27,7 @@ sub verify { run(app([@args])); } -plan tests => 132; +plan tests => 134; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -300,6 +300,12 @@ ok(verify("alt2-cert", "sslserver", ["root-cert"], ["ncca2-cert"], ), ok(verify("alt3-cert", "sslserver", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), "Name Constraints nested test all permitted"); +ok(verify("goodcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints CNs permitted"); + +ok(!verify("badcn1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), + "Name Constraints CNs not permitted"); + ok(!verify("badalt1-cert", "sslserver", ["root-cert"], ["ncca1-cert"], ), "Name Constraints hostname not permitted"); From matt at openssl.org Wed May 23 15:30:32 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 23 May 2018 15:30:32 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1527089432.631155.31913.nullmailer@dev.openssl.org> The branch master has been updated via 845c25d8db7fc784cbf92a523300376a8d69b2a1 (commit) from c0ba851e324ad25cf4734ea93b22e315a51e5106 (commit) - Log ----------------------------------------------------------------- commit 845c25d8db7fc784cbf92a523300376a8d69b2a1 Author: Matt Caswell Date: Tue Feb 13 11:16:42 2018 +0000 tls1_3 is now on by default so we should instead test no-tls1_3 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/11) ----------------------------------------------------------------------- Summary of changes: run-checker/run-checker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh index 23121b1..843cccb 100755 --- a/run-checker/run-checker.sh +++ b/run-checker/run-checker.sh @@ -42,7 +42,7 @@ no-static-engine no-stdio no-threads no-ts enable-ubsan no-ui enable-unit-test no-whirlpool enable-weak-ssl-ciphers enable-zlib enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2 no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method -no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash enable-tls1_3 ) +no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 ) run-hook () { local hookname=$1; shift From matt at openssl.org Wed May 23 15:34:26 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 23 May 2018 15:34:26 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1527089666.486093.857.nullmailer@dev.openssl.org> The branch master has been updated via 2f148d990cb7ada6bf1516d08d9927cc9efd7b26 (commit) from e4458ac28cde9545944b3eb8fe6193ca1c33cd18 (commit) - Log ----------------------------------------------------------------- commit 2f148d990cb7ada6bf1516d08d9927cc9efd7b26 Author: Matt Caswell Date: Wed May 23 10:01:41 2018 +0100 Remove the Forthcoming Features section as per OMC vote Issues have been created for the outstanding features, also as per the vote. Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/54) ----------------------------------------------------------------------- Summary of changes: policies/roadmap.html | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/policies/roadmap.html b/policies/roadmap.html index 58d9812..e2b9479 100644 --- a/policies/roadmap.html +++ b/policies/roadmap.html @@ -86,27 +86,6 @@

    • Publish the build and test status for each platform (Timescale: Next feature release)
      • - -

      Forthcoming Features

      -

      The primary focus of the next feature release (1.1.1) is - TLS 1.3.

      -

      The primary focus of the immediately following feature - release (after 1.1.1) is FIPS.

      - -

      We are also evaluating the following new features.

      - -
        -
      • New AEAD API
        • -
      • SHA3
        • -
      • X25519 performance improvements
        • -
      • New IETF signature algorithms
        • -
      • PKCS#11
        • -
      • PRNG replacement
        • -
      • ASN.1 encoder/decoder replacement
        • -
      • STORE (certificate, crl, key storage API)
        • -
      • Replace CAPI with newer API engine
        • -

    From rsalz at openssl.org Wed May 23 15:36:24 2018 From: rsalz at openssl.org (Rich Salz) Date: Wed, 23 May 2018 15:36:24 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1527089784.189918.1783.nullmailer@dev.openssl.org> The branch master has been updated via ac5eb58ddc24db122c494b4cb13de3adff366e48 (commit) from 2f148d990cb7ada6bf1516d08d9927cc9efd7b26 (commit) - Log ----------------------------------------------------------------- commit ac5eb58ddc24db122c494b4cb13de3adff366e48 Author: Rich Salz Date: Mon May 14 16:29:47 2018 -0400 Remove rationale, clarify language. Add 1.1.1 release/LTS details. Remove paragraph justifying binary compatibility. Also remove phrase "as implied by the above" beause, well, it ACTUALY ISN'T implied by the above. :) Reviewed-by: Matt Caswell Reviewed-by: Mark Cox (Merged from https://github.com/openssl/web/pull/52) ----------------------------------------------------------------------- Summary of changes: policies/releasestrat.html | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 3f37936..83b85d2 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,20 +34,6 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features.

    -

    Binary compatibility also allows other possibilities. For - example, consider an application that wishes to utilize - a new cipher provided in a specific 1.0.x release, but it - is also desirable to maintain the application in a 1.0.0 - context. Customarily this would be resolved at compile time - resulting in two binary packages targeting different OpenSSL - versions. However, depending on the feature, it might be - possible to check for its availability at run-time, thus cutting - down on the maintenance of multiple binary packages. Admittedly - it takes a certain discipline and some extra coding, but we - would like to encourage such practice. This is because we - want to see later releases being adopted faster, because new - features can improve security.

    -

    With regards to current and future releases the OpenSSL project has adopted the following policy:

    @@ -64,15 +50,18 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years.

    -

    As implied by the above paragraphs, during the final year +

    During the final year of support, we do not commit to anything other than security - fixes. Before that, bug and security fixes will be applied + fixes. Before then, bug and security fixes will be applied as appropriate.

    The next version of OpenSSL will be 1.1.1. This is currently in development and has a primary focus of implementing TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened.

    + will not have its final release until that has happened; + we want to have at least one beta release after TLS 1.3 is + officially published as an RFC. The next LTS release will be + 1.1.1.

    The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises.

    @@ -88,9 +77,8 @@
  • 3rd April 2018, beta release 2 (pre4)
  • 17th April 2018, beta release 3 (pre5)
  • 1st May 2018, beta release 4 (pre6)
    • -
  • 8th May 2018, release readiness check (new release - cycles added if required, first possible final release date: - 15th May 2018)
    • +
  • 29th May 2018, beta release 5 (pre7)
    • +
  • 19th June 2018, beta release 6 (pre8)

An alpha release means:

From davidben at google.com Wed May 23 21:34:17 2018 From: davidben at google.com (davidben at google.com) Date: Wed, 23 May 2018 21:34:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527111257.028432.19888.nullmailer@dev.openssl.org> The branch master has been updated via e363534cfe0ae01503dde6963e0631ec5f7fef3f (commit) via fc6f579a9e625caa0c8b93d9716ddbc558e21a29 (commit) from 55a6250f1e7336e8a7d89fb609eb23398715ff6f (commit) - Log ----------------------------------------------------------------- commit e363534cfe0ae01503dde6963e0631ec5f7fef3f Author: David Benjamin Date: Sun May 20 14:37:06 2018 -0400 Use OPENSSL_EC_EXPLICIT_CURVE constant. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6314) commit fc6f579a9e625caa0c8b93d9716ddbc558e21a29 Author: David Benjamin Date: Sun May 20 14:33:49 2018 -0400 Fix explicit EC curve encoding. Per SEC 1, the curve coefficients must be padded up to size. See C.2's definition of Curve, C.1's definition of FieldElement, and 2.3.5's definition of how to encode the field elements in http://www.secg.org/sec1-v2.pdf. This comes up for P-521, where b needs a leading zero. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6314) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_asn1.c | 69 ++++++++++++++++++--------------------------- test/ectest.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 103 insertions(+), 47 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index c7ed01e..33c4c23 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -367,10 +367,8 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) { int ok = 0, nid; BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; - unsigned char *buffer_1 = NULL, *buffer_2 = NULL, - *a_buf = NULL, *b_buf = NULL; - size_t len_1, len_2; - unsigned char char_zero = 0; + unsigned char *a_buf = NULL, *b_buf = NULL; + size_t len; if (!group || !curve || !curve->a || !curve->b) return 0; @@ -398,44 +396,26 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) } } #endif - len_1 = (size_t)BN_num_bytes(tmp_1); - len_2 = (size_t)BN_num_bytes(tmp_2); - - if (len_1 == 0) { - /* len_1 == 0 => a == 0 */ - a_buf = &char_zero; - len_1 = 1; - } else { - if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); - goto err; - } - a_buf = buffer_1; + /* + * Per SEC 1, the curve coefficients must be padded up to size. See C.2's + * definition of Curve, C.1's definition of FieldElement, and 2.3.5's + * definition of how to encode the field elements. + */ + len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8; + if ((a_buf = OPENSSL_malloc(len)) == NULL + || (b_buf = OPENSSL_malloc(len)) == NULL) { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); + goto err; } - - if (len_2 == 0) { - /* len_2 == 0 => b == 0 */ - b_buf = &char_zero; - len_2 = 1; - } else { - if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); - goto err; - } - b_buf = buffer_2; + if (BN_bn2binpad(tmp_1, a_buf, len) < 0 + || BN_bn2binpad(tmp_2, b_buf, len) < 0) { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); + goto err; } /* set a and b */ - if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || - !ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { + if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len) + || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) { ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); goto err; } @@ -462,8 +442,8 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) ok = 1; err: - OPENSSL_free(buffer_1); - OPENSSL_free(buffer_2); + OPENSSL_free(a_buf); + OPENSSL_free(b_buf); BN_free(tmp_1); BN_free(tmp_2); return ok; @@ -611,7 +591,12 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) goto err; } - /* now extract the curve parameters a and b */ + /* + * Now extract the curve parameters a and b. Note that, although SEC 1 + * specifies the length of their encodings, historical versions of OpenSSL + * encoded them incorrectly, so we must accept any length for backwards + * compatibility. + */ if (!params->curve || !params->curve->a || !params->curve->a->data || !params->curve->b || !params->curve->b->data) { @@ -856,7 +841,7 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB); return NULL; } - EC_GROUP_set_asn1_flag(ret, 0x0); + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); } else if (params->type == 2) { /* implicitlyCA */ return NULL; } else { diff --git a/test/ectest.c b/test/ectest.c index 1c31cce..73e8aa8 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1407,20 +1407,91 @@ err: } # endif +static const unsigned char p521_named[] = { + 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, +}; + +static const unsigned char p521_explicit[] = { + 0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a, + 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72, + 0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09, + 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0, + 0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34, + 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00, + 0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17, + 0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04, + 0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e, + 0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, + 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b, + 0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, + 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e, + 0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, + 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, + 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, + 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, + 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, + 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + 0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa, + 0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48, + 0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae, + 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, +}; + static int parameter_test(void) { EC_GROUP *group = NULL, *group2 = NULL; ECPARAMETERS *ecparameters = NULL; - int r; + unsigned char *buf = NULL; + int r = 0, len; + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp112r1)) + || !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) + || !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0)) + goto err; + + EC_GROUP_free(group); + group = NULL; - r = TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp112r1)) - && TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL)) - && TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters)) - && TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0); + /* Test the named curve encoding, which should be default. */ + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1)) + || !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named))) + goto err; + + OPENSSL_free(buf); + buf = NULL; + + /* + * Test the explicit encoding. P-521 requires correctly zero-padding the + * curve coefficients. + */ + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0) + || !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit))) + goto err; + r = 1; +err: EC_GROUP_free(group); EC_GROUP_free(group2); ECPARAMETERS_free(ecparameters); + OPENSSL_free(buf); return r; } #endif From davidben at google.com Wed May 23 21:35:31 2018 From: davidben at google.com (davidben at google.com) Date: Wed, 23 May 2018 21:35:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527111331.336663.20890.nullmailer@dev.openssl.org> The branch master has been updated via 2de108dfa343c3e06eb98beb122cd06306bb12fd (commit) from e363534cfe0ae01503dde6963e0631ec5f7fef3f (commit) - Log ----------------------------------------------------------------- commit 2de108dfa343c3e06eb98beb122cd06306bb12fd Author: David Benjamin Date: Sun May 20 17:24:30 2018 -0400 Save and restore the Windows error around TlsGetValue. TlsGetValue clears the last error even on success, so that callers may distinguish it successfully returning NULL or failing. This error-mangling behavior interferes with the caller's use of GetLastError. In particular SSL_get_error queries the error queue to determine whether the caller should look at the OS's errors. To avoid destroying state, save and restore the Windows error. Fixes #6299. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6316) ----------------------------------------------------------------------- Summary of changes: crypto/threads_win.c | 21 +++++++++++- test/build.info | 6 +++- test/errtest.c | 39 ++++++++++++++++++++++ .../{04-test_bio_callback.t => 04-test_err.t} | 2 +- 4 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 test/errtest.c copy test/recipes/{04-test_bio_callback.t => 04-test_err.t} (86%) diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 1e5cf82..7fdbc1f 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -101,7 +101,26 @@ int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) { - return TlsGetValue(*key); + DWORD last_error; + void *ret; + + /* + * TlsGetValue clears the last error even on success, so that callers may + * distinguish it successfully returning NULL or failing. It is documented + * to never fail if the argument is a valid index from TlsAlloc, so we do + * not need to handle this. + * + * However, this error-mangling behavior interferes with the caller's use of + * GetLastError. In particular SSL_get_error queries the error queue to + * determine whether the caller should look at the OS's errors. To avoid + * destroying state, save and restore the Windows error. + * + * https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx + */ + last_error = GetLastError(); + ret = TlsGetValue(*key); + SetLastError(last_error); + return ret; } int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) diff --git a/test/build.info b/test/build.info index c3a0904..000153d 100644 --- a/test/build.info +++ b/test/build.info @@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ - sysdefaulttest + sysdefaulttest errtest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -535,6 +535,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN SOURCE[sysdefaulttest]=sysdefaulttest.c INCLUDE[sysdefaulttest]=../include DEPEND[sysdefaulttest]=../libcrypto ../libssl libtestutil.a + + SOURCE[errtest]=errtest.c + INCLUDE[errtest]=../include + DEPEND[errtest]=../libcrypto libtestutil.a ENDIF {- diff --git a/test/errtest.c b/test/errtest.c new file mode 100644 index 0000000..e464d08 --- /dev/null +++ b/test/errtest.c @@ -0,0 +1,39 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "testutil.h" + +#if defined(OPENSSL_SYS_WINDOWS) +# include +#else +# include +#endif + +/* Test that querying the error queue preserves the OS error. */ +static int preserves_system_error(void) +{ +#if defined(OPENSSL_SYS_WINDOWS) + SetLastError(ERROR_INVALID_FUNCTION); + ERR_get_error(); + return TEST_int_eq(GetLastError(), ERROR_INVALID_FUNCTION); +#else + errno = EINVAL; + ERR_get_error(); + return TEST_int_eq(errno, EINVAL); +#endif +} + +int setup_tests(void) +{ + ADD_TEST(preserves_system_error); + return 1; +} diff --git a/test/recipes/04-test_bio_callback.t b/test/recipes/04-test_err.t similarity index 86% copy from test/recipes/04-test_bio_callback.t copy to test/recipes/04-test_err.t index 1422cb6..dd7681a 100644 --- a/test/recipes/04-test_bio_callback.t +++ b/test/recipes/04-test_err.t @@ -9,4 +9,4 @@ use OpenSSL::Test::Simple; -simple_test("test_bio_callback", "bio_callback_test"); +simple_test("test_err", "errtest"); From rsalz at openssl.org Wed May 23 23:58:35 2018 From: rsalz at openssl.org (Rich Salz) Date: Wed, 23 May 2018 23:58:35 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1527119915.096739.11746.nullmailer@dev.openssl.org> The branch master has been updated via c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit) from ac5eb58ddc24db122c494b4cb13de3adff366e48 (commit) - Log ----------------------------------------------------------------- commit c9f50cbf963b7d9949332c17e614ad0a6e97d431 Author: Rich Salz Date: Wed May 23 19:57:47 2018 -0400 Revert "Remove rationale, clarify language." This reverts commit ac5eb58ddc24db122c494b4cb13de3adff366e48. ----------------------------------------------------------------------- Summary of changes: policies/releasestrat.html | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 83b85d2..3f37936 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,6 +34,20 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features.

+

Binary compatibility also allows other possibilities. For + example, consider an application that wishes to utilize + a new cipher provided in a specific 1.0.x release, but it + is also desirable to maintain the application in a 1.0.0 + context. Customarily this would be resolved at compile time + resulting in two binary packages targeting different OpenSSL + versions. However, depending on the feature, it might be + possible to check for its availability at run-time, thus cutting + down on the maintenance of multiple binary packages. Admittedly + it takes a certain discipline and some extra coding, but we + would like to encourage such practice. This is because we + want to see later releases being adopted faster, because new + features can improve security.

+

With regards to current and future releases the OpenSSL project has adopted the following policy:

@@ -50,18 +64,15 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years.

-

During the final year +

As implied by the above paragraphs, during the final year of support, we do not commit to anything other than security - fixes. Before then, bug and security fixes will be applied + fixes. Before that, bug and security fixes will be applied as appropriate.

The next version of OpenSSL will be 1.1.1. This is currently in development and has a primary focus of implementing TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened; - we want to have at least one beta release after TLS 1.3 is - officially published as an RFC. The next LTS release will be - 1.1.1.

+ will not have its final release until that has happened.

The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises.

@@ -77,8 +88,9 @@
  • 3rd April 2018, beta release 2 (pre4)
  • 17th April 2018, beta release 3 (pre5)
  • 1st May 2018, beta release 4 (pre6)
    • -
  • 29th May 2018, beta release 5 (pre7)
    • -
  • 19th June 2018, beta release 6 (pre8)
    • +
  • 8th May 2018, release readiness check (new release + cycles added if required, first possible final release date: + 15th May 2018)

    • An alpha release means:

    From rsalz at openssl.org Thu May 24 00:12:42 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 24 May 2018 00:12:42 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1527120762.534429.15917.nullmailer@dev.openssl.org> The branch master has been updated via ddda55afb15458bc21187ef80397134193a8982e (commit) from 845c25d8db7fc784cbf92a523300376a8d69b2a1 (commit) - Log ----------------------------------------------------------------- commit ddda55afb15458bc21187ef80397134193a8982e Author: Rich Salz Date: Wed May 23 11:44:44 2018 -0400 Add --web and --tools to support other repo's. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/tools/pull/1t) ----------------------------------------------------------------------- Summary of changes: review-tools/addrev | 4 ++++ review-tools/gitaddrev | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/review-tools/addrev b/review-tools/addrev index 0bd28a5..ce770f3 100755 --- a/review-tools/addrev +++ b/review-tools/addrev @@ -22,6 +22,10 @@ foreach (@ARGV) { $args .= "--rmreviewers "; } elsif (/^--trivial$/) { $args .= "--trivial "; + } elsif (/^--web$/) { + $args .= "--web "; + } elsif (/^--tools$/) { + $args .= "--tools "; } elsif (/^--verbose$/) { $args .= "--verbose "; } elsif (/^--noself$/) { diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev index 2beb48a..cf041d4 100755 --- a/review-tools/gitaddrev +++ b/review-tools/gitaddrev @@ -21,6 +21,7 @@ my $num = 0; my $refuse = 0; my $prnum = 0; my $verbose = 0; +my $WHAT = 'openssl'; my $query = OpenSSL::Query->new(); @@ -99,6 +100,10 @@ foreach (@ARGV) { try_add_reviewer($1); } elsif (/^--verbose$/) { $verbose = 1; + } elsif (/^--web$/) { + $WHAT = 'web'; + } elsif (/--tools$/) { + $WHAT = 'tools' } } @@ -189,7 +194,7 @@ my $last_is_rev = 0; foreach (@commit_message) { # Start each line with assuming it's not a reviewed-by line $last_is_rev = 0; - if (/^\(Merged from https:\/\/github\.com\/openssl\/openssl\/pull\//) { + if (/^\(Merged from https:\/\/github\.com\/openssl\/$WHAT\/pull\//) { next if $rmrev == 1; $last_is_rev = 1; next; # Because we're rewriting it below @@ -211,5 +216,5 @@ if ($rmrev == 0) { } } -print "(Merged from https://github.com/openssl/openssl/pull/$prnum)\n" +print "(Merged from https://github.com/openssl/$WHAT/pull/$prnum)\n" if $prnum; From openssl at openssl.org Thu May 24 01:12:51 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 24 May 2018 01:12:51 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1527124371.959332.11480.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 2de108d Save and restore the Windows error around TlsGetValue. e363534 Use OPENSSL_EC_EXPLICIT_CURVE constant. fc6f579 Fix explicit EC curve encoding. 55a6250 Skip CN DNS name constraint checks when not needed d02d80b Limit scope of CN name constraints de9f5b3 Use the client app traffic secret for PHA Finished message b501ab6 INSTALL: Provide better documentation for enable-ec_nistp_64_gcc_128 8cc1dc3 Better error code when lacking __SIZEOF_INT128__ 0422591 Fix no-ec, no-tls1_3 and no-tls From openssl at openssl.org Thu May 24 10:38:25 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 24 May 2018 10:38:25 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls Message-ID: <1527158305.129172.10763.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls Commit log since last time: 2de108d Save and restore the Windows error around TlsGetValue. e363534 Use OPENSSL_EC_EXPLICIT_CURVE constant. fc6f579 Fix explicit EC curve encoding. 55a6250 Skip CN DNS name constraint checks when not needed d02d80b Limit scope of CN name constraints de9f5b3 Use the client app traffic secret for PHA Finished message b501ab6 INSTALL: Provide better documentation for enable-ec_nistp_64_gcc_128 8cc1dc3 Better error code when lacking __SIZEOF_INT128__ 0422591 Fix no-ec, no-tls1_3 and no-tls From matt at openssl.org Thu May 24 16:24:32 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 24 May 2018 16:24:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527179072.335736.17074.nullmailer@dev.openssl.org> The branch master has been updated via b14e60155009f4f1d168e220fa01cd2b75557b72 (commit) from 2de108dfa343c3e06eb98beb122cd06306bb12fd (commit) - Log ----------------------------------------------------------------- commit b14e60155009f4f1d168e220fa01cd2b75557b72 Author: Matt Caswell Date: Mon May 21 15:24:56 2018 +0100 Improve compatibility of point and curve checks We check that the curve name associated with the point is the same as that for the curve. Fixes #6302 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6323) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec2_smpl.c | 1 + crypto/ec/ec_curve.c | 4 ++-- crypto/ec/ec_lcl.h | 16 ++++++++++++++++ crypto/ec/ec_lib.c | 39 ++++++++++++++++++++++----------------- crypto/ec/ec_mult.c | 4 ++-- crypto/ec/ec_oct.c | 8 ++++---- crypto/ec/ecp_nistz256.c | 4 ++-- crypto/ec/ecp_smpl.c | 1 + 8 files changed, 50 insertions(+), 27 deletions(-) diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index b73805a..5a83b05 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -311,6 +311,7 @@ int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) if (!BN_copy(dest->Z, src->Z)) return 0; dest->Z_is_one = src->Z_is_one; + dest->curve_name = src->curve_name; return 1; } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 7d56d26..618ec04 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3066,6 +3066,8 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) } #endif + EC_GROUP_set_curve_name(group, curve.nid); + if ((P = EC_POINT_new(group)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -3131,8 +3133,6 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) return NULL; } - EC_GROUP_set_curve_name(ret, nid); - return ret; } diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 36c65c5..5e14071 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -276,6 +276,8 @@ struct ec_key_st { struct ec_point_st { const EC_METHOD *meth; + /* NID for the curve if known */ + int curve_name; /* * All members except 'meth' are handled by the method functions, even if * they appear generic @@ -288,6 +290,20 @@ struct ec_point_st { * special case */ }; + +static ossl_inline int ec_point_is_compat(const EC_POINT *point, + const EC_GROUP *group) +{ + if (group->meth != point->meth + || (group->curve_name != 0 + && point->curve_name != 0 + && group->curve_name != point->curve_name)) + return 0; + + return 1; +} + + NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 10b0cb7..30b11f7 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -140,6 +140,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; + dest->curve_name = src->curve_name; + /* Copy precomputed */ dest->pre_comp_type = src->pre_comp_type; switch (src->pre_comp_type) { @@ -207,7 +209,6 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; } - dest->curve_name = src->curve_name; dest->asn1_flag = src->asn1_flag; dest->asn1_form = src->asn1_form; @@ -572,6 +573,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) } ret->meth = group->meth; + ret->curve_name = group->curve_name; if (!ret->meth->point_init(ret)) { OPENSSL_free(ret); @@ -609,7 +611,10 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (dest->meth != src->meth) { + if (dest->meth != src->meth + || (dest->curve_name != src->curve_name + && dest->curve_name != 0 + && src->curve_name != 0)) { ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -666,7 +671,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -685,7 +690,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -703,7 +708,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -729,7 +734,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -755,7 +760,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -773,7 +778,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -789,8 +794,8 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if ((group->meth != r->meth) || (r->meth != a->meth) - || (a->meth != b->meth)) { + if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group) + || !ec_point_is_compat(b, group)) { ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -804,7 +809,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if ((group->meth != r->meth) || (r->meth != a->meth)) { + if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) { ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -817,7 +822,7 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != a->meth) { + if (!ec_point_is_compat(a, group)) { ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -831,7 +836,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -852,7 +857,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -866,7 +871,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } - if ((group->meth != a->meth) || (a->meth != b->meth)) { + if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) { ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); return -1; } @@ -879,7 +884,7 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -896,7 +901,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, return 0; } for (i = 0; i < num; i++) { - if (group->meth != points[i]->meth) { + if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 1f34329..05a3aca 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -368,7 +368,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * precomputation is not available */ int ret = 0; - if (group->meth != r->meth) { + if (!ec_point_is_compat(r, group)) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -404,7 +404,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } for (i = 0; i < num; i++) { - if (group->meth != points[i]->meth) { + if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index a21906e..c87d495 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -25,7 +25,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -61,7 +61,7 @@ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -88,7 +88,7 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -118,7 +118,7 @@ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 4580f70..d3603fb 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1162,7 +1162,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return 0; } - if (group->meth != r->meth) { + if (!ec_point_is_compat(r, group)) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -1171,7 +1171,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return EC_POINT_set_to_infinity(group, r); for (j = 0; j < num; j++) { - if (group->meth != points[j]->meth) { + if (!ec_point_is_compat(points[j], group)) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 7ff5489..8543b41 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -347,6 +347,7 @@ int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) if (!BN_copy(dest->Z, src->Z)) return 0; dest->Z_is_one = src->Z_is_one; + dest->curve_name = src->curve_name; return 1; } From matt at openssl.org Thu May 24 16:24:45 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 24 May 2018 16:24:45 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527179085.435423.18002.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 926b21117df939241f1cd63f2f9e3ab87819f0ed (commit) from 6d3cfd13a904a03fc3522da935136dcdd12e9014 (commit) - Log ----------------------------------------------------------------- commit 926b21117df939241f1cd63f2f9e3ab87819f0ed Author: Matt Caswell Date: Mon May 21 15:24:56 2018 +0100 Improve compatibility of point and curve checks We check that the curve name associated with the point is the same as that for the curve. Fixes #6302 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6323) (cherry picked from commit b14e60155009f4f1d168e220fa01cd2b75557b72) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec2_smpl.c | 1 + crypto/ec/ec_curve.c | 4 ++-- crypto/ec/ec_lcl.h | 16 ++++++++++++++++ crypto/ec/ec_lib.c | 39 ++++++++++++++++++++++----------------- crypto/ec/ec_mult.c | 4 ++-- crypto/ec/ec_oct.c | 8 ++++---- crypto/ec/ecp_nistz256.c | 4 ++-- crypto/ec/ecp_smpl.c | 1 + 8 files changed, 50 insertions(+), 27 deletions(-) diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index cfeef5f..1bd96ee 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -330,6 +330,7 @@ int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) if (!BN_copy(dest->Z, src->Z)) return 0; dest->Z_is_one = src->Z_is_one; + dest->curve_name = src->curve_name; return 1; } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index f8a3846..9634f3f 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3036,6 +3036,8 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) } #endif + EC_GROUP_set_curve_name(group, curve.nid); + if ((P = EC_POINT_new(group)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -3101,8 +3103,6 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) return NULL; } - EC_GROUP_set_curve_name(ret, nid); - return ret; } diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index ded35a7..9d1974b 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -269,6 +269,8 @@ struct ec_key_st { struct ec_point_st { const EC_METHOD *meth; + /* NID for the curve if known */ + int curve_name; /* * All members except 'meth' are handled by the method functions, even if * they appear generic @@ -281,6 +283,20 @@ struct ec_point_st { * special case */ }; + +static ossl_inline int ec_point_is_compat(const EC_POINT *point, + const EC_GROUP *group) +{ + if (group->meth != point->meth + || (group->curve_name != 0 + && point->curve_name != 0 + && group->curve_name != point->curve_name)) + return 0; + + return 1; +} + + NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 7cb4bfe..9550589 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -140,6 +140,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; + dest->curve_name = src->curve_name; + /* Copy precomputed */ dest->pre_comp_type = src->pre_comp_type; switch (src->pre_comp_type) { @@ -202,7 +204,6 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; } - dest->curve_name = src->curve_name; dest->asn1_flag = src->asn1_flag; dest->asn1_form = src->asn1_form; @@ -563,6 +564,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) } ret->meth = group->meth; + ret->curve_name = group->curve_name; if (!ret->meth->point_init(ret)) { OPENSSL_free(ret); @@ -600,7 +602,10 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (dest->meth != src->meth) { + if (dest->meth != src->meth + || (dest->curve_name != src->curve_name + && dest->curve_name != 0 + && src->curve_name != 0)) { ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -657,7 +662,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -676,7 +681,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -694,7 +699,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -720,7 +725,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -746,7 +751,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -764,7 +769,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -780,8 +785,8 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if ((group->meth != r->meth) || (r->meth != a->meth) - || (a->meth != b->meth)) { + if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group) + || !ec_point_is_compat(b, group)) { ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -795,7 +800,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if ((group->meth != r->meth) || (r->meth != a->meth)) { + if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) { ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -808,7 +813,7 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != a->meth) { + if (!ec_point_is_compat(a, group)) { ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -822,7 +827,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -843,7 +848,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -857,7 +862,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } - if ((group->meth != a->meth) || (a->meth != b->meth)) { + if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) { ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); return -1; } @@ -870,7 +875,7 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -887,7 +892,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, return 0; } for (i = 0; i < num; i++) { - if (group->meth != points[i]->meth) { + if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index f69271e..cac9591 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -371,7 +371,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * precomputation is not available */ int ret = 0; - if (group->meth != r->meth) { + if (!ec_point_is_compat(r, group)) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -407,7 +407,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } for (i = 0; i < num; i++) { - if (group->meth != points[i]->meth) { + if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index effc42a..fd1fb0b 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -30,7 +30,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -66,7 +66,7 @@ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -93,7 +93,7 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -123,7 +123,7 @@ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 2461898..153f390 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1168,7 +1168,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return 0; } - if (group->meth != r->meth) { + if (!ec_point_is_compat(r, group)) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -1177,7 +1177,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return EC_POINT_set_to_infinity(group, r); for (j = 0; j < num; j++) { - if (group->meth != points[j]->meth) { + if (!ec_point_is_compat(points[j], group)) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index abd3795..d6a61d1 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -352,6 +352,7 @@ int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) if (!BN_copy(dest->Z, src->Z)) return 0; dest->Z_is_one = src->Z_is_one; + dest->curve_name = src->curve_name; return 1; } From matt at openssl.org Thu May 24 16:30:14 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 24 May 2018 16:30:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527179414.692395.21483.nullmailer@dev.openssl.org> The branch master has been updated via a0abb6a10f4c5fc6dd20c487aa0db085fbfb3562 (commit) via 07824f304a220ea09ec369bad60f4fcfd01d5d14 (commit) from b14e60155009f4f1d168e220fa01cd2b75557b72 (commit) - Log ----------------------------------------------------------------- commit a0abb6a10f4c5fc6dd20c487aa0db085fbfb3562 Author: Matt Caswell Date: Thu May 17 12:53:07 2018 +0100 Add a sanity check on the length of pkeyutl inputs When signing or verifying a file using pkeyutl the input is supposed to be a hash. Some algorithms sanity check the length of the input, while others don't and silently truncate. To avoid accidents we check that the length of the input looks sane. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6284) commit 07824f304a220ea09ec369bad60f4fcfd01d5d14 Author: Matt Caswell Date: Thu May 17 11:18:01 2018 +0100 Revert "Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA" This reverts commit a6f5b1163452a36da1c8378eab3f29ae234e5c7f. The EVP_PKEY_sign() function is intended for pre-hashed input which is not supported by our EdDSA implementation. See the discussion in PR 5880 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6284) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 +++ apps/pkeyutl.c | 12 +++++++- crypto/ec/ec_err.c | 2 -- crypto/ec/ecx_meth.c | 79 +++++++++++++------------------------------------ crypto/err/openssl.txt | 2 -- doc/man1/pkeyutl.pod | 47 ++++++++++++++++------------- include/openssl/ecerr.h | 2 -- 7 files changed, 61 insertions(+), 87 deletions(-) diff --git a/CHANGES b/CHANGES index 612da59..7a47852 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,10 @@ release branch. Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Enforce checking in the pkeyutl command line app to ensure that the input + length does not exceed the maximum supported digest length when performing + a sign, verify or verifyrecover operation. + [Matt Caswell] *) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking I/O in combination with something like select() or poll() will hang. This diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 911cc57..2c4e524 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -282,7 +282,7 @@ int pkeyutl_main(int argc, char **argv) buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); if (buf_inlen < 0) { BIO_printf(bio_err, "Error reading input Data\n"); - exit(1); + goto end; } if (rev) { size_t i; @@ -296,6 +296,16 @@ int pkeyutl_main(int argc, char **argv) } } + /* Sanity check the input */ + if (buf_inlen > EVP_MAX_MD_SIZE + && (pkey_op == EVP_PKEY_OP_SIGN + || pkey_op == EVP_PKEY_OP_VERIFY + || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) { + BIO_printf(bio_err, + "Error: The input data looks too long to be a hash\n"); + goto end; + } + if (pkey_op == EVP_PKEY_OP_VERIFY) { rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, buf_in, (size_t)buf_inlen); diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 807427f..94a7207 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -250,8 +250,6 @@ static const ERR_STRING_DATA EC_str_functs[] = { "pkey_ecd_digestsign25519"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0), "pkey_ecd_digestsign448"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_SIGN25519, 0), "pkey_ecd_sign25519"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_SIGN448, 0), "pkey_ecd_sign448"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"}, diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index ea56df0..d2aa6dd 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -675,18 +675,18 @@ const EVP_PKEY_METHOD ecx448_pkey_meth = { 0 }; -static int pkey_ecd_sign25519(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) +static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen) { - const ECX_KEY *edkey = ctx->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; if (sig == NULL) { *siglen = ED25519_SIGSIZE; return 1; } if (*siglen < ED25519_SIGSIZE) { - ECerr(EC_F_PKEY_ECD_SIGN25519, EC_R_BUFFER_TOO_SMALL); + ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL); return 0; } @@ -696,26 +696,18 @@ static int pkey_ecd_sign25519(EVP_PKEY_CTX *ctx, unsigned char *sig, return 1; } -static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - return pkey_ecd_sign25519(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, - tbslen); -} - -static int pkey_ecd_sign448(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) +static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen) { - const ECX_KEY *edkey = ctx->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; if (sig == NULL) { *siglen = ED448_SIGSIZE; return 1; } if (*siglen < ED448_SIGSIZE) { - ECerr(EC_F_PKEY_ECD_SIGN448, EC_R_BUFFER_TOO_SMALL); + ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL); return 0; } @@ -726,18 +718,11 @@ static int pkey_ecd_sign448(EVP_PKEY_CTX *ctx, unsigned char *sig, return 1; } -static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - return pkey_ecd_sign448(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, tbslen); -} - -static int pkey_ecd_verify25519(EVP_PKEY_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) +static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen) { - const ECX_KEY *edkey = ctx->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; if (siglen != ED25519_SIGSIZE) return 0; @@ -745,19 +730,11 @@ static int pkey_ecd_verify25519(EVP_PKEY_CTX *ctx, const unsigned char *sig, return ED25519_verify(tbs, tbslen, sig, edkey->pubkey); } -static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) -{ - return pkey_ecd_verify25519(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, - tbslen); -} - -static int pkey_ecd_verify448(EVP_PKEY_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) +static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen) { - const ECX_KEY *edkey = ctx->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; if (siglen != ED448_SIGSIZE) return 0; @@ -765,14 +742,6 @@ static int pkey_ecd_verify448(EVP_PKEY_CTX *ctx, const unsigned char *sig, return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0); } -static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) -{ - return pkey_ecd_verify448(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, - tbslen); -} - static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { switch (type) { @@ -793,11 +762,7 @@ const EVP_PKEY_METHOD ed25519_pkey_meth = { EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, 0, 0, 0, 0, 0, 0, pkey_ecx_keygen, - 0, - pkey_ecd_sign25519, - 0, - pkey_ecd_verify25519, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, pkey_ecd_ctrl, 0, pkey_ecd_digestsign25519, @@ -808,11 +773,7 @@ const EVP_PKEY_METHOD ed448_pkey_meth = { EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, 0, 0, 0, 0, 0, 0, pkey_ecx_keygen, - 0, - pkey_ecd_sign448, - 0, - pkey_ecd_verify448, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, pkey_ecd_ctrl, 0, pkey_ecd_digestsign448, diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 209bd0d..89e5ceb 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -647,8 +647,6 @@ EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl EC_F_PKEY_ECD_DIGESTSIGN:272:pkey_ecd_digestsign EC_F_PKEY_ECD_DIGESTSIGN25519:276:pkey_ecd_digestsign25519 EC_F_PKEY_ECD_DIGESTSIGN448:277:pkey_ecd_digestsign448 -EC_F_PKEY_ECD_SIGN25519:284:pkey_ecd_sign25519 -EC_F_PKEY_ECD_SIGN448:285:pkey_ecd_sign448 EC_F_PKEY_ECX_DERIVE:269:pkey_ecx_derive EC_F_PKEY_EC_CTRL:197:pkey_ec_ctrl EC_F_PKEY_EC_CTRL_STR:198:pkey_ec_ctrl_str diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod index d485f61..664dbef 100644 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -38,8 +38,8 @@ B B =head1 DESCRIPTION -The B command can be used to perform public key operations using -any supported algorithm. +The B command can be used to perform low level public key operations +using any supported algorithm. =head1 OPTIONS @@ -99,17 +99,17 @@ Reverse the order of the input buffer. This is useful for some libraries =item B<-sign> -Sign the input data and output the signed result. This requires -a private key. +Sign the input data (which must be a hash) and output the signed result. This +requires a private key. =item B<-verify> -Verify the input data against the signature file and indicate if the -verification succeeded or failed. +Verify the input data (which must be a hash) against the signature file and +indicate if the verification succeeded or failed. =item B<-verifyrecover> -Verify the input data and output the recovered data. +Verify the input data (which must be a hash) and output the recovered data. =item B<-encrypt> @@ -184,20 +184,25 @@ and its implementation. The OpenSSL operations and options are indicated below. Unless otherwise mentioned all algorithms support the B option which specifies the digest in use for sign, verify and verifyrecover operations. The value B should represent a digest name as used in the -EVP_get_digestbyname() function for example B. -This value is used only for sanity-checking the lengths of data passed in to -the B and for creating the structures that make up the signature -(e.g. B in RSASSA PKCS#1 v1.5 signatures). -In case of RSA, ECDSA and DSA signatures, this utility -will not perform hashing on input data but rather use the data directly as -input of signature algorithm. Depending on key type, signature type and mode -of padding, the maximum acceptable lengths of input data differ. In general, -with RSA the signed data can't be longer than the key modulus, in case of ECDSA -and DSA the data shouldn't be longer than field size, otherwise it will be -silently truncated to field size. - -In other words, if the value of digest is B the input should be 20 bytes -long binary encoding of SHA-1 hash function output. +EVP_get_digestbyname() function for example B. This value is not used to +hash the input data. It is used (by some algorithms) for sanity-checking the +lengths of data passed in to the B and for creating the structures that +make up the signature (e.g. B in RSASSA PKCS#1 v1.5 signatures). + +This utility does not hash the input data but rather it will use the data +directly as input to the signature algorithm. Depending on the key type, +signature type, and mode of padding, the maximum acceptable lengths of input +data differ. The signed data can't be longer than the key modulus with RSA. In +case of ECDSA and DSA the data shouldn't be longer than the field +size, otherwise it will be silently truncated to the field size. In any event +the input size must not be larger than the largest supported digest size. + +In other words, if the value of digest is B the input should be the 20 +bytes long binary encoding of the SHA-1 hash function output. + +The Ed25519 and Ed448 signature algorithms are not supported by this utility. +They accept non-hashed input, but this utility can only be used to sign hashed +input. =head1 RSA ALGORITHM diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index 320c651..fd5ce84 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -173,8 +173,6 @@ int ERR_load_EC_strings(void); # define EC_F_PKEY_ECD_DIGESTSIGN 272 # define EC_F_PKEY_ECD_DIGESTSIGN25519 276 # define EC_F_PKEY_ECD_DIGESTSIGN448 277 -# define EC_F_PKEY_ECD_SIGN25519 284 -# define EC_F_PKEY_ECD_SIGN448 285 # define EC_F_PKEY_ECX_DERIVE 269 # define EC_F_PKEY_EC_CTRL 197 # define EC_F_PKEY_EC_CTRL_STR 198 From davidben at google.com Thu May 24 19:50:07 2018 From: davidben at google.com (davidben at google.com) Date: Thu, 24 May 2018 19:50:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527191407.799778.981.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 1ae891c6b15e28b280845858326fb50ea5b61ac7 (commit) from 926b21117df939241f1cd63f2f9e3ab87819f0ed (commit) - Log ----------------------------------------------------------------- commit 1ae891c6b15e28b280845858326fb50ea5b61ac7 Author: David Benjamin Date: Sun May 20 17:24:30 2018 -0400 Save and restore the Windows error around TlsGetValue. TlsGetValue clears the last error even on success, so that callers may distinguish it successfully returning NULL or failing. This error-mangling behavior interferes with the caller's use of GetLastError. In particular SSL_get_error queries the error queue to determine whether the caller should look at the OS's errors. To avoid destroying state, save and restore the Windows error. Fixes #6299. Reviewed-by: Rich Salz (cherry picked from commit 2de108dfa343c3e06eb98beb122cd06306bb12fd) (Merged from https://github.com/openssl/openssl/pull/6349) ----------------------------------------------------------------------- Summary of changes: crypto/threads_win.c | 21 ++++++++++++- test/build.info | 6 +++- test/errtest.c | 40 ++++++++++++++++++++++++ test/recipes/{03-test_exdata.t => 04-test_err.t} | 4 +-- 4 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 test/errtest.c copy test/recipes/{03-test_exdata.t => 04-test_err.t} (74%) diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 4e0de90..c9da56b 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -98,7 +98,26 @@ int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) { - return TlsGetValue(*key); + DWORD last_error; + void *ret; + + /* + * TlsGetValue clears the last error even on success, so that callers may + * distinguish it successfully returning NULL or failing. It is documented + * to never fail if the argument is a valid index from TlsAlloc, so we do + * not need to handle this. + * + * However, this error-mangling behavior interferes with the caller's use of + * GetLastError. In particular SSL_get_error queries the error queue to + * determine whether the caller should look at the OS's errors. To avoid + * destroying state, save and restore the Windows error. + * + * https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx + */ + last_error = GetLastError(); + ret = TlsGetValue(*key); + SetLastError(last_error); + return ret; } int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) diff --git a/test/build.info b/test/build.info index dcb3985..87961bc 100644 --- a/test/build.info +++ b/test/build.info @@ -18,7 +18,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ - ocspapitest fatalerrtest x509_time_test + ocspapitest fatalerrtest x509_time_test errtest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -306,6 +306,10 @@ IF[{- !$disabled{tests} -}] SOURCE[shlibloadtest]=shlibloadtest.c INCLUDE[shlibloadtest]=../include ENDIF + + SOURCE[errtest]=errtest.c testutil.c + INCLUDE[errtest]=../include + DEPEND[errtest]=../libcrypto ENDIF {- diff --git a/test/errtest.c b/test/errtest.c new file mode 100644 index 0000000..df4cddb --- /dev/null +++ b/test/errtest.c @@ -0,0 +1,40 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "testutil.h" + +#if defined(OPENSSL_SYS_WINDOWS) +# include +#else +# include +#endif + +/* Test that querying the error queue preserves the OS error. */ +static int preserves_system_error(void) +{ +#if defined(OPENSSL_SYS_WINDOWS) + SetLastError(ERROR_INVALID_FUNCTION); + ERR_get_error(); + return GetLastError() == ERROR_INVALID_FUNCTION; +#else + errno = EINVAL; + ERR_get_error(); + return errno == EINVAL; +#endif +} + +int main(int argc, char **argv) +{ + ADD_TEST(preserves_system_error); + + return run_tests(argv[0]); +} diff --git a/test/recipes/03-test_exdata.t b/test/recipes/04-test_err.t similarity index 74% copy from test/recipes/03-test_exdata.t copy to test/recipes/04-test_err.t index da66f95..dd7681a 100644 --- a/test/recipes/03-test_exdata.t +++ b/test/recipes/04-test_err.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,4 +9,4 @@ use OpenSSL::Test::Simple; -simple_test("test_exdata", "exdatatest"); +simple_test("test_err", "errtest"); From bernd.edlinger at hotmail.de Fri May 25 10:27:31 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 25 May 2018 10:27:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527244051.137207.30113.nullmailer@dev.openssl.org> The branch master has been updated via 1bb829300a9a941b75e8d5ae6ea8f53b3845ac4c (commit) from a0abb6a10f4c5fc6dd20c487aa0db085fbfb3562 (commit) - Log ----------------------------------------------------------------- commit 1bb829300a9a941b75e8d5ae6ea8f53b3845ac4c Author: Bernd Edlinger Date: Fri May 25 08:06:55 2018 +0200 Fix array bounds violation in ssl_session_dup Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6353) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 541f82a..52ec670 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -204,7 +204,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (src->ext.supportedgroups) { dest->ext.supportedgroups = OPENSSL_memdup(src->ext.supportedgroups, - src->ext.supportedgroups_len); + src->ext.supportedgroups_len + * sizeof(*src->ext.supportedgroups)); if (dest->ext.supportedgroups == NULL) goto err; } From levitte at openssl.org Sat May 26 06:37:01 2018 From: levitte at openssl.org (Richard Levitte) Date: Sat, 26 May 2018 06:37:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527316621.487485.19425.nullmailer@dev.openssl.org> The branch master has been updated via c8c250333cd254ab3f4d709ebc5ed86a7c065721 (commit) via bbbf752a3c8b5a966bcb48fc71a3dc03832e7b27 (commit) from 1bb829300a9a941b75e8d5ae6ea8f53b3845ac4c (commit) - Log ----------------------------------------------------------------- commit c8c250333cd254ab3f4d709ebc5ed86a7c065721 Author: Nick Mathewson Date: Thu May 24 15:23:15 2018 -0400 Improve the example getpass() implementation to show an error return Also, modernize the code, so that it isn't trying to store a size_t into an int, and then check the int's sign. :/ Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6271) commit bbbf752a3c8b5a966bcb48fc71a3dc03832e7b27 Author: Nick Mathewson Date: Wed May 16 11:07:48 2018 -0400 Update documentation for PEM callback: error is now -1. In previous versions of OpenSSL, the documentation for PEM_read_* said: The callback B return the number of characters in the passphrase or 0 if an error occurred. But since c82c3462267afdbbaa5, 0 is now treated as a non-error return value. Applications that want to indicate an error need to return -1 instead. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6271) ----------------------------------------------------------------------- Summary of changes: doc/man3/PEM_read_bio_PrivateKey.pod | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 9f62140..744a46f 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -295,7 +295,7 @@ for it twice) if B is 1. The B parameter has the same value as the B parameter passed to the PEM routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a GUI application). The callback -B return the number of characters in the passphrase or 0 if +B return the number of characters in the passphrase or -1 if an error occurred. =head1 EXAMPLES @@ -346,17 +346,16 @@ Skeleton pass phrase callback: int pass_cb(char *buf, int size, int rwflag, void *u) { - int len; - char *tmp; /* We'd probably do something else if 'rwflag' is 1 */ printf("Enter pass phrase for \"%s\"\n", (char *)u); /* get pass phrase, length 'len' into 'tmp' */ - tmp = "hello"; - len = strlen(tmp); - if (len <= 0) - return 0; + char *tmp = "hello"; + if (tmp == NULL) /* An error occurred */ + return -1; + + size_t len = strlen(tmp); if (len > size) len = size; From no-reply at appveyor.com Sat May 26 15:42:15 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 15:42:15 +0000 Subject: [openssl-commits] Build completed: openssl master.18180 Message-ID: <20180526154215.1.D1EEEFED50D9382B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 26 15:45:29 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 15:45:29 +0000 Subject: [openssl-commits] Build failed: openssl master.18181 Message-ID: <20180526154529.1.991F71CCDD60A946@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 26 16:11:23 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 16:11:23 +0000 Subject: [openssl-commits] Build failed: openssl master.18182 Message-ID: <20180526161123.1.8399DFB6D537E59A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 26 16:15:31 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 16:15:31 +0000 Subject: [openssl-commits] Build failed: openssl master.18183 Message-ID: <20180526161531.1.D4050C4F5B0DFB3C@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 26 16:19:49 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 16:19:49 +0000 Subject: [openssl-commits] Build failed: openssl master.18184 Message-ID: <20180526161949.1.DA011D66B02CE231@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 26 16:24:41 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 16:24:41 +0000 Subject: [openssl-commits] Build failed: openssl master.18185 Message-ID: <20180526162441.1.5641DB7C8491BED6@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 26 16:38:53 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 16:38:53 +0000 Subject: [openssl-commits] Build failed: openssl master.18186 Message-ID: <20180526163853.1.0E2C010493283546@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 26 17:02:26 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 17:02:26 +0000 Subject: [openssl-commits] Build failed: openssl master.18187 Message-ID: <20180526170226.1.92A44891DE07B161@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat May 26 17:59:51 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 26 May 2018 17:59:51 +0000 Subject: [openssl-commits] Build completed: openssl master.18188 Message-ID: <20180526175951.1.2A013D520C36B1E1@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Sat May 26 18:01:09 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 26 May 2018 18:01:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527357669.011599.32601.nullmailer@dev.openssl.org> The branch master has been updated via 4de3fe5381b647de4b93436c5138ad16e575056c (commit) from c8c250333cd254ab3f4d709ebc5ed86a7c065721 (commit) - Log ----------------------------------------------------------------- commit 4de3fe5381b647de4b93436c5138ad16e575056c Author: Bernd Edlinger Date: Sat May 26 17:08:03 2018 +0200 Try to work around ubuntu gcc-5 ubsan build failure [extended tests] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6360) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4affefd..7092953 100644 --- a/.travis.yml +++ b/.travis.yml @@ -93,16 +93,16 @@ matrix: - os: linux compiler: clang env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -D__NO_STRING_INLINES -Wno-unused-command-line-argument" - #- os: linux - # addons: - # apt: - # packages: - # - gcc-5 - # - g++-5 - # sources: - # - ubuntu-toolchain-r-test - # compiler: gcc-5 - # env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 + - os: linux + addons: + apt: + packages: + - gcc-5 + - g++-5 + sources: + - ubuntu-toolchain-r-test + compiler: gcc-5 + env: UBUNTU_GCC_HACK="yes" EXTENDED_TEST="yes" CONFIG_OPTS="--debug no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" OPENSSL_TEST_RAND_ORDER=0 - os: linux addons: apt: @@ -141,6 +141,10 @@ before_script: srcdir=.; top=.; fi + - if [ -n "$UBUNTU_GCC_HACK" ]; then + $CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt; + CC="$CC -specs=gcc-specs.txt"; + fi - if [ "$CC" = i686-w64-mingw32-gcc ]; then export CROSS_COMPILE=${CC%%gcc}; unset CC; $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format; From bernd.edlinger at hotmail.de Sun May 27 06:51:54 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 27 May 2018 06:51:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527403914.740691.32716.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 10fe37dd1bb7f75ca68a442406c09ada6735f38b (commit) from 1ae891c6b15e28b280845858326fb50ea5b61ac7 (commit) - Log ----------------------------------------------------------------- commit 10fe37dd1bb7f75ca68a442406c09ada6735f38b Author: Bernd Edlinger Date: Sat May 26 17:08:03 2018 +0200 Try to work around ubuntu gcc-5 ubsan build failure [extended tests] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6362) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e20c208..1c1db2b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -61,7 +61,7 @@ matrix: sources: - ubuntu-toolchain-r-test compiler: gcc-5 - env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" + env: UBUNTU_GCC_HACK="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" - os: linux addons: apt: @@ -112,6 +112,10 @@ before_script: srcdir=.; top=.; fi + - if [ -n "$UBUNTU_GCC_HACK" ]; then + $CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt; + CC="$CC -specs=gcc-specs.txt"; + fi - if [ "$CC" == i686-w64-mingw32-gcc ]; then export CROSS_COMPILE=${CC%%gcc}; unset CC; $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format; From matthias.st.pierre at ncp-e.com Sun May 27 07:51:00 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 27 May 2018 07:51:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527407460.582186.32426.nullmailer@dev.openssl.org> The branch master has been updated via e37d4a6704cf0c8b0a0a6601eff82ca65d16d4a3 (commit) from 4de3fe5381b647de4b93436c5138ad16e575056c (commit) - Log ----------------------------------------------------------------- commit e37d4a6704cf0c8b0a0a6601eff82ca65d16d4a3 Author: Dr. Matthias St. Pierre Date: Wed May 16 22:53:41 2018 +0200 util/libcrypto.num: fix symbol collision between 1.1.0 and master In commit 6decf9436f7, fourteen public symbols were removed from util/libcrypto.num on the master branch and the following symbols renumbered. Unfortunately, the symbols `OCSP_resp_get0_signer` and `X509_get0_authority_key_id` were not adjusted accordingly on the OpenSSL_1_1_0-stable branch. This commit fixes the collision by doing a 'double swap'. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6278) ----------------------------------------------------------------------- Summary of changes: util/libcrypto.num | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/util/libcrypto.num b/util/libcrypto.num index d3351c5..937b718 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4411,7 +4411,7 @@ EVP_sm4_ofb 4356 1_1_1 EXIST::FUNCTION:SM4 EVP_sm4_ecb 4357 1_1_1 EXIST::FUNCTION:SM4 EVP_sm4_cfb128 4358 1_1_1 EXIST::FUNCTION:SM4 EVP_sm3 4359 1_1_1 EXIST::FUNCTION:SM3 -OCSP_resp_get0_signer 4360 1_1_0h EXIST::FUNCTION:OCSP +RSA_get0_multi_prime_factors 4360 1_1_1 EXIST::FUNCTION:RSA EVP_PKEY_public_check 4361 1_1_1 EXIST::FUNCTION: EVP_PKEY_param_check 4362 1_1_1 EXIST::FUNCTION: EVP_PKEY_meth_set_public_check 4363 1_1_1 EXIST::FUNCTION: @@ -4425,7 +4425,7 @@ DH_check_pub_key_ex 4370 1_1_1 EXIST::FUNCTION:DH DH_check_params_ex 4371 1_1_1 EXIST::FUNCTION:DH RSA_generate_multi_prime_key 4372 1_1_1 EXIST::FUNCTION:RSA RSA_get_multi_prime_extra_count 4373 1_1_1 EXIST::FUNCTION:RSA -RSA_get0_multi_prime_factors 4374 1_1_1 EXIST::FUNCTION:RSA +OCSP_resp_get0_signer 4374 1_1_0h EXIST::FUNCTION:OCSP RSA_get0_multi_prime_crt_params 4375 1_1_1 EXIST::FUNCTION:RSA RSA_set0_multi_prime_params 4376 1_1_1 EXIST::FUNCTION:RSA RSA_get_version 4377 1_1_1 EXIST::FUNCTION:RSA @@ -4489,7 +4489,7 @@ OCSP_basic_sign_ctx 4430 1_1_1 EXIST::FUNCTION:OCSP RAND_DRBG_bytes 4431 1_1_1 EXIST::FUNCTION: RAND_DRBG_secure_new 4432 1_1_1 EXIST::FUNCTION: OSSL_STORE_vctrl 4433 1_1_1 EXIST::FUNCTION: -X509_get0_authority_key_id 4434 1_1_0h EXIST::FUNCTION: +OSSL_STORE_SEARCH_by_alias 4434 1_1_1 EXIST::FUNCTION: BIO_bind 4435 1_1_1 EXIST::FUNCTION:SOCK OSSL_STORE_LOADER_set_expect 4436 1_1_1 EXIST::FUNCTION: OSSL_STORE_expect 4437 1_1_1 EXIST::FUNCTION: @@ -4503,7 +4503,7 @@ OSSL_STORE_SEARCH_get0_bytes 4444 1_1_1 EXIST::FUNCTION: OSSL_STORE_SEARCH_get0_string 4445 1_1_1 EXIST::FUNCTION: OSSL_STORE_SEARCH_by_issuer_serial 4446 1_1_1 EXIST::FUNCTION: OSSL_STORE_SEARCH_get0_name 4447 1_1_1 EXIST::FUNCTION: -OSSL_STORE_SEARCH_by_alias 4448 1_1_1 EXIST::FUNCTION: +X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION: OSSL_STORE_LOADER_set_find 4449 1_1_1 EXIST::FUNCTION: OSSL_STORE_SEARCH_free 4450 1_1_1 EXIST::FUNCTION: OSSL_STORE_SEARCH_get0_digest 4451 1_1_1 EXIST::FUNCTION: From scan-admin at coverity.com Sun May 27 07:59:31 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 27 May 2018 07:59:31 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b0a65631639e_29742ab1dd750f58714b3@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0I9fh5PbKL4hDhIWEzo6Zo0n5cuVXeQAx-2F1nIiI8hvdDXJgP5HEUgBrZ-2FA91IIT5SKVi2bb6iXWZbaUGOYho-2BfkxXCybNveda9rM4O7tfGJGNwHJh-2FdkpuiR46LStauwOeKQR3MZg9Byt-2FrHkoLB93qW5r8Z7JPew6nhUST27fBHAWFp8YVtJ-2F0D76e8yXTOE-3D Build ID: 212806 Analysis Summary: New defects found: 1 Defects eliminated: 1 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0I9fh5PbKL4hDhIWEzo6Zo0n5cuVXeQAx-2F1nIiI8hvdFjp6OIibjvX-2FedR4kk3nfzlN5cS620X18Fw5xuHbs-2Flp8JUKGQYiBW9OywMoZ0mfrJJYmnv561zwSV4BzDPzW6JFKJtjcqHOfrm-2B039It-2FPJW6xsdOVUKQDBUoLlSjk0R2g1ax34VGDfBHHltEVw6M-3D From scan-admin at coverity.com Sun May 27 08:06:49 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 27 May 2018 08:06:49 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b0a6718c7595_2fb82ab1dd750f58714b5@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2nsKFkkpMqXiPGmmiJXkQK3-2BWE7Oj9tAq5DK2a0FJLWT7caTN44vIarOUe-2Bl7TSIKs0linp2BLa60vaVI07DkTJpqaj6QIGKUNmgTlc2PeTgKBDgghRe0o5rydnFSq0kj865g-2FfWfb7PgoBo4rXKDKnQvEe9pKddnrQW8b76ugPI9tRtOBV-2FxtUcRli61CfK0-3D Build ID: 212811 Analysis Summary: New defects found: 0 Defects eliminated: 0 From matthias.st.pierre at ncp-e.com Mon May 28 17:13:12 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Mon, 28 May 2018 17:13:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527527592.060727.9477.nullmailer@dev.openssl.org> The branch master has been updated via 0396401d1c3fd65487116b0623e634b65bf28670 (commit) via 6692ff7777ea3e75f964de7ee64761ec8565f9be (commit) via e6f35b5768d8810644f1f2cc9ca8294d97688343 (commit) via 5777254b7aa71ba14582912509c07ff9027a55eb (commit) from e37d4a6704cf0c8b0a0a6601eff82ca65d16d4a3 (commit) - Log ----------------------------------------------------------------- commit 0396401d1c3fd65487116b0623e634b65bf28670 Author: Dr. Matthias St. Pierre Date: Sun May 27 09:08:08 2018 +0200 ECDSA_SIG: add simple getters for commonly used struct members Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6290) commit 6692ff7777ea3e75f964de7ee64761ec8565f9be Author: Dr. Matthias St. Pierre Date: Sun May 27 09:01:28 2018 +0200 RSA: add simple getters for commonly used struct members Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6290) commit e6f35b5768d8810644f1f2cc9ca8294d97688343 Author: Dr. Matthias St. Pierre Date: Sun May 27 08:57:55 2018 +0200 DSA: add simple getters for commonly used struct members Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6290) commit 5777254b7aa71ba14582912509c07ff9027a55eb Author: Dr. Matthias St. Pierre Date: Sun May 27 09:07:07 2018 +0200 DH: fix: add simple getters for commonly used struct members amends 6db7fadf0975 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6290) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_lib.c | 25 +++++++++++++++++++++++++ crypto/ec/ec_asn1.c | 10 ++++++++++ crypto/rsa/rsa_lib.c | 40 ++++++++++++++++++++++++++++++++++++++++ doc/man3/DH_get0_pqg.pod | 6 +++++- doc/man3/DSA_get0_pqg.pod | 16 ++++++++++++++-- doc/man3/ECDSA_SIG_new.pod | 14 ++++++++++++-- doc/man3/RSA_get0_key.pod | 22 +++++++++++++++++++++- include/openssl/dsa.h | 5 +++++ include/openssl/ec.h | 16 ++++++++++++---- include/openssl/rsa.h | 8 ++++++++ util/libcrypto.num | 25 ++++++++++++++++++++----- 11 files changed, 172 insertions(+), 15 deletions(-) diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index e730e8e..9275a53 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -305,6 +305,31 @@ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) return 1; } +const BIGNUM *DSA_get0_p(const DSA *d) +{ + return d->p; +} + +const BIGNUM *DSA_get0_q(const DSA *d) +{ + return d->q; +} + +const BIGNUM *DSA_get0_g(const DSA *d) +{ + return d->g; +} + +const BIGNUM *DSA_get0_pub_key(const DSA *d) +{ + return d->pub_key; +} + +const BIGNUM *DSA_get0_priv_key(const DSA *d) +{ + return d->priv_key; +} + void DSA_clear_flags(DSA *d, int flags) { d->flags &= ~flags; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 33c4c23..cdc5d38 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1183,6 +1183,16 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) *ps = sig->s; } +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) +{ + return sig->r; +} + +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) +{ + return sig->s; +} + int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { if (r == NULL || s == NULL) diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 133ba21..0974aa6 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -402,6 +402,46 @@ int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], return 1; } +const BIGNUM *RSA_get0_n(const RSA *r) +{ + return r->n; +} + +const BIGNUM *RSA_get0_e(const RSA *r) +{ + return r->e; +} + +const BIGNUM *RSA_get0_d(const RSA *r) +{ + return r->d; +} + +const BIGNUM *RSA_get0_p(const RSA *r) +{ + return r->p; +} + +const BIGNUM *RSA_get0_q(const RSA *r) +{ + return r->q; +} + +const BIGNUM *RSA_get0_dmp1(const RSA *r) +{ + return r->dmp1; +} + +const BIGNUM *RSA_get0_dmq1(const RSA *r) +{ + return r->dmq1; +} + +const BIGNUM *RSA_get0_iqmp(const RSA *r) +{ + return r->iqmp; +} + void RSA_clear_flags(RSA *r, int flags) { r->flags &= ~flags; diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod index 6b25556..00e8ef5 100644 --- a/doc/man3/DH_get0_pqg.pod +++ b/doc/man3/DH_get0_pqg.pod @@ -41,6 +41,8 @@ If the parameters have not yet been set then B<*p>, B<*q> and B<*g> will be set to NULL. Otherwise they are set to pointers to their respective values. These point directly to the internal representations of the values and therefore should not be freed directly. +Any of the out parameters B

    , B, and B can be NULL, in which case no +value will be returned for that parameter. The B

    , B and B values can be set by calling DH_set0_pqg() and passing the new values for B

    , B and B as parameters to the function. Calling @@ -54,6 +56,8 @@ private key will be stored in B<*priv_key>. Either may be NULL if they have not been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. +Any of the out parameters B and B can be NULL, in which case +no value will be returned for that parameter. The public and private key values can be set using DH_set0_key(). Either parameter may be NULL, which means the corresponding DH field is left @@ -93,7 +97,7 @@ duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg(). DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure. DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key() -return the respective value. +return the respective value, or NULL if it is unset. DH_test_flags() returns the current state of the flags in the DH object. diff --git a/doc/man3/DSA_get0_pqg.pod b/doc/man3/DSA_get0_pqg.pod index 58e3ab5..17eb9fe 100644 --- a/doc/man3/DSA_get0_pqg.pod +++ b/doc/man3/DSA_get0_pqg.pod @@ -2,8 +2,11 @@ =head1 NAME -DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_clear_flags, -DSA_test_flags, DSA_set_flags, DSA_get0_engine - Routines for getting and +DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, +DSA_get0_p, DSA_get0_q, DSA_get0_g, +DSA_get0_pub_key, DSA_get0_priv_key, +DSA_clear_flags, DSA_test_flags, DSA_set_flags, +DSA_get0_engine - Routines for getting and setting data in a DSA object =head1 SYNOPSIS @@ -16,6 +19,11 @@ setting data in a DSA object void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); + const BIGNUM *DSA_get0_p(const DSA *d); + const BIGNUM *DSA_get0_q(const DSA *d); + const BIGNUM *DSA_get0_g(const DSA *d); + const BIGNUM *DSA_get0_pub_key(const DSA *d); + const BIGNUM *DSA_get0_priv_key(const DSA *d); void DSA_clear_flags(DSA *d, int flags); int DSA_test_flags(const DSA *d, int flags); void DSA_set_flags(DSA *d, int flags); @@ -53,6 +61,10 @@ this function transfers the memory management of the key values to the DSA object, and therefore they should not be freed directly after this function has been called. +Any of the values B

    , B, B, B, and B can also be +retrieved separately by the corresponding function DSA_get0_p(), DSA_get0_q(), +DSA_get0_g(), DSA_get0_priv_key(), and DSA_get0_pub_key(), respectively. + DSA_set_flags() sets the flags in the B parameter on the DSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. DSA_test_flags() tests to see whether the flags diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index 9d3cdce..7b70546 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -2,7 +2,7 @@ =head1 NAME -ECDSA_SIG_get0, ECDSA_SIG_set0, +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex - low level elliptic curve digital signature @@ -15,6 +15,8 @@ algorithm (ECDSA) functions ECDSA_SIG *ECDSA_SIG_new(void); void ECDSA_SIG_free(ECDSA_SIG *sig); void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); @@ -53,7 +55,12 @@ OpenSSL 1.1.0 the: the B and B components were initialised. ECDSA_SIG_free() frees the B structure B. ECDSA_SIG_get0() returns internal pointers the B and B values contained -in B. +in B and stores them in B<*pr> and B<*ps>, respectively. +The pointer B or B can be NULL, in which case the corresponding value +is not returned. + +The values B, B can also be retrieved separately by the corresponding +function ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s(), respectively. The B and B values can be set by calling ECDSA_SIG_set0() and passing the new values for B and B as parameters to the function. Calling this @@ -116,6 +123,9 @@ returned as a newly allocated B structure (or NULL on error). ECDSA_SIG_set0() returns 1 on success or 0 on failure. +ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, +or NULL if it is unset. + ECDSA_size() returns the maximum length signature or 0 on error. ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod index 6e6576e..ba25f32 100644 --- a/doc/man3/RSA_get0_key.pod +++ b/doc/man3/RSA_get0_key.pod @@ -3,7 +3,10 @@ =head1 NAME RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, -RSA_get0_factors, RSA_get0_crt_params, RSA_clear_flags, +RSA_get0_factors, RSA_get0_crt_params, +RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, +RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, +RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version @@ -22,6 +25,14 @@ RSA_set0_multi_prime_params, RSA_get_version void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); + const BIGNUM *RSA_get0_n(const RSA *d); + const BIGNUM *RSA_get0_e(const RSA *d); + const BIGNUM *RSA_get0_d(const RSA *d); + const BIGNUM *RSA_get0_p(const RSA *d); + const BIGNUM *RSA_get0_q(const RSA *d); + const BIGNUM *RSA_get0_dmp1(const RSA *r); + const BIGNUM *RSA_get0_dmq1(const RSA *r); + const BIGNUM *RSA_get0_iqmp(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); @@ -82,6 +93,11 @@ return values are stored in an array of B. RSA_set0_multi_prime_params sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) into an RSA object. +Any of the values B, B, B, B

    , B, B, B, and B can also be +retrieved separately by the corresponding function +RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), +RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively. + RSA_set_flags() sets the flags in the B parameter on the RSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. RSA_test_flags() tests to @@ -116,6 +132,10 @@ triplets in RSA object B and assign the new set of triplets into it. RSA_set0_key(), RSA_set0_factors(), RSA_set0_crt_params() and RSA_set0_multi_prime_params() return 1 on success or 0 on failure. +RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), +RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp() +return the respective value. + RSA_get0_multi_prime_factors() and RSA_get0_multi_prime_crt_params() return 1 on success or 0 on failure. diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 5a06847..e1be0ad 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -171,6 +171,11 @@ int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); void DSA_clear_flags(DSA *d, int flags); int DSA_test_flags(const DSA *d, int flags); void DSA_set_flags(DSA *d, int flags); diff --git a/include/openssl/ec.h b/include/openssl/ec.h index a8627cf..a24bee0 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1060,16 +1060,24 @@ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); /** Accessor for r and s fields of ECDSA_SIG - * \param sig pointer to ECDSA_SIG pointer + * \param sig pointer to ECDSA_SIG structure * \param pr pointer to BIGNUM pointer for r (may be NULL) * \param ps pointer to BIGNUM pointer for s (may be NULL) */ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +/** Accessor for r field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); + +/** Accessor for s field of ECDSA_SIG + * \param sig pointer to ECDSA_SIG structure + */ +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); + /** Setter for r and s fields of ECDSA_SIG - * \param sig pointer to ECDSA_SIG pointer - * \param r pointer to BIGNUM for r (may be NULL) - * \param s pointer to BIGNUM for s (may be NULL) + * \param sig pointer to ECDSA_SIG structure */ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 05e4f26..a611b6a 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -216,6 +216,14 @@ void RSA_get0_crt_params(const RSA *r, const BIGNUM **iqmp); int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], const BIGNUM *coeffs[]); +const BIGNUM *RSA_get0_n(const RSA *d); +const BIGNUM *RSA_get0_e(const RSA *d); +const BIGNUM *RSA_get0_d(const RSA *d); +const BIGNUM *RSA_get0_p(const RSA *d); +const BIGNUM *RSA_get0_q(const RSA *d); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); diff --git a/util/libcrypto.num b/util/libcrypto.num index 937b718..e58a467 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4528,8 +4528,23 @@ conf_ssl_name_find 4469 1_1_0i EXIST::FUNCTION: conf_ssl_get_cmd 4470 1_1_0i EXIST::FUNCTION: conf_ssl_get 4471 1_1_0i EXIST::FUNCTION: X509_VERIFY_PARAM_get_hostflags 4472 1_1_0i EXIST::FUNCTION: -DH_get0_p 4473 1_1_0i EXIST::FUNCTION:DH -DH_get0_q 4474 1_1_0i EXIST::FUNCTION:DH -DH_get0_g 4475 1_1_0i EXIST::FUNCTION:DH -DH_get0_priv_key 4476 1_1_0i EXIST::FUNCTION:DH -DH_get0_pub_key 4477 1_1_0i EXIST::FUNCTION:DH +DH_get0_p 4473 1_1_1 EXIST::FUNCTION:DH +DH_get0_q 4474 1_1_1 EXIST::FUNCTION:DH +DH_get0_g 4475 1_1_1 EXIST::FUNCTION:DH +DH_get0_priv_key 4476 1_1_1 EXIST::FUNCTION:DH +DH_get0_pub_key 4477 1_1_1 EXIST::FUNCTION:DH +DSA_get0_priv_key 4478 1_1_1 EXIST::FUNCTION:DSA +DSA_get0_pub_key 4479 1_1_1 EXIST::FUNCTION:DSA +DSA_get0_q 4480 1_1_1 EXIST::FUNCTION:DSA +DSA_get0_p 4481 1_1_1 EXIST::FUNCTION:DSA +DSA_get0_g 4482 1_1_1 EXIST::FUNCTION:DSA +RSA_get0_dmp1 4483 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_d 4484 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_n 4485 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_dmq1 4486 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_e 4487 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_q 4488 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_p 4489 1_1_1 EXIST::FUNCTION:RSA +RSA_get0_iqmp 4490 1_1_1 EXIST::FUNCTION:RSA +ECDSA_SIG_get0_r 4491 1_1_1 EXIST::FUNCTION:EC +ECDSA_SIG_get0_s 4492 1_1_1 EXIST::FUNCTION:EC From matthias.st.pierre at ncp-e.com Mon May 28 22:00:40 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Mon, 28 May 2018 22:00:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527544840.723739.19935.nullmailer@dev.openssl.org> The branch master has been updated via a0cef658d6e15c0711c6e27c5969281a76acf20f (commit) from 0396401d1c3fd65487116b0623e634b65bf28670 (commit) - Log ----------------------------------------------------------------- commit a0cef658d6e15c0711c6e27c5969281a76acf20f Author: Dr. Matthias St. Pierre Date: Mon May 28 22:46:21 2018 +0200 ECDSA_SIG: restore doc comments which were deleted accidentally amends 0396401d1c3f Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6366) ----------------------------------------------------------------------- Summary of changes: include/openssl/ec.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/openssl/ec.h b/include/openssl/ec.h index a24bee0..ed2161d 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1078,6 +1078,8 @@ const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); /** Setter for r and s fields of ECDSA_SIG * \param sig pointer to ECDSA_SIG structure + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) */ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); From matt at openssl.org Tue May 29 12:16:20 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 12:16:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527596180.510237.20503.nullmailer@dev.openssl.org> The branch master has been updated via 83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63 (commit) from a0cef658d6e15c0711c6e27c5969281a76acf20f (commit) - Log ----------------------------------------------------------------- commit 83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63 Author: Matt Caswell Date: Tue May 29 13:07:08 2018 +0100 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6371) ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 2 +- crypto/bio/bss_mem.c | 2 +- crypto/bn/asm/alpha-mont.pl | 2 +- crypto/bn/asm/armv4-mont.pl | 2 +- crypto/bn/asm/ia64-mont.pl | 2 +- crypto/bn/asm/mips-mont.pl | 2 +- crypto/bn/asm/parisc-mont.pl | 2 +- crypto/bn/asm/ppc-mont.pl | 2 +- crypto/bn/asm/ppc64-mont.pl | 2 +- crypto/bn/asm/s390x-mont.pl | 2 +- crypto/bn/asm/sparct4-mont.pl | 2 +- crypto/bn/asm/sparcv9-mont.pl | 2 +- crypto/bn/asm/via-mont.pl | 2 +- crypto/bn/asm/vis3-mont.pl | 2 +- crypto/bn/asm/x86-mont.pl | 2 +- crypto/bn/asm/x86_64-mont.pl | 2 +- crypto/bn/asm/x86_64-mont5.pl | 2 +- crypto/bn/bn_gcd.c | 2 +- crypto/bn/bn_gf2m.c | 2 +- crypto/bn/rsaz_exp.h | 2 +- crypto/chacha/asm/chacha-ppc.pl | 2 +- crypto/cms/cms_env.c | 2 +- crypto/cms/cms_smime.c | 2 +- crypto/conf/conf_api.c | 2 +- crypto/ct/ct_log.c | 2 +- crypto/dh/dh_lib.c | 2 +- crypto/dsa/dsa_lib.c | 2 +- crypto/ec/ec2_smpl.c | 2 +- crypto/ec/ecp_smpl.c | 2 +- crypto/engine/tb_cipher.c | 2 +- crypto/engine/tb_dh.c | 2 +- crypto/engine/tb_digest.c | 2 +- crypto/engine/tb_dsa.c | 2 +- crypto/engine/tb_eckey.c | 2 +- crypto/engine/tb_pkmeth.c | 2 +- crypto/engine/tb_rand.c | 2 +- crypto/engine/tb_rsa.c | 2 +- crypto/modes/asm/ghashp8-ppc.pl | 2 +- crypto/pem/pem_pk8.c | 2 +- crypto/poly1305/asm/poly1305-ppc.pl | 2 +- crypto/poly1305/asm/poly1305-ppcfp.pl | 2 +- crypto/ppccap.c | 2 +- crypto/rand/rand_egd.c | 2 +- crypto/rsa/rsa_lib.c | 2 +- crypto/sha/asm/keccak1600-ppc64.pl | 2 +- crypto/sha/asm/keccak1600p8-ppc.pl | 2 +- crypto/sha/asm/sha512p8-ppc.pl | 2 +- crypto/store/store_init.c | 2 +- crypto/ui/ui_openssl.c | 2 +- crypto/x509/x509_cmp.c | 2 +- crypto/x509v3/v3_ncons.c | 2 +- doc/man1/cms.pod | 2 +- doc/man3/BN_add.pod | 2 +- doc/man3/CMS_encrypt.pod | 2 +- doc/man3/CMS_get0_SignerInfos.pod | 2 +- doc/man3/CMS_get1_ReceiptRequest.pod | 2 +- doc/man3/DH_get0_pqg.pod | 2 +- doc/man3/DSA_get0_pqg.pod | 2 +- doc/man3/ECDSA_SIG_new.pod | 2 +- doc/man3/EC_POINT_add.pod | 2 +- doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod | 2 +- doc/man3/OBJ_nid2obj.pod | 2 +- doc/man3/PEM_bytes_read_bio.pod | 2 +- doc/man3/PEM_read.pod | 2 +- doc/man3/PEM_read_CMS.pod | 2 +- doc/man3/PKCS12_newpass.pod | 2 +- doc/man3/PKCS12_parse.pod | 2 +- doc/man3/PKCS5_PBKDF2_HMAC.pod | 2 +- doc/man3/RSA_get0_key.pod | 2 +- doc/man3/SMIME_read_PKCS7.pod | 2 +- doc/man3/SSL_connect.pod | 2 +- doc/man3/SSL_get_ciphers.pod | 2 +- doc/man3/SSL_set1_host.pod | 2 +- doc/man3/X509_NAME_get_index_by_NID.pod | 2 +- doc/man3/X509_cmp_time.pod | 2 +- include/openssl/x509_vfy.h | 2 +- ssl/ssl_txt.c | 2 +- test/asynctest.c | 2 +- test/dhtest.c | 2 +- test/dtls_mtu_test.c | 2 +- test/dtlsv1listentest.c | 2 +- test/exdatatest.c | 2 +- test/generate_buildtest.pl | 2 +- test/mdc2_internal_test.c | 2 +- test/pkey_meth_kdf_test.c | 2 +- test/pkey_meth_test.c | 2 +- test/recipes/25-test_verify.t | 2 +- test/time_offset_test.c | 2 +- test/x509_internal_test.c | 2 +- test/x509_time_test.c | 2 +- util/copy.pl | 2 +- util/process_docs.pl | 4 ++-- 92 files changed, 93 insertions(+), 93 deletions(-) diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index e1be23a..8670940 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 9881984..e0a97c3 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl index cc5c30e..c9b962a 100644 --- a/crypto/bn/asm/alpha-mont.pl +++ b/crypto/bn/asm/alpha-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 9169137..6bedc62 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl index 96d312f..ec486f7 100644 --- a/crypto/bn/asm/ia64-mont.pl +++ b/crypto/bn/asm/ia64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl index b2e8df8..fbe5d04 100644 --- a/crypto/bn/asm/mips-mont.pl +++ b/crypto/bn/asm/mips-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index 4c9d045..78ab2dc 100644 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl index d9cc983..ec7e019 100644 --- a/crypto/bn/asm/ppc-mont.pl +++ b/crypto/bn/asm/ppc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index a82e77d..c41b620 100644 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl index 59f70be..c2fc5ad 100644 --- a/crypto/bn/asm/s390x-mont.pl +++ b/crypto/bn/asm/s390x-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl index 90c7bb8..fcae9cf 100755 --- a/crypto/bn/asm/sparct4-mont.pl +++ b/crypto/bn/asm/sparct4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index a0830a0..c0407b1 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl index 2b73a42..9cf717e 100644 --- a/crypto/bn/asm/via-mont.pl +++ b/crypto/bn/asm/via-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index ee55870..04833a0 100644 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl index d54a543..7ba2133 100755 --- a/crypto/bn/asm/x86-mont.pl +++ b/crypto/bn/asm/x86-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index a0560e0..c051135 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index b1ad71f..ad6e8ad 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 6d8c565..0091ea4 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 0fc4460..34d8b69 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h index 488b136..c5864f8 100644 --- a/crypto/bn/rsaz_exp.h +++ b/crypto/bn/rsaz_exp.h @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2012, Intel Corporation. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl index af2f037..2a1036e 100755 --- a/crypto/chacha/asm/chacha-ppc.pl +++ b/crypto/chacha/asm/chacha-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 7c2d420..bb95af7 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 76883bf..5dcf803 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 9606b7f..72fe2da 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c index 4e5c109..3c9f979 100644 --- a/crypto/ct/ct_log.c +++ b/crypto/ct/ct_log.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index a61aa4d..e425225 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 9275a53..739fde6 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 5a83b05..b79e60b 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 8543b41..35d15a6 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c index 45d754f..faa967c 100644 --- a/crypto/engine/tb_cipher.c +++ b/crypto/engine/tb_cipher.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c index 427a3f0..785119f 100644 --- a/crypto/engine/tb_dh.c +++ b/crypto/engine/tb_dh.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c index 019adcf..d644b1b 100644 --- a/crypto/engine/tb_digest.c +++ b/crypto/engine/tb_digest.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c index 90d5476..65b6ea8 100644 --- a/crypto/engine/tb_dsa.c +++ b/crypto/engine/tb_dsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c index 713fdc5..1e50736 100644 --- a/crypto/engine/tb_eckey.c +++ b/crypto/engine/tb_eckey.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c index e6c7ad2..03cd1e6 100644 --- a/crypto/engine/tb_pkmeth.c +++ b/crypto/engine/tb_pkmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c index 759d2f7..98a9807 100644 --- a/crypto/engine/tb_rand.c +++ b/crypto/engine/tb_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c index 5c523d6..d8d2e34 100644 --- a/crypto/engine/tb_rsa.c +++ b/crypto/engine/tb_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl index a1d5789..6df485e 100755 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ b/crypto/modes/asm/ghashp8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index ebc7fad..ab6c4c6 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index 8e105d7..cb4ae23 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/poly1305/asm/poly1305-ppcfp.pl index fc62baa..2abb8e2 100755 --- a/crypto/poly1305/asm/poly1305-ppcfp.pl +++ b/crypto/poly1305/asm/poly1305-ppcfp.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 48c6b83..f8b7c00 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 461ef25..da3017d 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 0974aa6..61b1c16 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/asm/keccak1600-ppc64.pl b/crypto/sha/asm/keccak1600-ppc64.pl index 60ed2f2..bc1023e 100755 --- a/crypto/sha/asm/keccak1600-ppc64.pl +++ b/crypto/sha/asm/keccak1600-ppc64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/asm/keccak1600p8-ppc.pl b/crypto/sha/asm/keccak1600p8-ppc.pl index 95e6242..a0aeeb0 100755 --- a/crypto/sha/asm/keccak1600p8-ppc.pl +++ b/crypto/sha/asm/keccak1600p8-ppc.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl index e6e9467..a33ae4d 100755 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/sha/asm/sha512p8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c index 4d0ff01..b398bf5 100644 --- a/crypto/store/store_init.c +++ b/crypto/store/store_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 078d10c..9f13c14 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 67c1872..02fad0c 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index dea6c6c..9a2cd5a 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod index d63efa6..4620561 100644 --- a/doc/man1/cms.pod +++ b/doc/man1/cms.pod @@ -734,7 +734,7 @@ The -no_alt_chains options was first added to OpenSSL 1.0.2b. =head1 COPYRIGHT -Copyright 2008-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod index 88a0117..0f0e495 100644 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -119,7 +119,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_encrypt.pod b/doc/man3/CMS_encrypt.pod index 3e77758..2fc8084 100644 --- a/doc/man3/CMS_encrypt.pod +++ b/doc/man3/CMS_encrypt.pod @@ -94,7 +94,7 @@ The B flag was first supported in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_get0_SignerInfos.pod b/doc/man3/CMS_get0_SignerInfos.pod index 18237dc..694b614 100644 --- a/doc/man3/CMS_get0_SignerInfos.pod +++ b/doc/man3/CMS_get0_SignerInfos.pod @@ -80,7 +80,7 @@ L, L =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_get1_ReceiptRequest.pod b/doc/man3/CMS_get1_ReceiptRequest.pod index ba70480..30a3626 100644 --- a/doc/man3/CMS_get1_ReceiptRequest.pod +++ b/doc/man3/CMS_get1_ReceiptRequest.pod @@ -68,7 +68,7 @@ L =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod index 00e8ef5..e878fa0 100644 --- a/doc/man3/DH_get0_pqg.pod +++ b/doc/man3/DH_get0_pqg.pod @@ -118,7 +118,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_get0_pqg.pod b/doc/man3/DSA_get0_pqg.pod index 17eb9fe..793c9bc 100644 --- a/doc/man3/DSA_get0_pqg.pod +++ b/doc/man3/DSA_get0_pqg.pod @@ -104,7 +104,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index 7b70546..72962f0 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -204,7 +204,7 @@ L =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod index 21abf46..dc53075 100644 --- a/doc/man3/EC_POINT_add.pod +++ b/doc/man3/EC_POINT_add.pod @@ -76,7 +76,7 @@ L, L =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod index 18c27a3..1433a50 100644 --- a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod @@ -156,7 +156,7 @@ L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index 6d85c11..df4e2e1 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -180,7 +180,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PEM_bytes_read_bio.pod b/doc/man3/PEM_bytes_read_bio.pod index cd05582..3a5bfee 100644 --- a/doc/man3/PEM_bytes_read_bio.pod +++ b/doc/man3/PEM_bytes_read_bio.pod @@ -76,7 +76,7 @@ PEM_bytes_read_bio_secmem() was introduced in OpenSSL 1.1.1 =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PEM_read.pod b/doc/man3/PEM_read.pod index 2a017c6..3c777b5 100644 --- a/doc/man3/PEM_read.pod +++ b/doc/man3/PEM_read.pod @@ -122,7 +122,7 @@ L =head1 COPYRIGHT -Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PEM_read_CMS.pod b/doc/man3/PEM_read_CMS.pod index 0c22618..e5f0803 100644 --- a/doc/man3/PEM_read_CMS.pod +++ b/doc/man3/PEM_read_CMS.pod @@ -94,7 +94,7 @@ L =head1 COPYRIGHT -Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_newpass.pod b/doc/man3/PKCS12_newpass.pod index c27c652..1c34ee5 100644 --- a/doc/man3/PKCS12_newpass.pod +++ b/doc/man3/PKCS12_newpass.pod @@ -107,7 +107,7 @@ L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod index d61b172..747a36f 100644 --- a/doc/man3/PKCS12_parse.pod +++ b/doc/man3/PKCS12_parse.pod @@ -62,7 +62,7 @@ L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod index 174831d..455bf4b 100644 --- a/doc/man3/PKCS5_PBKDF2_HMAC.pod +++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -67,7 +67,7 @@ L =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod index ba25f32..cb7d0f6 100644 --- a/doc/man3/RSA_get0_key.pod +++ b/doc/man3/RSA_get0_key.pod @@ -165,7 +165,7 @@ Other functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SMIME_read_PKCS7.pod b/doc/man3/SMIME_read_PKCS7.pod index 40973d3..c110908 100644 --- a/doc/man3/SMIME_read_PKCS7.pod +++ b/doc/man3/SMIME_read_PKCS7.pod @@ -68,7 +68,7 @@ L =head1 COPYRIGHT -Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_connect.pod b/doc/man3/SSL_connect.pod index 5c9eff8..426b8ad 100644 --- a/doc/man3/SSL_connect.pod +++ b/doc/man3/SSL_connect.pod @@ -87,7 +87,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_ciphers.pod b/doc/man3/SSL_get_ciphers.pod index 89d9461..6c0891e 100644 --- a/doc/man3/SSL_get_ciphers.pod +++ b/doc/man3/SSL_get_ciphers.pod @@ -107,7 +107,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod index b4d7d5e..3ca3c6b 100644 --- a/doc/man3/SSL_set1_host.pod +++ b/doc/man3/SSL_set1_host.pod @@ -108,7 +108,7 @@ These functions were first added to OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_NAME_get_index_by_NID.pod b/doc/man3/X509_NAME_get_index_by_NID.pod index 283d0f2..5621806 100644 --- a/doc/man3/X509_NAME_get_index_by_NID.pod +++ b/doc/man3/X509_NAME_get_index_by_NID.pod @@ -112,7 +112,7 @@ L, L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_cmp_time.pod b/doc/man3/X509_cmp_time.pod index 4b5cb67..b55ade4 100644 --- a/doc/man3/X509_cmp_time.pod +++ b/doc/man3/X509_cmp_time.pod @@ -51,7 +51,7 @@ ASN1_TIME structure, and NULL on error. =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 75fcdb6..b9506bc 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 2056de9..fdaf21e 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/test/asynctest.c b/test/asynctest.c index c2740e6..9728a37 100644 --- a/test/asynctest.c +++ b/test/asynctest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/dhtest.c b/test/dhtest.c index 8f0eec0..956d081 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index 8e385b0..3aa519f 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c index 5331c3b..4ce11aa 100644 --- a/test/dtlsv1listentest.c +++ b/test/dtlsv1listentest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/exdatatest.c b/test/exdatatest.c index 6e90752..bc39a14 100644 --- a/test/exdatatest.c +++ b/test/exdatatest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/generate_buildtest.pl b/test/generate_buildtest.pl index 7d55362..f9a663b 100644 --- a/test/generate_buildtest.pl +++ b/test/generate_buildtest.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/mdc2_internal_test.c b/test/mdc2_internal_test.c index a5c4ebc..01e30fd 100644 --- a/test/mdc2_internal_test.c +++ b/test/mdc2_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c index 98495b6..f2abcf3 100644 --- a/test/pkey_meth_kdf_test.c +++ b/test/pkey_meth_kdf_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/pkey_meth_test.c b/test/pkey_meth_test.c index 0277013..76537d7 100644 --- a/test/pkey_meth_test.c +++ b/test/pkey_meth_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index a85fe0f..6c3deab 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/time_offset_test.c b/test/time_offset_test.c index 8776559..740b471 100644 --- a/test/time_offset_test.c +++ b/test/time_offset_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c index 9f351a4..d2f41d7 100644 --- a/test/x509_internal_test.c +++ b/test/x509_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/x509_time_test.c b/test/x509_time_test.c index d672a9a..b6fd38a 100644 --- a/test/x509_time_test.c +++ b/test/x509_time_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/util/copy.pl b/util/copy.pl index ca4697a..58ecc82 100644 --- a/util/copy.pl +++ b/util/copy.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/process_docs.pl b/util/process_docs.pl index e1e741e..30b149e 100755 --- a/util/process_docs.pl +++ b/util/process_docs.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -261,7 +261,7 @@ Print extra debugging output. =head1 COPYRIGHT -Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy From matt at openssl.org Tue May 29 12:33:09 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 12:33:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527597189.844321.1980.nullmailer@dev.openssl.org> The branch master has been updated via fa9a08780a20c9801fee2b7767c2851f5ab9c16c (commit) via 77cdad318446ca8ea2ba8294d9e70891b59503e2 (commit) from 83cf7abf8e9abbd4d0b68c63dc1cb43374aafe63 (commit) - Log ----------------------------------------------------------------- commit fa9a08780a20c9801fee2b7767c2851f5ab9c16c Author: Matt Caswell Date: Tue May 29 13:22:05 2018 +0100 Prepare for 1.1.1-pre8-dev Reviewed-by: Richard Levitte commit 77cdad318446ca8ea2ba8294d9e70891b59503e2 Author: Matt Caswell Date: Tue May 29 13:20:01 2018 +0100 Prepare for 1.1.1-pre7 release Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: README | 2 +- include/openssl/opensslv.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index 1942f7b..b1b615b 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1-pre7-dev + OpenSSL 1.1.1-pre8-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index c970c18..dd95416 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101007L -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre7-dev xx XXX xxxx" +# define OPENSSL_VERSION_NUMBER 0x10101008L +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre8-dev xx XXX xxxx" /*- * The macros below are to be used for shared library (.so, .dll, ...) From matt at openssl.org Tue May 29 12:33:38 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 12:33:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_1-pre7 create Message-ID: <1527597218.903192.3253.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_1_1-pre7 has been created at adaec2127242c947faae55f4326893bf1e47d9c3 (tag) tagging 77cdad318446ca8ea2ba8294d9e70891b59503e2 (commit) replaces OpenSSL_1_1_1-pre6 tagged by Matt Caswell on Tue May 29 13:20:01 2018 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.1.1-pre7 release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlsNRXERHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHk5gf+Im90MzzBEZbwCk55RR9X47fO9zP0tHtE 1GW/8U/7W4RJAK8jc8uKhZs0NxoRHlZo9pKVE3ZQCy6AErwjro6BBv/+5qXyOjJA OKFu9RlUMNdMx9SpDpR61BxZpgUWibY/LPLfbCRneaWej+lnV41GQfYAL9PgDYjG V8ZlVp0uC8SndulKnU/bnID2U3uK4nhU6a/PY/NshnVL1TyPkOTQmRo5U0aHPUec gWYunSc3tS6Ydg889B8fRuM1FZ5srD/+KH5JxSLbgm/DIzIfttzbxRHbjCHNv09/ MRJ9lAoDUkwjv3lQqguIEdC1K9m7LKDH4ja9oQ5i1YiJiTyD77d5BQ== =EsTs -----END PGP SIGNATURE----- Andy Polyakov (10): bn/asm/*-mont.pl: harmonize with BN_from_montgomery_word. Configure: move --noexecstack probe to Configure. Configure: pass more suitable argument to compiler_predefined(). .travis.yml: minor facelift .travis.yml: temporarily mask gcc-5 ubsan build. ec/ec_mult.c: get BN_CTX_start,end sequence right. .travis.yml: add pair of linux-ppc64le targets. PPC assembly pack: add POWER9 results. windows-makefile.tmpl: delete export library prior link. apps/s_socket.c: address rare TLSProxy failures on Windows. Benjamin Kaduk (1): Fix regression with session cache use by clients Bernd Edlinger (4): Improve error handling in rand_init function Fix --strict-warnings build of ppc-linux target Fix array bounds violation in ssl_session_dup Try to work around ubuntu gcc-5 ubsan build failure Billy Brumley (3): ECDSA: remove nonce padding (delegated to EC_POINT_mul) ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c Add blinding in BN_GF2m_mod_inv for binary field inversions David Benjamin (3): Fix explicit EC curve encoding. Use OPENSSL_EC_EXPLICIT_CURVE constant. Save and restore the Windows error around TlsGetValue. Dr. Matthias St. Pierre (12): a_strex.c: prevent out of bound read in do_buf() v3_purp.c: add locking to x509v3_cache_extensions() Fix typos in x509 documentation Fix typo: 'is an error occurred' in documentation DH: add simple getters for commonly used DH struct members DH: add some basic tests (and comments) util/libcrypto.num: fix symbol collision between 1.1.0 and master DH: fix: add simple getters for commonly used struct members DSA: add simple getters for commonly used struct members RSA: add simple getters for commonly used struct members ECDSA_SIG: add simple getters for commonly used struct members ECDSA_SIG: restore doc comments which were deleted accidentally FdaSilvaYY (5): apps/speed.c: merge parameters defining EC curves to test ... opensslconf.h inclusion cleanup No need to buildtest on opensslconf.h windows-makefile.tmpl: rearrange cleanup commands to avoid ... apps/speed: fix possible OOB access in some EC arrays apps/speed: Add brainpool curves support Gregor Jasny (1): NOTES.ANDROID: fix typo in build notes Kurt Roeckx (4): rsaz_avx2_eligible doesn't take parameters Use void in all function definitions that do not take any arguments Set sess to NULL after freeing it. Enable SSL_MODE_AUTO_RETRY by default Matt Caswell (55): Prepare for 1.1.1-pre7-dev Fix some errors and missing info in the CMS docs Clarify BN_mod_exp docs Add getter for X509_VERIFY_PARAM_get_hostflags Add a note about Nagle's algorithm on the SSL_connect man page Fix SSL_get_shared_ciphers() Fix comment in ssl_locl.h Add some documentation for SSL_get_shared_ciphers() Fix a bug in create_ssl_ctx_pair() Add a test for SSL_get_shared_ciphers() Make X509_VERIFY_PARAM_get_hostflags() take a const arg Return an error from BN_mod_inverse if n is 1 (or -1) Fix a mem leak in CMS Add a CMS API test Don't fail on an out-of-order CCS in DTLS Fix s_client and s_server so that they correctly handle the DTLS timer Only auto-retry for DTLS if configured to do so Keep the DTLS timer running after the end of the handshake if appropriate Add a DTLS test for dropped records Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 Fix no-cms Set the ossl_shim to auto retry if not running asynchronously Prefer SHA-256 ciphersuites if using old style PSKs Provide documentation for the -psk_session option Test an old style PSK callback with no cert will prefer SHA-256 Mark DTLS records as read when we have finished with them Don't set TCP_NODELAY on a UDP socket Add some more SSL_pending() and SSL_has_pending() tests Flush server side unauthenticated writes Fix ticket callbacks in TLSv1.3 Document when a new session ticket gets created on resumption Add a test for the ticket callbacks Fix mem leak in sslapi test Rework the decrypt ticket callback Don't memcpy the contents of an empty fragment Fix no-psk Fix no-tls1_2 Suport TLSv1.3 draft 28 Enable the ability to set the number of TLSv1.3 session tickets sent Allow configuation of the number of TLSv1.3 session tickets via SSL_CONF Change the default number of NewSessionTickets we send to 2 Add documentation for the ability to control the number of tickets Improve testing of tickets with post-handshake auth Make BN_GF2m_mod_arr more constant time Allow the ca application to use EdDSA Fix undefined behaviour in X509_NAME_cmp() Don't cache stateless tickets in TLSv1.3 Fix no-ec in combination with no-dh Fix no-ec, no-tls1_3 and no-tls Use the client app traffic secret for PHA Finished message Improve compatibility of point and curve checks Revert "Support EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA" Add a sanity check on the length of pkeyutl inputs Update copyright year Prepare for 1.1.1-pre7 release Nick Mathewson (2): Update documentation for PEM callback: error is now -1. Improve the example getpass() implementation to show an error return Nicola Tuveri (1): Add CHANGES entry for PR#6009 Pavel Kopyl (1): Fix memory leaks in CA related functions. Rich Salz (2): Cleanup Check malloc failure via app_malloc Richard Levitte (18): Change rand_pool_bytes_needed to handle less entropy than 1 per 8 bits VMS: modernise rand_pool_acquire_entropy, step 1 VMS: modernise rand_pool_acquire_entropy, step 2 docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id BIO_s_mem() write: Skip early when input length is zero VMS rand: assign before check, not the other way around In cases where we ask PEM_def_callback for minimum 0 length, accept 0 length UI console: Restore tty settings, do not force ECHO after prompt Docs: add general document on how pass phrases are handled Link in passphrase-encoding(7) in relevant documentation CI config: no need to make both install and install_docs When producing man-pages, ensure NAME section is one line only Add a note on CHANGES and NEWS in CONTRIBUTING Restore check of |*xn| against |name| in X509_NAME_set Quiet pod2html warnings Windows: don't install __DECC_*.H Better error code when lacking __SIZEOF_INT128__ INSTALL: Provide better documentation for enable-ec_nistp_64_gcc_128 Tilman Keskin?z (1): ssl/ssl_txt: fix NULL-check Todd Short (2): Configure: fix Mac OS X builds that still require makedepend Fix no-srtp build warnings Viktor Dukhovni (2): Limit scope of CN name constraints Skip CN DNS name constraint checks when not needed ----------------------------------------------------------------------- From matt at openssl.org Tue May 29 12:35:02 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 12:35:02 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1527597302.370101.5003.nullmailer@dev.openssl.org> The branch master has been updated via 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit) from c9f50cbf963b7d9949332c17e614ad0a6e97d431 (commit) - Log ----------------------------------------------------------------- commit 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 Author: Matt Caswell Date: Tue May 29 13:26:20 2018 +0100 Updates to newsflash for pre7 release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/56) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 202f95c..cba57e2 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please download and test it 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and test it 16-Apr-2018: OpenSSL 1747 Validation not moved to historical From matt at openssl.org Tue May 29 12:50:02 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 12:50:02 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1527598202.221534.17362.nullmailer@dev.openssl.org> The branch master has been updated via 62df8cc9ba93dd099b4f5622e331f935643b6790 (commit) from 0d1d30d3aa09eb3824821c7b9a28166c7ee16f48 (commit) - Log ----------------------------------------------------------------- commit 62df8cc9ba93dd099b4f5622e331f935643b6790 Author: Matt Caswell Date: Tue May 29 09:21:53 2018 +0100 Update the release strategy Updates in line with the following votes: "The next LTS release will be 1.1.1 and the LTS expiry date for 1.0.2 will not be changed." and "1.1.1 beta release schedule changed so that the next two beta releases are now 29th May, 19 June and we will re-review release readiness after that. We will also ensure that there is at least one beta release post TLS-1.3 RFC publication prior to the final release." Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/55) ----------------------------------------------------------------------- Summary of changes: policies/releasestrat.html | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 3f37936..9d0e3c3 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -13,7 +13,7 @@

    Release Strategy

    First issued 23rd December 2014
    - Last modified 6th February 2018 + Last modified 29th May 2018
    @@ -69,10 +69,10 @@ fixes. Before that, bug and security fixes will be applied as appropriate.

    -

    The next version of OpenSSL will be 1.1.1. This is currently in - development and has a primary focus of implementing TLSv1.3. The - RFC for TLSv1.3 has not yet been published by the IETF. OpenSSL 1.1.1 - will not have its final release until that has happened.

    +

    The next version of OpenSSL will be 1.1.1 which will be an LTS release. + This is currently in development and has a primary focus of implementing + TLSv1.3. The RFC for TLSv1.3 has not yet been published by the IETF. + OpenSSL 1.1.1 will not have its final release until that has happened.

    The draft release timetable for 1.1.1 is as follows. This may be amended at any time as the need arises.

    @@ -88,9 +88,10 @@
  • 3rd April 2018, beta release 2 (pre4)
  • 17th April 2018, beta release 3 (pre5)
  • 1st May 2018, beta release 4 (pre6)
    • -
  • 8th May 2018, release readiness check (new release - cycles added if required, first possible final release date: - 15th May 2018)
    • +
  • 29th May 2018, beta release 5 (pre7)
    • +
  • 19th June 2018, beta release 6 (pre8)
    • +
  • Release readiness check following pre8 release (new release + cycles added if required)

    • An alpha release means:

    @@ -113,7 +114,7 @@
  • Clean builds in Travis and Appveyor for two days
  • run-checker.sh to be showing as clean 2 days before release
  • No open Coverity issues (not flagged as "False Positive" or "Ignore")
    • -
  • TLSv1.3 RFC published
    • +
  • TLSv1.3 RFC published (with at least one beta release after the publicaction)

    • Valid reasons for closing an issue/PR with a 1.1.1 milestone might be:

    From matt at openssl.org Tue May 29 15:42:21 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 15:42:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527608541.988651.28542.nullmailer@dev.openssl.org> The branch master has been updated via 3d0dde847eac17bd5deec1397bce38cb43469525 (commit) from fa9a08780a20c9801fee2b7767c2851f5ab9c16c (commit) - Log ----------------------------------------------------------------- commit 3d0dde847eac17bd5deec1397bce38cb43469525 Author: Matt Caswell Date: Tue May 22 15:18:01 2018 +0100 Update the "Connected Commands" section of s_client/s_server docs Fixes #6307 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6330) ----------------------------------------------------------------------- Summary of changes: doc/man1/s_client.pod | 33 +++++++++++++++++++++++++++++---- doc/man1/s_server.pod | 26 ++++++++++++++++++++++---- 2 files changed, 51 insertions(+), 8 deletions(-) diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 19a8139..373b2d7 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -667,10 +667,35 @@ on port 4433. If a connection is established with an SSL server then any data received from the server is displayed and any key presses will be sent to the -server. When used interactively (which means neither B<-quiet> nor B<-ign_eof> -have been given), the session will be renegotiated if the line begins with an -B, and if the line begins with a B or if end of file is reached, the -connection will be closed down. +server. If end of file is reached then the connection will be closed down. When +used interactively (which means neither B<-quiet> nor B<-ign_eof> have been +given), then certain commands are also recognized which perform special +operations. These commands are a letter which must appear at the start of a +line. They are listed below. + +=over 4 + +=item B + +End the current SSL connection and exit. + +=item B + +Renegotiate the SSL session (TLSv1.2 and below only). + +=item B + +Send a heartbeat message to the server (DTLS only) + +=item B + +Send a key update message to the server (TLSv1.3 only) + +=item B + +Send a key update message to the server and request one back (TLSv1.3 only) + +=back =head1 NOTES diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index e577af8..f89d4de 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -673,8 +673,9 @@ If a connection request is established with an SSL client and neither the B<-www> nor the B<-WWW> option has been used then normally any data received from the client is displayed and any key presses will be sent to the client. -Certain single letter commands are also recognized which perform special -operations: these are listed below. +Certain commands are also recognized which perform special operations. These +commands are a letter which must appear at the start of a line. They are listed +below. =over 4 @@ -688,11 +689,12 @@ End the current SSL connection and exit. =item B -Renegotiate the SSL session. +Renegotiate the SSL session (TLSv1.2 and below only). =item B -Renegotiate the SSL session and request a client certificate. +Renegotiate the SSL session and request a client certificate (TLSv1.2 and below +only). =item B

    @@ -703,6 +705,22 @@ cause the client to disconnect due to a protocol violation. Print out some session cache status information. +=item B + +Send a heartbeat message to the client (DTLS only) + +=item B + +Send a key update message to the client (TLSv1.3 only) + +=item B + +Send a key update message to the client and request one back (TLSv1.3 only) + +=item B + +Send a certificate request to the client (TLSv1.3 only) + =back =head1 NOTES From matt at openssl.org Tue May 29 15:47:10 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 15:47:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527608830.006050.431.nullmailer@dev.openssl.org> The branch master has been updated via adf652436a42a5132e708f8003b7621647f0a404 (commit) via 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b (commit) from 3d0dde847eac17bd5deec1397bce38cb43469525 (commit) - Log ----------------------------------------------------------------- commit adf652436a42a5132e708f8003b7621647f0a404 Author: Matt Caswell Date: Thu May 24 16:13:43 2018 +0100 Test that a ^ 0 mod -1 is always 0 Check all functions that do this. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6355) commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b Author: Matt Caswell Date: Thu May 24 16:12:52 2018 +0100 The result of a ^ 0 mod -1 is 0 not 1 Thanks to Guido Vranken and OSSFuzz for finding this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6355) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_exp.c | 20 ++++++++++---------- test/bntest.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 10 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 9b2042d..258e901 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -178,8 +178,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -320,8 +320,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -629,8 +629,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1143,8 +1143,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1265,8 +1265,8 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { diff --git a/test/bntest.c b/test/bntest.c index 629707a..3558778 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2063,6 +2063,53 @@ err: return st; } +static int test_expmodone(void) +{ + int ret = 0, i; + BIGNUM *r = BN_new(); + BIGNUM *a = BN_new(); + BIGNUM *p = BN_new(); + BIGNUM *m = BN_new(); + + if (!TEST_ptr(r) + || !TEST_ptr(a) + || !TEST_ptr(p) + || !TEST_ptr(p) + || !TEST_ptr(m) + || !TEST_true(BN_set_word(a, 1)) + || !TEST_true(BN_set_word(p, 0)) + || !TEST_true(BN_set_word(m, 1))) + goto err; + + /* Calculate r = 1 ^ 0 mod 1, and check the result is always 0 */ + for (i = 0; i < 2; i++) { + if (!TEST_true(BN_mod_exp(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r) + || !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL)) + || !TEST_BN_eq_zero(r)) + goto err; + /* Repeat for r = 1 ^ 0 mod -1 */ + if (i == 0) + BN_set_negative(m, 1); + } + + ret = 1; +err: + BN_free(r); + BN_free(a); + BN_free(p); + BN_free(m); + return ret; +} + static int test_smallprime(void) { static const int kBits = 10; @@ -2189,6 +2236,7 @@ int setup_tests(void) ADD_TEST(test_negzero); ADD_TEST(test_badmod); ADD_TEST(test_expmodzero); + ADD_TEST(test_expmodone); ADD_TEST(test_smallprime); ADD_TEST(test_swap); #ifndef OPENSSL_NO_EC2M From matt at openssl.org Tue May 29 15:51:32 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 15:51:32 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527609092.488039.4056.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via ac35f285bd45997ad7d75033f638b01cd77fec6c (commit) from 10fe37dd1bb7f75ca68a442406c09ada6735f38b (commit) - Log ----------------------------------------------------------------- commit ac35f285bd45997ad7d75033f638b01cd77fec6c Author: Matt Caswell Date: Thu May 24 16:12:52 2018 +0100 The result of a ^ 0 mod -1 is 0 not 1 Thanks to Guido Vranken and OSSFuzz for finding this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6355) (cherry picked from commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_exp.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 0d2d1ec..dac3640 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -188,8 +188,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -330,8 +330,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -639,8 +639,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1151,8 +1151,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1273,9 +1273,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + if (bits == 0) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { From matt at openssl.org Tue May 29 15:54:02 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 15:54:02 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1527609242.333720.5909.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 235119f015e46a74040b78b10fd6e954f7f07774 (commit) from d8908c3310240bb0efd9b17c663a8b9e47bf31dc (commit) - Log ----------------------------------------------------------------- commit 235119f015e46a74040b78b10fd6e954f7f07774 Author: Matt Caswell Date: Thu May 24 16:12:52 2018 +0100 The result of a ^ 0 mod -1 is 0 not 1 Thanks to Guido Vranken and OSSFuzz for finding this issue. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6355) (cherry picked from commit 4aa5b725d549b3ebc3a4f2f1c44e44a11f68752b) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_exp.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 40115fc..2eb393d 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -290,8 +290,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -432,8 +432,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -733,8 +733,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1247,8 +1247,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1369,9 +1369,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + if (bits == 0) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { From matt at openssl.org Tue May 29 16:07:31 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 16:07:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527610051.912122.13387.nullmailer@dev.openssl.org> The branch master has been updated via 47eaa32d2671c1b608200afb97cc2f0040053686 (commit) from adf652436a42a5132e708f8003b7621647f0a404 (commit) - Log ----------------------------------------------------------------- commit 47eaa32d2671c1b608200afb97cc2f0040053686 Author: Todd Short Date: Fri May 18 14:54:01 2018 -0400 Fix no-sm2 with clang Return immediately upon discovery of bad message digest. Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6298) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_pmeth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 5be2923..2fde4f7 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -124,7 +124,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, if (ec_nid == NID_sm2) { #if defined(OPENSSL_NO_SM2) - ret = -1; + return -1; #else ret = SM2_sign(type, tbs, tbslen, sig, &sltmp, ec); #endif From matt at openssl.org Tue May 29 16:13:51 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 29 May 2018 16:13:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527610431.522011.17051.nullmailer@dev.openssl.org> The branch master has been updated via 02a7e0a9f63ec97e9671fec2bb8ce7c289fb4d66 (commit) from 47eaa32d2671c1b608200afb97cc2f0040053686 (commit) - Log ----------------------------------------------------------------- commit 02a7e0a9f63ec97e9671fec2bb8ce7c289fb4d66 Author: Todd Short Date: Tue May 22 10:48:04 2018 -0400 Replace strdup() with OPENSSL_strdup() It's freed with OPENSSL_free() Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6331) ----------------------------------------------------------------------- Summary of changes: apps/rehash.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/apps/rehash.c b/apps/rehash.c index 521bf61..de7217c 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -308,7 +308,7 @@ static int do_dir(const char *dirname, enum Hash h) size_t i; const char *pathsep; const char *filename; - char *buf, *copy; + char *buf, *copy = NULL; STACK_OF(OPENSSL_STRING) *files = NULL; if (app_access(dirname, W_OK) < 0) { @@ -325,13 +325,16 @@ static int do_dir(const char *dirname, enum Hash h) if ((files = sk_OPENSSL_STRING_new_null()) == NULL) { BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname); - exit(1); + errs = 1; + goto err; } while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) { - if ((copy = strdup(filename)) == NULL + if ((copy = OPENSSL_strdup(filename)) == NULL || sk_OPENSSL_STRING_push(files, copy) == 0) { + OPENSSL_free(copy); BIO_puts(bio_err, "out of memory\n"); - exit(1); + errs = 1; + goto err; } } OPENSSL_DIR_end(&d); @@ -349,7 +352,6 @@ static int do_dir(const char *dirname, enum Hash h) continue; errs += do_file(filename, buf, h); } - sk_OPENSSL_STRING_pop_free(files, str_free); for (i = 0; i < OSSL_NELEM(hash_table); i++) { for (bp = hash_table[i]; bp; bp = nextbp) { @@ -417,6 +419,8 @@ static int do_dir(const char *dirname, enum Hash h) hash_table[i] = NULL; } + err: + sk_OPENSSL_STRING_pop_free(files, str_free); OPENSSL_free(buf); return errs; } From matt at openssl.org Wed May 30 08:19:33 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 30 May 2018 08:19:33 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527668373.393574.10946.nullmailer@dev.openssl.org> The branch master has been updated via f3a246c63eefc1e5da434df5dc7f48795a12c38b (commit) via 41f10305d83ac5335f8ff05cce0854b4d93d333f (commit) via 1f65c0459a1382481f29756b85e9ec12aedaa6bf (commit) from 02a7e0a9f63ec97e9671fec2bb8ce7c289fb4d66 (commit) - Log ----------------------------------------------------------------- commit f3a246c63eefc1e5da434df5dc7f48795a12c38b Author: Dmitry Belyavskiy Date: Thu May 3 18:31:47 2018 +0300 Text description of GOST signature algorithms Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6168) commit 41f10305d83ac5335f8ff05cce0854b4d93d333f Author: Dmitry Belyavskiy Date: Thu May 3 18:31:01 2018 +0300 Send GOST SignatureAlgorithms when TLS 1.2 in use Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6168) commit 1f65c0459a1382481f29756b85e9ec12aedaa6bf Author: Dmitry Belyavskiy Date: Thu May 3 17:25:48 2018 +0300 Bugfix: GOST2012 certificates for GOST ciphersuites were broken. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6168) ----------------------------------------------------------------------- Summary of changes: apps/s_cb.c | 9 +++++++++ ssl/ssl_locl.h | 5 ----- ssl/t1_lib.c | 22 +++++++++++++++++++++- 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 820491a..46b3864 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -234,6 +234,15 @@ static const char *get_sigtype(int nid) case NID_ED448: return "Ed448"; + case NID_id_GostR3410_2001: + return "gost2001"; + + case NID_id_GostR3410_2012_256: + return "gost2012_256"; + + case NID_id_GostR3410_2012_512: + return "gost2012_512"; + default: return NULL; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 4aec810..31e5cc8 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -383,11 +383,6 @@ # define SSL_PKEY_ED25519 7 # define SSL_PKEY_ED448 8 # define SSL_PKEY_NUM 9 -/* - * Pseudo-constant. GOST cipher suites can use different certs for 1 - * SSL_CIPHER. So let's see which one we have in fact. - */ -# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 /*- * SSL_kRSA <- RSA_ENC diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c076782..aab50e1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -661,7 +661,12 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_dsa_sha256, TLSEXT_SIGALG_dsa_sha384, - TLSEXT_SIGALG_dsa_sha512 + TLSEXT_SIGALG_dsa_sha512, +#endif +#ifndef OPENSSL_NO_GOST + TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, + TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, + TLSEXT_SIGALG_gostr34102001_gostr3411, #endif }; @@ -857,6 +862,21 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) break; } } + + /* + * Some GOST ciphersuites allow more than one signature algorithms + * */ + if (idx == SSL_PKEY_GOST01 && s->s3->tmp.new_cipher->algorithm_auth != SSL_aGOST01) { + int real_idx; + + for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01; + real_idx--) { + if (s->cert->pkeys[real_idx].privatekey != NULL) { + idx = real_idx; + break; + } + } + } } else { idx = s->cert->key - s->cert->pkeys; } From levitte at openssl.org Wed May 30 13:47:28 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 30 May 2018 13:47:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527688048.281101.12476.nullmailer@dev.openssl.org> The branch master has been updated via 0124f32a01b2b4f4f7146f226b6a9dfe227c4008 (commit) from f3a246c63eefc1e5da434df5dc7f48795a12c38b (commit) - Log ----------------------------------------------------------------- commit 0124f32a01b2b4f4f7146f226b6a9dfe227c4008 Author: Mingtao Yang Date: Fri Feb 9 10:23:18 2018 -0800 Add APIs for custom X509_LOOKUP_METHOD creation OpenSSL 1.1.0 made the X509_LOOKUP_METHOD structure opaque, so applications that were previously able to define a custom lookup method are not able to be ported. This commit adds getters and setters for each of the current fields of X509_LOOKUP_METHOD, along with getters and setters on several associated opaque types (such as X509_LOOKUP and X509_OBJECT). Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6152) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/x509/build.info | 2 +- crypto/x509/by_dir.c | 2 +- crypto/x509/x509_err.c | 2 + crypto/x509/x509_lcl.h | 4 +- crypto/x509/x509_lu.c | 47 +++++++++- crypto/x509/x509_meth.c | 166 +++++++++++++++++++++++++++++++++ doc/man3/X509_LOOKUP_hash_dir.pod | 1 + doc/man3/X509_LOOKUP_meth_new.pod | 189 ++++++++++++++++++++++++++++++++++++++ include/openssl/x509_vfy.h | 75 +++++++++++++++ include/openssl/x509err.h | 1 + util/libcrypto.num | 25 +++++ util/private.num | 5 + 13 files changed, 514 insertions(+), 6 deletions(-) create mode 100644 crypto/x509/x509_meth.c create mode 100644 doc/man3/X509_LOOKUP_meth_new.pod diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 89e5ceb..62e798a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1685,6 +1685,7 @@ X509_F_X509_GET_PUBKEY_PARAMETERS:110:X509_get_pubkey_parameters X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file +X509_F_X509_LOOKUP_METH_NEW:160:X509_LOOKUP_meth_new X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry X509_F_X509_NAME_CANON:156:x509_name_canon diff --git a/crypto/x509/build.info b/crypto/x509/build.info index 7fc4b45..afd0b61 100644 --- a/crypto/x509/build.info +++ b/crypto/x509/build.info @@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\ x509_obj.c x509_req.c x509spki.c x509_vfy.c \ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ - x509type.c x509_lu.c x_all.c x509_txt.c \ + x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \ x509_trs.c by_file.c by_dir.c x509_vpm.c \ x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \ x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index ae9670c..9d5a571 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -110,7 +110,7 @@ static int new_dir(X509_LOOKUP *lu) X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE); goto err; } - lu->method_data = (char *)a; + lu->method_data = a; return 1; err: diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 5027df4..739708e 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -61,6 +61,8 @@ static const ERR_STRING_DATA X509_str_functs[] = { "X509_load_cert_file"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0), "X509_load_crl_file"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_METH_NEW, 0), + "X509_LOOKUP_meth_new"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0), "X509_NAME_add_entry"}, diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index 401f2e9..abd639a 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -69,7 +69,7 @@ struct x509_crl_method_st { }; struct x509_lookup_method_st { - const char *name; + char *name; int (*new_item) (X509_LOOKUP *ctx); void (*free) (X509_LOOKUP *ctx); int (*init) (X509_LOOKUP *ctx); @@ -93,7 +93,7 @@ struct x509_lookup_st { int init; /* have we been started */ int skip; /* don't use us. */ X509_LOOKUP_METHOD *method; /* the functions */ - char *method_data; /* method data */ + void *method_data; /* method data */ X509_STORE *store_ctx; /* who owns us */ }; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 639a3df..e7b1b85 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -118,6 +118,23 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, return ctx->method->get_by_alias(ctx, type, str, len, ret); } +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data) +{ + ctx->method_data = data; + return 1; +} + +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx) +{ + return ctx->method_data; +} + +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx) +{ + return ctx->store_ctx; +} + + static int x509_object_cmp(const X509_OBJECT *const *a, const X509_OBJECT *const *b) { @@ -403,8 +420,7 @@ X509_OBJECT *X509_OBJECT_new(void) return ret; } - -void X509_OBJECT_free(X509_OBJECT *a) +static void x509_object_free_internal(X509_OBJECT *a) { if (a == NULL) return; @@ -418,6 +434,33 @@ void X509_OBJECT_free(X509_OBJECT *a) X509_CRL_free(a->data.crl); break; } +} + +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj) +{ + if (a == NULL || !X509_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_X509; + a->data.x509 = obj; + return 1; +} + +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj) +{ + if (a == NULL || !X509_CRL_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_CRL; + a->data.crl = obj; + return 1; +} + +void X509_OBJECT_free(X509_OBJECT *a) +{ + x509_object_free_internal(a); OPENSSL_free(a); } diff --git a/crypto/x509/x509_meth.c b/crypto/x509/x509_meth.c new file mode 100644 index 0000000..05ed4bf --- /dev/null +++ b/crypto/x509/x509_meth.c @@ -0,0 +1,166 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "internal/cryptlib.h" +#include +#include +#include +#include "x509_lcl.h" + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name) +{ + X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD)); + + if (method != NULL) { + method->name = OPENSSL_strdup(name); + if (method->name == NULL) { + X509err(X509_F_X509_LOOKUP_METH_NEW, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + return method; + +err: + OPENSSL_free(method); + return NULL; +} + +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method) +{ + if (method != NULL) + OPENSSL_free(method->name); + OPENSSL_free(method); +} + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)) +{ + method->new_item = new_item; + return 1; +} + +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->new_item; +} + +int X509_LOOKUP_meth_set_free( + X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)) +{ + method->free = free; + return 1; +} + +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->free; +} + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)) +{ + method->init = init; + return 1; +} + +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->init; +} + +int X509_LOOKUP_meth_set_shutdown( + X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)) +{ + method->shutdown = shutdown; + return 1; +} + +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->shutdown; +} + +int X509_LOOKUP_meth_set_ctrl( + X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl) +{ + method->ctrl = ctrl; + return 1; +} + +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method) +{ + return method->ctrl; +} + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn get_by_subject) +{ + method->get_by_subject = get_by_subject; + return 1; +} + +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_subject; +} + + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial) +{ + method->get_by_issuer_serial = get_by_issuer_serial; + return 1; +} + +X509_LOOKUP_get_by_issuer_serial_fn + X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method) +{ + return method->get_by_issuer_serial; +} + + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint) +{ + method->get_by_fingerprint = get_by_fingerprint; + return 1; +} + +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_fingerprint; +} + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn get_by_alias) +{ + method->get_by_alias = get_by_alias; + return 1; +} + +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_alias; +} + diff --git a/doc/man3/X509_LOOKUP_hash_dir.pod b/doc/man3/X509_LOOKUP_hash_dir.pod index 84d8fb9..dd41f78 100644 --- a/doc/man3/X509_LOOKUP_hash_dir.pod +++ b/doc/man3/X509_LOOKUP_hash_dir.pod @@ -125,6 +125,7 @@ L, L, L, L, +L, =head1 COPYRIGHT diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/man3/X509_LOOKUP_meth_new.pod new file mode 100644 index 0000000..fb165fd --- /dev/null +++ b/doc/man3/X509_LOOKUP_meth_new.pod @@ -0,0 +1,189 @@ +=pod + +=head1 NAME + +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, +X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, +X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, +X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, +X509_LOOKUP_meth_get_shutdown, +X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, +X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, +X509_LOOKUP_meth_get_get_by_subject, +X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, +X509_LOOKUP_meth_get_get_by_issuer_serial, +X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, +X509_LOOKUP_meth_get_get_by_fingerprint, +X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, +X509_LOOKUP_meth_get_get_by_alias, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +- Routines to build up X509_LOOKUP methods + +=head1 SYNOPSIS + + #include + + X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); + void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + + int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)); + void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); + X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); + X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_issuer_serial( + X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); + X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); + X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); + X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); + void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); + + X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); + + int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); + int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); + +=head1 DESCRIPTION + +The B type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +B structure. + +X509_LOOKUP_meth_new() creates a new B structure. It should +be given a human-readable string containing a brief description of the lookup +method. + +X509_LOOKUP_meth_free() destroys a B structure. + +X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the +function that is called when an B object is created with +X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke X509_LOOKUP_set_method_data(). + +X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function +that is used to free any method data that was allocated and set from within +new_item function. + +X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the +function that is used to initialize the method data that was set with +X509_LOOKUP_set_method_data() as part of the new_item routine. + +X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function. + +X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a +function to be used to handle arbitrary control commands issued by +X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP +B, along with the arguments passed by X509_LOOKUP_ctrl. B is +an arbitrary integer that defines some operation. B is a pointer +to an array of characters. B is an integer. B, if set, +points to a location where any return data should be written to. How +B and B are used depends entirely on the control function. + + +X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), +X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object. + +Implementations should use either X509_OBJECT_set1_X509() or +X509_OBJECT_set1_X509_CRL() to set the result. Any method data that was +created as a result of the new_item function set by +X509_LOOKUP_meth_set_new_item() can be accessed with +X509_LOOKUP_get_method_data(). The B object that owns the +X509_LOOKUP may be accessed with X509_LOOKUP_get_store(). Successful lookups +should return 1, and unsuccessful lookups should return 0. + +X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), +X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve +the function set by the corresponding setter. + +=head1 RETURN VALUES + +The B functions return 1 on success or 0 on error. + +The B functions return the corresponding function +pointers. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 1.1.0i. + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index b9506bc..a657ec2 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -261,7 +261,9 @@ X509_OBJECT *X509_OBJECT_new(void); void X509_OBJECT_free(X509_OBJECT *a); X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_lock(X509_STORE *ctx); @@ -368,6 +370,76 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); @@ -397,6 +469,9 @@ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_OBJECT *ret); int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_locations(X509_STORE *ctx, diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h index 15a0d75..b1d6a87 100644 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -49,6 +49,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_LOAD_CERT_CRL_FILE 132 # define X509_F_X509_LOAD_CERT_FILE 111 # define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 # define X509_F_X509_LOOKUP_NEW 155 # define X509_F_X509_NAME_ADD_ENTRY 113 # define X509_F_X509_NAME_CANON 156 diff --git a/util/libcrypto.num b/util/libcrypto.num index e58a467..9d6653c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4548,3 +4548,28 @@ RSA_get0_p 4489 1_1_1 EXIST::FUNCTION:RSA RSA_get0_iqmp 4490 1_1_1 EXIST::FUNCTION:RSA ECDSA_SIG_get0_r 4491 1_1_1 EXIST::FUNCTION:EC ECDSA_SIG_get0_s 4492 1_1_1 EXIST::FUNCTION:EC +X509_LOOKUP_meth_get_get_by_fingerprint 4493 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_new 4494 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_init 4495 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_get_by_alias 4496 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_new_item 4497 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_shutdown 4498 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_new_item 4499 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_ctrl 4500 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_get_by_issuer_serial 4501 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_get_store 4502 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_ctrl 4503 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_get_by_alias 4504 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_get_by_subject 4505 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_free 4506 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_get_by_subject 4507 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_free 4508 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_shutdown 4509 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_set_method_data 4510 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_get_method_data 4511 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_get_by_fingerprint 4512 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_free 4513 1_1_0i EXIST::FUNCTION: +X509_OBJECT_set1_X509 4514 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_get_by_issuer_serial 4515 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_init 4516 1_1_0i EXIST::FUNCTION: +X509_OBJECT_set1_X509_CRL 4517 1_1_0i EXIST::FUNCTION: diff --git a/util/private.num b/util/private.num index 8a461ac..ac536a5 100644 --- a/util/private.num +++ b/util/private.num @@ -73,6 +73,11 @@ X509_STORE_CTX_lookup_crls_fn datatype X509_STORE_CTX_verify_cb datatype X509_STORE_CTX_verify_fn datatype X509_STORE_set_verify_cb_func datatype +X509_LOOKUP_get_by_alias_fn datatype +X509_LOOKUP_get_by_subject_fn datatype +X509_LOOKUP_get_by_fingerprint_fn datatype +X509_LOOKUP_ctrl_fn datatype +X509_LOOKUP_get_by_issuer_serial_fn datatype bio_info_cb datatype BIO_info_cb datatype custom_ext_add_cb datatype From levitte at openssl.org Wed May 30 13:59:41 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 30 May 2018 13:59:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527688781.924468.23251.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 6912debb881e669f7a7fb621588e20347111c4f0 (commit) from ac35f285bd45997ad7d75033f638b01cd77fec6c (commit) - Log ----------------------------------------------------------------- commit 6912debb881e669f7a7fb621588e20347111c4f0 Author: Mingtao Yang Date: Fri Feb 9 10:23:18 2018 -0800 Add APIs for custom X509_LOOKUP_METHOD creation OpenSSL 1.1.0 made the X509_LOOKUP_METHOD structure opaque, so applications that were previously able to define a custom lookup method are not able to be ported. This commit adds getters and setters for each of the current fields of X509_LOOKUP_METHOD, along with getters and setters on several associated opaque types (such as X509_LOOKUP and X509_OBJECT). Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6152) (cherry picked from commit 0124f32a01b2b4f4f7146f226b6a9dfe227c4008) ----------------------------------------------------------------------- Summary of changes: crypto/x509/build.info | 2 +- crypto/x509/by_dir.c | 2 +- crypto/x509/x509_err.c | 1 + crypto/x509/x509_lcl.h | 4 +- crypto/x509/x509_lu.c | 47 ++++++++- crypto/x509/x509_meth.c | 166 +++++++++++++++++++++++++++++++ doc/crypto/X509_LOOKUP_hash_dir.pod | 1 + doc/man3/X509_LOOKUP_meth_new.pod | 189 ++++++++++++++++++++++++++++++++++++ include/openssl/x509.h | 1 + include/openssl/x509_vfy.h | 75 ++++++++++++++ util/libcrypto.num | 25 +++++ 11 files changed, 507 insertions(+), 6 deletions(-) create mode 100644 crypto/x509/x509_meth.c create mode 100644 doc/man3/X509_LOOKUP_meth_new.pod diff --git a/crypto/x509/build.info b/crypto/x509/build.info index 7fc4b45..afd0b61 100644 --- a/crypto/x509/build.info +++ b/crypto/x509/build.info @@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\ x509_obj.c x509_req.c x509spki.c x509_vfy.c \ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ - x509type.c x509_lu.c x_all.c x509_txt.c \ + x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \ x509_trs.c by_file.c by_dir.c x509_vpm.c \ x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \ x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 21672a7..0b5cc27 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -111,7 +111,7 @@ static int new_dir(X509_LOOKUP *lu) OPENSSL_free(a); return 0; } - lu->method_data = (char *)a; + lu->method_data = a; return 1; } diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 3f4b8ef..c045783 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -51,6 +51,7 @@ static ERR_STRING_DATA X509_str_functs[] = { {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, + {ERR_FUNC(X509_F_X509_LOOKUP_METH_NEW), "X509_LOOKUP_meth_new"}, {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index 40bd102..cefd30d 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -67,7 +67,7 @@ struct x509_crl_method_st { }; struct x509_lookup_method_st { - const char *name; + char *name; int (*new_item) (X509_LOOKUP *ctx); void (*free) (X509_LOOKUP *ctx); int (*init) (X509_LOOKUP *ctx); @@ -91,7 +91,7 @@ struct x509_lookup_st { int init; /* have we been started */ int skip; /* don't use us. */ X509_LOOKUP_METHOD *method; /* the functions */ - char *method_data; /* method data */ + void *method_data; /* method data */ X509_STORE *store_ctx; /* who owns us */ }; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index db0365c..b80cc8e 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -117,6 +117,23 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, return ctx->method->get_by_alias(ctx, type, str, len, ret); } +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data) +{ + ctx->method_data = data; + return 1; +} + +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx) +{ + return ctx->method_data; +} + +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx) +{ + return ctx->store_ctx; +} + + static int x509_object_cmp(const X509_OBJECT *const *a, const X509_OBJECT *const *b) { @@ -406,8 +423,7 @@ X509_OBJECT *X509_OBJECT_new() return ret; } - -void X509_OBJECT_free(X509_OBJECT *a) +static void x509_object_free_internal(X509_OBJECT *a) { if (a == NULL) return; @@ -421,6 +437,33 @@ void X509_OBJECT_free(X509_OBJECT *a) X509_CRL_free(a->data.crl); break; } +} + +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj) +{ + if (a == NULL || !X509_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_X509; + a->data.x509 = obj; + return 1; +} + +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj) +{ + if (a == NULL || !X509_CRL_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_CRL; + a->data.crl = obj; + return 1; +} + +void X509_OBJECT_free(X509_OBJECT *a) +{ + x509_object_free_internal(a); OPENSSL_free(a); } diff --git a/crypto/x509/x509_meth.c b/crypto/x509/x509_meth.c new file mode 100644 index 0000000..05ed4bf --- /dev/null +++ b/crypto/x509/x509_meth.c @@ -0,0 +1,166 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "internal/cryptlib.h" +#include +#include +#include +#include "x509_lcl.h" + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name) +{ + X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD)); + + if (method != NULL) { + method->name = OPENSSL_strdup(name); + if (method->name == NULL) { + X509err(X509_F_X509_LOOKUP_METH_NEW, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + return method; + +err: + OPENSSL_free(method); + return NULL; +} + +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method) +{ + if (method != NULL) + OPENSSL_free(method->name); + OPENSSL_free(method); +} + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)) +{ + method->new_item = new_item; + return 1; +} + +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->new_item; +} + +int X509_LOOKUP_meth_set_free( + X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)) +{ + method->free = free; + return 1; +} + +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->free; +} + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)) +{ + method->init = init; + return 1; +} + +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->init; +} + +int X509_LOOKUP_meth_set_shutdown( + X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)) +{ + method->shutdown = shutdown; + return 1; +} + +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->shutdown; +} + +int X509_LOOKUP_meth_set_ctrl( + X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl) +{ + method->ctrl = ctrl; + return 1; +} + +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method) +{ + return method->ctrl; +} + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn get_by_subject) +{ + method->get_by_subject = get_by_subject; + return 1; +} + +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_subject; +} + + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial) +{ + method->get_by_issuer_serial = get_by_issuer_serial; + return 1; +} + +X509_LOOKUP_get_by_issuer_serial_fn + X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method) +{ + return method->get_by_issuer_serial; +} + + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint) +{ + method->get_by_fingerprint = get_by_fingerprint; + return 1; +} + +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_fingerprint; +} + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn get_by_alias) +{ + method->get_by_alias = get_by_alias; + return 1; +} + +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_alias; +} + diff --git a/doc/crypto/X509_LOOKUP_hash_dir.pod b/doc/crypto/X509_LOOKUP_hash_dir.pod index 5f8dfa9..abc16a6 100644 --- a/doc/crypto/X509_LOOKUP_hash_dir.pod +++ b/doc/crypto/X509_LOOKUP_hash_dir.pod @@ -117,6 +117,7 @@ L, L, L, L, +L, =head1 COPYRIGHT diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/man3/X509_LOOKUP_meth_new.pod new file mode 100644 index 0000000..fb165fd --- /dev/null +++ b/doc/man3/X509_LOOKUP_meth_new.pod @@ -0,0 +1,189 @@ +=pod + +=head1 NAME + +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, +X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, +X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, +X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, +X509_LOOKUP_meth_get_shutdown, +X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, +X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, +X509_LOOKUP_meth_get_get_by_subject, +X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, +X509_LOOKUP_meth_get_get_by_issuer_serial, +X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, +X509_LOOKUP_meth_get_get_by_fingerprint, +X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, +X509_LOOKUP_meth_get_get_by_alias, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +- Routines to build up X509_LOOKUP methods + +=head1 SYNOPSIS + + #include + + X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); + void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + + int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)); + void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); + X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); + X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_issuer_serial( + X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); + X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); + X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); + X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); + void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); + + X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); + + int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); + int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); + +=head1 DESCRIPTION + +The B type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +B structure. + +X509_LOOKUP_meth_new() creates a new B structure. It should +be given a human-readable string containing a brief description of the lookup +method. + +X509_LOOKUP_meth_free() destroys a B structure. + +X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the +function that is called when an B object is created with +X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke X509_LOOKUP_set_method_data(). + +X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function +that is used to free any method data that was allocated and set from within +new_item function. + +X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the +function that is used to initialize the method data that was set with +X509_LOOKUP_set_method_data() as part of the new_item routine. + +X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function. + +X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a +function to be used to handle arbitrary control commands issued by +X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP +B, along with the arguments passed by X509_LOOKUP_ctrl. B is +an arbitrary integer that defines some operation. B is a pointer +to an array of characters. B is an integer. B, if set, +points to a location where any return data should be written to. How +B and B are used depends entirely on the control function. + + +X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), +X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object. + +Implementations should use either X509_OBJECT_set1_X509() or +X509_OBJECT_set1_X509_CRL() to set the result. Any method data that was +created as a result of the new_item function set by +X509_LOOKUP_meth_set_new_item() can be accessed with +X509_LOOKUP_get_method_data(). The B object that owns the +X509_LOOKUP may be accessed with X509_LOOKUP_get_store(). Successful lookups +should return 1, and unsuccessful lookups should return 0. + +X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), +X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve +the function set by the corresponding setter. + +=head1 RETURN VALUES + +The B functions return 1 on success or 0 on error. + +The B functions return the corresponding function +pointers. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 1.1.0i. + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/include/openssl/x509.h b/include/openssl/x509.h index ee98df8..a2a538f 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1055,6 +1055,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_LOAD_CERT_CRL_FILE 132 # define X509_F_X509_LOAD_CERT_FILE 111 # define X509_F_X509_LOAD_CRL_FILE 112 +# define X509_F_X509_LOOKUP_METH_NEW 160 # define X509_F_X509_NAME_ADD_ENTRY 113 # define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 # define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 4671981..fdac6ae 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -257,7 +257,9 @@ X509_OBJECT *X509_OBJECT_new(void); void X509_OBJECT_free(X509_OBJECT *a); X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *v); int X509_STORE_lock(X509_STORE *ctx); @@ -364,6 +366,76 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); +typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); +typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)); +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + +int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn fn); +X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); @@ -393,6 +465,9 @@ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_OBJECT *ret); int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, int len, X509_OBJECT *ret); +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_locations(X509_STORE *ctx, diff --git a/util/libcrypto.num b/util/libcrypto.num index 49ba8d7..51f1d7d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4238,3 +4238,28 @@ conf_ssl_name_find 4469 1_1_0i EXIST::FUNCTION: conf_ssl_get_cmd 4470 1_1_0i EXIST::FUNCTION: conf_ssl_get 4471 1_1_0i EXIST::FUNCTION: X509_VERIFY_PARAM_get_hostflags 4472 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_get_by_fingerprint 4493 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_new 4494 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_init 4495 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_get_by_alias 4496 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_new_item 4497 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_shutdown 4498 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_new_item 4499 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_ctrl 4500 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_get_by_issuer_serial 4501 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_get_store 4502 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_ctrl 4503 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_get_by_alias 4504 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_get_by_subject 4505 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_free 4506 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_get_by_subject 4507 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_free 4508 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_shutdown 4509 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_set_method_data 4510 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_get_method_data 4511 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_get_by_fingerprint 4512 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_free 4513 1_1_0i EXIST::FUNCTION: +X509_OBJECT_set1_X509 4514 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_get_get_by_issuer_serial 4515 1_1_0i EXIST::FUNCTION: +X509_LOOKUP_meth_set_init 4516 1_1_0i EXIST::FUNCTION: +X509_OBJECT_set1_X509_CRL 4517 1_1_0i EXIST::FUNCTION: From levitte at openssl.org Wed May 30 14:11:07 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 30 May 2018 14:11:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527689467.647407.2359.nullmailer@dev.openssl.org> The branch master has been updated via 1e8d5ea5df61daa46e8874d1f443e0e75211253b (commit) from 0124f32a01b2b4f4f7146f226b6a9dfe227c4008 (commit) - Log ----------------------------------------------------------------- commit 1e8d5ea5df61daa46e8874d1f443e0e75211253b Author: Richard Levitte Date: Wed May 30 14:25:46 2018 +0200 OSSL_STORE: don't test file: URIs on Mingw Under a mingw shell, the command line path conversion either mangles file: URIs to something useless (file;C:\...) or not at all (which can't be opened by the Windows C RTL unless we're really lucky), so we simply skip testing them in that environment. Fixes #6369 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6376) ----------------------------------------------------------------------- Summary of changes: test/recipes/90-test_store.t | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index d453512..888213e 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -15,6 +15,8 @@ use OpenSSL::Test::Utils; my $test_name = "test_store"; setup($test_name); +my $mingw = config('target') =~ m|^mingw|; + my @noexist_files = ( "test/blahdiblah.pem", "test/blahdibleh.der" ); @@ -104,8 +106,9 @@ indir "store_$$" => sub { ok(run(app(["openssl", "storeutl", "-noout", $file]))); ok(run(app(["openssl", "storeutl", "-noout", to_abs_file($file)]))); + SKIP: { - local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + skip "file: tests disabled on MingW", 4 if $mingw; ok(run(app(["openssl", "storeutl", "-noout", to_abs_file_uri($file)]))); @@ -123,8 +126,9 @@ indir "store_$$" => sub { ok(run(app(["openssl", "storeutl", "-noout", "-passin", "pass:password", to_abs_file($_)]))); + SKIP: { - local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + skip "file: tests disabled on MingW", 2 if $mingw; ok(run(app(["openssl", "storeutl", "-noout", "-passin", "pass:password", to_abs_file_uri($_)]))); @@ -133,14 +137,20 @@ indir "store_$$" => sub { } } foreach (values %generated_file_files) { - local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; - ok(run(app(["openssl", "storeutl", "-noout", $_]))); + ok(run(app(["openssl", "storeutl", "-noout", $_]))); + } } foreach (@noexist_file_files) { - local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + SKIP: + { + skip "file: tests disabled on MingW", 1 if $mingw; - ok(!run(app(["openssl", "storeutl", "-noout", $_]))); + ok(!run(app(["openssl", "storeutl", "-noout", $_]))); + } } { my $dir = srctop_dir("test", "certs"); @@ -148,8 +158,9 @@ indir "store_$$" => sub { ok(run(app(["openssl", "storeutl", "-noout", $dir]))); ok(run(app(["openssl", "storeutl", "-noout", to_abs_file($dir, 1)]))); + SKIP: { - local $ENV{MSYS2_ARG_CONV_EXCL} = "file:"; + skip "file: tests disabled on MingW", 1 if $mingw; ok(run(app(["openssl", "storeutl", "-noout", to_abs_file_uri($dir, 1)]))); From rsalz at openssl.org Wed May 30 14:17:33 2018 From: rsalz at openssl.org (Rich Salz) Date: Wed, 30 May 2018 14:17:33 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1527689853.607859.9328.nullmailer@dev.openssl.org> The branch master has been updated via 8241c47b948d2213e8cead94844fd23207716499 (commit) from 62df8cc9ba93dd099b4f5622e331f935643b6790 (commit) - Log ----------------------------------------------------------------- commit 8241c47b948d2213e8cead94844fd23207716499 Author: Rich Salz Date: Tue May 29 11:18:24 2018 -0400 Remove rationale paragraph Reviewed-by: OMC Vote ----------------------------------------------------------------------- Summary of changes: policies/releasestrat.html | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/policies/releasestrat.html b/policies/releasestrat.html index 9d0e3c3..0bb80f5 100644 --- a/policies/releasestrat.html +++ b/policies/releasestrat.html @@ -34,20 +34,6 @@ performance improvements and so on. There is no need to recompile applications to benefit from these features.

    -

    Binary compatibility also allows other possibilities. For - example, consider an application that wishes to utilize - a new cipher provided in a specific 1.0.x release, but it - is also desirable to maintain the application in a 1.0.0 - context. Customarily this would be resolved at compile time - resulting in two binary packages targeting different OpenSSL - versions. However, depending on the feature, it might be - possible to check for its availability at run-time, thus cutting - down on the maintenance of multiple binary packages. Admittedly - it takes a certain discipline and some extra coding, but we - would like to encourage such practice. This is because we - want to see later releases being adopted faster, because new - features can improve security.

    -

    With regards to current and future releases the OpenSSL project has adopted the following policy:

    @@ -64,7 +50,7 @@ and we will specify one at least every four years. Non-LTS releases will be supported for at least two years.

    -

    As implied by the above paragraphs, during the final year +

    During the final year of support, we do not commit to anything other than security fixes. Before that, bug and security fixes will be applied as appropriate.

    From appro at openssl.org Wed May 30 16:27:11 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 30 May 2018 16:27:11 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527697631.629696.13854.nullmailer@dev.openssl.org> The branch master has been updated via 2fc45cb805f85589bb49c3669864152e909696da (commit) via 44ca7565a6c73cbff17ee94c9f83b871c8c91445 (commit) via ffcca684ec7bd2d3081a0f5a5befa9972fdd7765 (commit) from 1e8d5ea5df61daa46e8874d1f443e0e75211253b (commit) - Log ----------------------------------------------------------------- commit 2fc45cb805f85589bb49c3669864152e909696da Author: Andy Polyakov Date: Mon May 21 14:26:54 2018 +0200 apps/speed.c: address asan failure with small -bytes and large -misalign. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6311) commit 44ca7565a6c73cbff17ee94c9f83b871c8c91445 Author: Andy Polyakov Date: Sat May 19 15:43:11 2018 +0200 apps/speed.c: add -aead flag. Goal is to exercise AEAD ciphers in TLS-like sequence, i.e. 13-byte AAD followed by payload. Update doc/man1/speed.pod accordingly. [While we are at it, address even some styling and readability issues.] Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6311) commit ffcca684ec7bd2d3081a0f5a5befa9972fdd7765 Author: Andy Polyakov Date: Sat May 19 15:53:29 2018 +0200 apps/speed.c: clean up SIGARM handling. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6311) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 202 +++++++++++++++++++++++++++++++++++------------------ doc/man1/speed.pod | 14 ++-- 2 files changed, 145 insertions(+), 71 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index e513263..768e3a1 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -169,6 +169,7 @@ static int CRYPTO_gcm128_aad_loop(void *args); static int RAND_bytes_loop(void *args); static int EVP_Update_loop(void *args); static int EVP_Update_loop_ccm(void *args); +static int EVP_Update_loop_aead(void *args); static int EVP_Digest_loop(void *args); #ifndef OPENSSL_NO_RSA static int RSA_sign_loop(void *args); @@ -197,29 +198,33 @@ static const int lengths_list[] = { }; static const int *lengths = lengths_list; +static const int aead_lengths_list[] = { + 2, 31, 136, 1024, 8 * 1024, 16 * 1024 +}; + +#define START 0 +#define STOP 1 + #ifdef SIGALRM -# if defined(__STDC__) || defined(sgi) || defined(_AIX) -# define SIGRETTYPE void -# else -# define SIGRETTYPE int -# endif -static SIGRETTYPE sig_done(int sig); -static SIGRETTYPE sig_done(int sig) +static void alarmed(int sig) { - signal(SIGALRM, sig_done); + signal(SIGALRM, alarmed); run = 0; } -#endif -#define START 0 -#define STOP 1 +static double Time_F(int s) +{ + double ret = app_tminterval(s, usertime); + if (s == STOP) + alarm(0); + return ret; +} -#if defined(_WIN32) +#elif defined(_WIN32) + +# define SIGALRM -1 -# if !defined(SIGALRM) -# define SIGALRM -# endif static unsigned int lapse; static volatile unsigned int schlock; static void alarm_win32(unsigned int secs) @@ -263,13 +268,9 @@ static double Time_F(int s) return ret; } #else - static double Time_F(int s) { - double ret = app_tminterval(s, usertime); - if (s == STOP) - alarm(0); - return ret; + return app_tminterval(s, usertime); } #endif @@ -295,38 +296,41 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, - OPT_PRIMES, OPT_SECONDS, OPT_BYTES + OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD } OPTION_CHOICE; const OPTIONS speed_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, - {"evp", OPT_EVP, 's', "Use specified EVP cipher"}, + {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, {"decrypt", OPT_DECRYPT, '-', "Time decryption instead of encryption (only EVP)"}, - {"mr", OPT_MR, '-', "Produce machine readable output"}, + {"aead", OPT_AEAD, '-', + "Benchmark EVP-named AEAD cipher in TLS-like sequence"}, {"mb", OPT_MB, '-', - "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"}, - {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, - {"elapsed", OPT_ELAPSED, '-', - "Measure time in real time instead of CPU user time"}, + "Enable (tls1>=1) multi-block mode on EVP-named cipher"}, + {"mr", OPT_MR, '-', "Produce machine readable output"}, #ifndef NO_FORK {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, #endif #ifndef OPENSSL_NO_ASYNC {"async_jobs", OPT_ASYNCJOBS, 'p', - "Enable async mode and start pnum jobs"}, + "Enable async mode and start specified number of jobs"}, #endif OPT_R_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"elapsed", OPT_ELAPSED, '-', + "Use wall-clock time instead of CPU user time as divisor"}, {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"}, {"seconds", OPT_SECONDS, 'p', - "Run benchmarks for pnum seconds"}, + "Run benchmarks for specified amount of seconds"}, {"bytes", OPT_BYTES, 'p', - "Run cipher, digest and rand benchmarks on pnum bytes"}, + "Run [non-PKI] benchmarks on custom-sized buffer"}, + {"misalign", OPT_MISALIGN, 'p', + "Use specified offset to mis-align buffers"}, {NULL} }; @@ -915,6 +919,7 @@ static int EVP_Update_loop(void *args) EVP_EncryptFinal_ex(ctx, buf, &outl); return count; } + /* * CCM does not support streaming. For the purpose of performance measurement, * each message is encrypted using the same (key,iv)-pair. Do not use this @@ -949,6 +954,42 @@ static int EVP_Update_loop_ccm(void *args) return count; } +/* + * To make AEAD benchmarking more relevant perform TLS-like operations, + * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as + * payload length is not actually limited by 16KB... + */ +static int EVP_Update_loop_aead(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_CIPHER_CTX *ctx = tempargs->ctx; + int outl, count; + unsigned char aad[13] = { 0xcc }; + unsigned char faketag[16] = { 0xcc }; +#ifndef SIGALRM + int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; +#endif + if (decrypt) { + for (count = 0; COND(nb_iter); count++) { + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + sizeof(faketag), faketag); + EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); + EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + EVP_DecryptFinal_ex(ctx, buf + outl, &outl); + } + } else { + for (count = 0; COND(nb_iter); count++) { + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv); + EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); + EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + EVP_EncryptFinal_ex(ctx, buf + outl, &outl); + } + } + return count; +} + static const EVP_MD *evp_md = NULL; static int EVP_Digest_loop(void *args) { @@ -1272,7 +1313,6 @@ static int run_benchmark(int async_jobs, int speed_main(int argc, char **argv) { ENGINE *e = NULL; - int (*loopfunc)(void *args); loopargs_t *loopargs = NULL; const char *prog; const char *engine_id = NULL; @@ -1281,7 +1321,7 @@ int speed_main(int argc, char **argv) OPTION_CHOICE o; int async_init = 0, multiblock = 0, pr_header = 0; int doit[ALGOR_NUM] = { 0 }; - int ret = 1, misalign = 0, lengths_single = 0; + int ret = 1, misalign = 0, lengths_single = 0, aead = 0; long count = 0; unsigned int size_num = OSSL_NELEM(lengths_list); unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0; @@ -1517,6 +1557,9 @@ int speed_main(int argc, char **argv) lengths = &lengths_single; size_num = 1; break; + case OPT_AEAD: + aead = 1; + break; } } argc = opt_num_rest(); @@ -1596,6 +1639,34 @@ int speed_main(int argc, char **argv) goto end; } + /* Sanity checks */ + if (aead) { + if (evp_cipher == NULL) { + BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n"); + goto end; + } else if (!(EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_AEAD_CIPHER)) { + BIO_printf(bio_err, "%s is not an AEAD cipher\n", + OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + goto end; + } + } + if (multiblock) { + if (evp_cipher == NULL) { + BIO_printf(bio_err,"-mb can be used only with a multi-block" + " capable cipher\n"); + goto end; + } else if (!(EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + BIO_printf(bio_err, "%s is not a multi-block capable\n", + OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + goto end; + } else if (async_jobs > 0) { + BIO_printf(bio_err, "Async mode is not supported with -mb"); + goto end; + } + } + /* Initialize the job pool if async mode is enabled */ if (async_jobs > 0) { async_init = ASYNC_init_thread(async_jobs, async_jobs); @@ -1619,7 +1690,10 @@ int speed_main(int argc, char **argv) } } - buflen = lengths[size_num - 1] + MAX_MISALIGNMENT + 1; + buflen = lengths[size_num - 1]; + if (buflen < 36) /* size of random vector in RSA bencmark */ + buflen = 36; + buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer"); memset(loopargs[i].buf_malloc, 0, buflen); @@ -1961,10 +2035,8 @@ int speed_main(int argc, char **argv) /* not worth fixing */ # error "You cannot disable DES on systems without SIGALRM." # endif /* OPENSSL_NO_DES */ -#else -# ifndef _WIN32 - signal(SIGALRM, sig_done); -# endif +#elif SIGALRM > 0 + signal(SIGALRM, alarmed); #endif /* SIGALRM */ #ifndef OPENSSL_NO_MD2 @@ -2420,30 +2492,30 @@ int speed_main(int argc, char **argv) } if (doit[D_EVP]) { - if (multiblock && evp_cipher) { - if (! - (EVP_CIPHER_flags(evp_cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { - BIO_printf(bio_err, "%s is not multi-block capable\n", - OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + if (evp_cipher != NULL) { + int (*loopfunc)(void *args) = EVP_Update_loop; + + if (multiblock && (EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + multiblock_speed(evp_cipher, lengths_single, &seconds); + ret = 0; goto end; } - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported, exiting..."); - exit(1); + + names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); + + if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { + loopfunc = EVP_Update_loop_ccm; + } else if (aead && (EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_AEAD_CIPHER)) { + loopfunc = EVP_Update_loop_aead; + if (lengths == lengths_list) { + lengths = aead_lengths_list; + size_num = OSSL_NELEM(aead_lengths_list); + } } - multiblock_speed(evp_cipher, lengths_single, &seconds); - ret = 0; - goto end; - } - for (testnum = 0; testnum < size_num; testnum++) { - if (evp_cipher) { - names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); - /* - * -O3 -fschedule-insns messes up an optimization here! - * names[D_EVP] somehow becomes NULL - */ + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_EVP], save_count, lengths[testnum], seconds.sym); @@ -2461,13 +2533,6 @@ int speed_main(int argc, char **argv) loopargs[k].key, NULL, -1); OPENSSL_clear_free(loopargs[k].key, keylen); } - switch (EVP_CIPHER_mode(evp_cipher)) { - case EVP_CIPH_CCM_MODE: - loopfunc = EVP_Update_loop_ccm; - break; - default: - loopfunc = EVP_Update_loop; - } Time_F(START); count = run_benchmark(async_jobs, loopfunc, loopargs); @@ -2475,16 +2540,19 @@ int speed_main(int argc, char **argv) for (k = 0; k < loopargs_len; k++) { EVP_CIPHER_CTX_free(loopargs[k].ctx); } + print_result(D_EVP, testnum, count, d); } - if (evp_md) { - names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); + } else if (evp_md != NULL) { + names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); + + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_EVP], save_count, lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs); d = Time_F(STOP); + print_result(D_EVP, testnum, count, d); } - print_result(D_EVP, testnum, count, d); } } diff --git a/doc/man1/speed.pod b/doc/man1/speed.pod index 4f46fac..523da0d 100644 --- a/doc/man1/speed.pod +++ b/doc/man1/speed.pod @@ -16,6 +16,8 @@ B [B<-rand file...>] [B<-writerand file>] [B<-primes num>] +[B<-seconds num>] +[B<-bytes num>] [B] =head1 DESCRIPTION @@ -42,12 +44,16 @@ for all available algorithms. =item B<-elapsed> -Measure time in real time instead of CPU time. It can be useful when testing -speed of hardware engines. +When calculating operations- or bytes-per-second, use wall-clock time +instead of CPU user time as divisor. It can be useful when testing speed +of hardware engines. =item B<-evp algo> Use the specified cipher or message digest algorithm via the EVP interface. +If B is an AEAD cipher, then you can pass <-aead> to benchmark a +TLS-like sequence. And if B is a multi-buffer capable cipher, e.g. +aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation. =item B<-decrypt> @@ -81,8 +87,8 @@ Run benchmarks on B-byte buffers. Affects ciphers, digests and the CSPRNG. =item B<[zero or more test algorithms]> -If any options are given, B tests those algorithms, otherwise all of -the above are tested. +If any options are given, B tests those algorithms, otherwise a +pre-compiled grand selection is tested. =back From appro at openssl.org Wed May 30 20:53:19 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 30 May 2018 20:53:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527713599.530945.5261.nullmailer@dev.openssl.org> The branch master has been updated via c869c3ada944bc42a6c00e0433c9d523c4426cde (commit) via 95c81f8c8895615b4db0edde8ce5d1e030edd2f9 (commit) from 2fc45cb805f85589bb49c3669864152e909696da (commit) - Log ----------------------------------------------------------------- commit c869c3ada944bc42a6c00e0433c9d523c4426cde Author: Andy Polyakov Date: Sun May 27 14:04:48 2018 +0200 chacha/asm/chacha-ppc.pl: optimize AltiVec/VMX code path. 32-bit vector rotate instruction was defined from beginning, it not being used from the start must be a brain-slip... Reviewed-by: Bernd Edlinger Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6363) commit 95c81f8c8895615b4db0edde8ce5d1e030edd2f9 Author: Andy Polyakov Date: Sun May 27 14:03:00 2018 +0200 perlasm/ppc-xlate.pl: add new instructions and clean up. Reviewed-by: Bernd Edlinger Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6363) ----------------------------------------------------------------------- Summary of changes: crypto/chacha/asm/chacha-ppc.pl | 84 +++++++++++++++++------------------------ crypto/perlasm/ppc-xlate.pl | 43 ++++++++++++++------- 2 files changed, 65 insertions(+), 62 deletions(-) diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl index 2a1036e..350d5fa 100755 --- a/crypto/chacha/asm/chacha-ppc.pl +++ b/crypto/chacha/asm/chacha-ppc.pl @@ -23,11 +23,14 @@ # IALU/gcc-4.x 3xAltiVec+1xIALU # # Freescale e300 13.6/+115% - -# PPC74x0/G4e 6.81/+310% 4.66 -# PPC970/G5 9.29/+160% 4.60 -# POWER7 8.62/+61% 4.27 -# POWER8 8.70/+51% 3.96 -# POWER9 6.61/+29% 3.67 +# PPC74x0/G4e 6.81/+310% 3.72 +# PPC970/G5 9.29/+160% ? +# POWER7 8.62/+61% 3.38 +# POWER8 8.70/+51% 3.36 +# POWER9 6.61/+29% 3.30(*) +# +# (*) this is trade-off result, it's possible to improve it, but +# then it would negatively affect all others; $flavour = shift; @@ -392,19 +395,19 @@ Loop_tail: # byte-by-byte loop ___ {{{ -my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2,$T0,$T1,$T2) = - map("v$_",(0..14)); -my (@K)=map("v$_",(15..20)); -my ($FOUR,$sixteen,$twenty4,$twenty,$twelve,$twenty5,$seven) = - map("v$_",(21..27)); -my ($inpperm,$outperm,$outmask) = map("v$_",(28..30)); -my @D=("v31",$seven,$T0,$T1,$T2); +my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2) + = map("v$_",(0..11)); +my @K = map("v$_",(12..17)); +my ($FOUR,$sixteen,$twenty4) = map("v$_",(18..20)); +my ($inpperm,$outperm,$outmask) = map("v$_",(21..23)); +my @D = map("v$_",(24..28)); +my ($twelve,$seven,$T0,$T1) = @D; -my $FRAME=$LOCALS+64+13*16+18*$SIZE_T; # 13*16 is for v20-v31 offload +my $FRAME=$LOCALS+64+10*16+18*$SIZE_T; # 10*16 is for v20-v28 offload sub VMXROUND { my $odd = pop; -my ($a,$b,$c,$d,$t)=@_; +my ($a,$b,$c,$d)=@_; ( "&vadduwm ('$a','$a','$b')", @@ -412,20 +415,16 @@ my ($a,$b,$c,$d,$t)=@_; "&vperm ('$d','$d','$d','$sixteen')", "&vadduwm ('$c','$c','$d')", - "&vxor ('$t','$b','$c')", - "&vsrw ('$b','$t','$twenty')", - "&vslw ('$t','$t','$twelve')", - "&vor ('$b','$b','$t')", + "&vxor ('$b','$b','$c')", + "&vrlw ('$b','$b','$twelve')", "&vadduwm ('$a','$a','$b')", "&vxor ('$d','$d','$a')", "&vperm ('$d','$d','$d','$twenty4')", "&vadduwm ('$c','$c','$d')", - "&vxor ('$t','$b','$c')", - "&vsrw ('$b','$t','$twenty5')", - "&vslw ('$t','$t','$seven')", - "&vor ('$b','$b','$t')", + "&vxor ('$b','$b','$c')", + "&vrlw ('$b','$b','$seven')", "&vsldoi ('$c','$c','$c',8)", "&vsldoi ('$b','$b','$b',$odd?4:12)", @@ -461,13 +460,7 @@ $code.=<<___; stvx v26,r10,$sp addi r10,r10,32 stvx v27,r11,$sp - addi r11,r11,32 stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp stw r12,`$FRAME-$SIZE_T*18-4`($sp) # save vrsave $PUSH r14,`$FRAME-$SIZE_T*18`($sp) $PUSH r15,`$FRAME-$SIZE_T*17`($sp) @@ -487,9 +480,9 @@ $code.=<<___; $PUSH r29,`$FRAME-$SIZE_T*3`($sp) $PUSH r30,`$FRAME-$SIZE_T*2`($sp) $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - li r12,-1 + li r12,-8 $PUSH r0, `$FRAME+$LRSAVE`($sp) - mtspr 256,r12 # preserve all AltiVec registers + mtspr 256,r12 # preserve 29 AltiVec registers bl Lconsts # returns pointer Lsigma in r12 li @x[0],16 @@ -526,11 +519,6 @@ $code.=<<___; lwz @d[3],12($ctr) vadduwm @K[5], at K[4], at K[5] - vspltisw $twenty,-12 # synthesize constants - vspltisw $twelve,12 - vspltisw $twenty5,-7 - #vspltisw $seven,7 # synthesized in the loop - vxor $T0,$T0,$T0 # 0x00..00 vspltisw $outmask,-1 # 0xff..ff ?lvsr $inpperm,0,$inp # prepare for unaligned load @@ -543,6 +531,7 @@ $code.=<<___; be?vxor $outperm,$outperm,$T1 be?vperm $inpperm,$inpperm,$inpperm,$T0 + li r0,10 # inner loop counter b Loop_outer_vmx .align 4 @@ -560,7 +549,6 @@ Loop_outer_vmx: ori @x[3], at x[3],0x6574 vmr $B0, at K[1] - li r0,10 # inner loop counter lwz @x[4],0($key) # load key to GPR vmr $B1, at K[1] lwz @x[5],4($key) @@ -586,15 +574,17 @@ Loop_outer_vmx: mr @t[1], at x[5] mr @t[2], at x[6] mr @t[3], at x[7] + + vspltisw $twelve,12 # synthesize constants vspltisw $seven,7 mtctr r0 nop Loop_vmx: ___ - my @thread0=&VMXROUND($A0,$B0,$C0,$D0,$T0,0); - my @thread1=&VMXROUND($A1,$B1,$C1,$D1,$T1,0); - my @thread2=&VMXROUND($A2,$B2,$C2,$D2,$T2,0); + my @thread0=&VMXROUND($A0,$B0,$C0,$D0,0); + my @thread1=&VMXROUND($A1,$B1,$C1,$D1,0); + my @thread2=&VMXROUND($A2,$B2,$C2,$D2,0); my @thread3=&ROUND(0,4,8,12); foreach (@thread0) { @@ -602,10 +592,11 @@ ___ eval(shift(@thread1)); eval(shift(@thread3)); eval(shift(@thread2)); eval(shift(@thread3)); } + foreach (@thread3) { eval; } - @thread0=&VMXROUND($A0,$B0,$C0,$D0,$T0,1); - @thread1=&VMXROUND($A1,$B1,$C1,$D1,$T1,1); - @thread2=&VMXROUND($A2,$B2,$C2,$D2,$T2,1); + @thread0=&VMXROUND($A0,$B0,$C0,$D0,1); + @thread1=&VMXROUND($A1,$B1,$C1,$D1,1); + @thread2=&VMXROUND($A2,$B2,$C2,$D2,1); @thread3=&ROUND(0,5,10,15); foreach (@thread0) { @@ -613,6 +604,7 @@ ___ eval(shift(@thread1)); eval(shift(@thread3)); eval(shift(@thread2)); eval(shift(@thread3)); } + foreach (@thread3) { eval; } $code.=<<___; bdnz Loop_vmx @@ -866,13 +858,7 @@ Ldone_vmx: lvx v26,r10,$sp addi r10,r10,32 lvx v27,r11,$sp - addi r11,r11,32 lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp $POP r0, `$FRAME+$LRSAVE`($sp) $POP r14,`$FRAME-$SIZE_T*18`($sp) $POP r15,`$FRAME-$SIZE_T*17`($sp) @@ -904,7 +890,7 @@ Ldone_vmx: Lconsts: mflr r0 bcl 20,31,\$+4 - mflr r12 #vvvvv "distance between . and _vpaes_consts + mflr r12 #vvvvv "distance between . and Lsigma addi r12,r12,`64-8` mtlr r0 blr diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index ba2842f..1a22f7a 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -217,6 +217,7 @@ my $stvdx_u = sub { vsxmem_op(@_, 716); }; # stxsdx my $lvx_4w = sub { vsxmem_op(@_, 780); }; # lxvw4x my $stvx_4w = sub { vsxmem_op(@_, 908); }; # stxvw4x my $lvx_splt = sub { vsxmem_op(@_, 332); }; # lxvdsx +# VSX instruction[s] masqueraded as made-up AltiVec/VMX my $vpermdi = sub { # xxpermdi my ($f, $vrt, $vra, $vrb, $dm) = @_; $dm = oct($dm) if ($dm =~ /^0/); @@ -228,6 +229,10 @@ sub vcrypto_op { my ($f, $vrt, $vra, $vrb, $op) = @_; " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op; } +sub vfour { + my ($f, $vrt, $vra, $vrb, $vrc, $op) = @_; + " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op; +}; my $vcipher = sub { vcrypto_op(@_, 1288); }; my $vcipherlast = sub { vcrypto_op(@_, 1289); }; my $vncipher = sub { vcrypto_op(@_, 1352); }; @@ -239,7 +244,7 @@ my $vpmsumb = sub { vcrypto_op(@_, 1032); }; my $vpmsumd = sub { vcrypto_op(@_, 1224); }; my $vpmsubh = sub { vcrypto_op(@_, 1096); }; my $vpmsumw = sub { vcrypto_op(@_, 1160); }; -# These are not really crypto, but one can use vcrypto_op +# These are not really crypto, but vcrypto_op template works my $vaddudm = sub { vcrypto_op(@_, 192); }; my $vadduqm = sub { vcrypto_op(@_, 256); }; my $vmuleuw = sub { vcrypto_op(@_, 648); }; @@ -247,21 +252,29 @@ my $vmulouw = sub { vcrypto_op(@_, 136); }; my $vrld = sub { vcrypto_op(@_, 196); }; my $vsld = sub { vcrypto_op(@_, 1476); }; my $vsrd = sub { vcrypto_op(@_, 1732); }; +my $vsubudm = sub { vcrypto_op(@_, 1216); }; +my $vaddcuq = sub { vcrypto_op(@_, 320); }; +my $vaddeuqm = sub { vfour(@_,60); }; +my $vaddecuq = sub { vfour(@_,61); }; my $mtsle = sub { my ($f, $arg) = @_; " .long ".sprintf "0x%X",(31<<26)|($arg<<21)|(147*2); }; -# PowerISA 3.0 stuff -my $maddhdu = sub { - my ($f, $rt, $ra, $rb, $rc) = @_; - " .long ".sprintf "0x%X",(4<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($rc<<6)|49; +# VSX instructions masqueraded as AltiVec/VMX +my $mtvrd = sub { + my ($f, $vrt, $ra) = @_; + " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(179<<1)|1; }; -my $maddld = sub { - my ($f, $rt, $ra, $rb, $rc) = @_; - " .long ".sprintf "0x%X",(4<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($rc<<6)|51; +my $mtvrwz = sub { + my ($f, $vrt, $ra) = @_; + " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1; }; + +# PowerISA 3.0 stuff +my $maddhdu = sub { vfour(@_,49); }; +my $maddld = sub { vfour(@_,51); }; my $darn = sub { my ($f, $rt, $l) = @_; " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1); @@ -270,16 +283,20 @@ my $iseleq = sub { my ($f, $rt, $ra, $rb) = @_; " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|(2<<6)|30; }; +# VSX instruction[s] masqueraded as made-up AltiVec/VMX +my $vspltib = sub { # xxspltib + my ($f, $vrt, $imm8) = @_; + $imm8 = oct($imm8) if ($imm8 =~ /^0/); + $imm8 &= 0xff; + " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($imm8<<11)|(360<<1)|1; +}; # PowerISA 3.0B stuff my $addex = sub { my ($f, $rt, $ra, $rb, $cy) = @_; # only cy==0 is specified in 3.0B " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($cy<<9)|(170<<1); }; -my $vmsumudm = sub { - my ($f, $vrt, $vra, $vrb, $vrc) = @_; - " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|35; -}; +my $vmsumudm = sub { vfour(@_,35); }; while($line=<>) { From appro at openssl.org Wed May 30 21:08:23 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 30 May 2018 21:08:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527714503.973112.8930.nullmailer@dev.openssl.org> The branch master has been updated via 848113a30b431c2fe21ae8de2a366b9b6146fb92 (commit) from c869c3ada944bc42a6c00e0433c9d523c4426cde (commit) - Log ----------------------------------------------------------------- commit 848113a30b431c2fe21ae8de2a366b9b6146fb92 Author: User Date: Wed May 16 13:59:36 2018 -0400 bn/bn_exp.c: mitigation of the One-and-Done side-channel attack. The One&Done attack, which is described in a paper to appear in the USENIX Security'18 conference, uses EM emanations to recover the values of the bits that are obtained using BN_is_bit_set while constructing the value of the window in BN_mod_exp_consttime. The EM signal changes slightly depending on the value of the bit, and since the lookup of a bit is surrounded by highly regular execution (constant-time Montgomery multiplications) the attack is able to isolate the (very brief) part of the signal that changes depending on the bit. Although the change is slight, the attack recovers it successfully >90% of the time on several phones and IoT devices (all with ARM processors with clock rates around 1GHz), so after only one RSA decryption more than 90% of the bits in d_p and d_q are recovered correctly, which enables rapid recovery of the full RSA key using an algorithm (also described in the paper) that modifies the branch-and-prune approach for a situation in which the exponents' bits are recovered with errors, i.e. where we do not know a priori which bits are correctly recovered. The mitigation for the attack is relatively simple - all the bits of the window are obtained at once, along with other bits so that an entire integer's worth of bits are obtained together using masking and shifts, without unnecessarily considering each bit in isolation. This improves performance somewhat (one call to bn_get_bits is faster than several calls to BN_is_bit_set), so the attacker now gets one signal snippet per window (rather than one per bit) in which the signal is affected by all bits in the integer (rather than just the one bit). Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6276) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_exp.c | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 258e901..2dbf5b4 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -473,7 +473,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, return ret; } -#if defined(SPARC_T4_MONT) static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) { BN_ULONG ret = 0; @@ -492,7 +491,6 @@ static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) return ret & BN_MASK2; } -#endif /* * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific @@ -599,7 +597,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { - int i, bits, ret = 0, window, wvalue; + int i, bits, ret = 0, window, wvalue, wmask, window0; int top; BN_MONT_CTX *mont = NULL; @@ -1040,27 +1038,44 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } } - bits--; - for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % window + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue, window)) goto err; + wmask = (1 << window) - 1; /* * Scan the exponent one window at a time starting from the most * significant bits. */ - while (bits >= 0) { - wvalue = 0; /* The 'value' of the window */ + while (bits > 0) { - /* Scan the window, squaring the result as we go */ - for (i = 0; i < window; i++, bits--) { + /* Square the result window-size times */ + for (i = 0; i < window; i++) if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) goto err; - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - } + /* + * Get a window's worth of bits from the exponent + * This avoids calling BN_is_bit_set for each bit, which + * is not only slower but also makes each bit vulnerable to + * EM (and likely other) side-channel attacks like One&Done + * (for details see "One&Done: A Single-Decryption EM-Based + * Attack on OpenSSL?s Constant-Time Blinded RSA" by M. Alam, + * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and + * M. Prvulovic, in USENIX Security'18) + */ + bits -= window; + wvalue = bn_get_bits(p, bits) & wmask; /* * Fetch the appropriate pre-computed value from the pre-buf */ From appro at openssl.org Wed May 30 21:17:22 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 30 May 2018 21:17:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527715042.491863.10930.nullmailer@dev.openssl.org> The branch master has been updated via a133883752af41ae20bcee8153bc52e8a4b522c8 (commit) from 848113a30b431c2fe21ae8de2a366b9b6146fb92 (commit) - Log ----------------------------------------------------------------- commit a133883752af41ae20bcee8153bc52e8a4b522c8 Author: Yihong Wang Date: Tue May 15 23:34:28 2018 -0700 Reduce minimal out length in CRYPTO_128_unwrap_pad In `aes_wrap_cipher()`, the minimal out buff length is `(inlen - 8)`. Since it calls `CRYPTO_128_unwrap_pad()` underneath, it makes sense to reduce the minimal out length in `CRYPTO_128_unwrap_pad()` to align to its caller. Signed-off-by: Yihong Wang Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6266) ----------------------------------------------------------------------- Summary of changes: crypto/modes/wrap128.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c index 46809a0..5ebb517 100644 --- a/crypto/modes/wrap128.c +++ b/crypto/modes/wrap128.c @@ -237,7 +237,7 @@ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, * * @param[in] key Key value. * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. - * @param[out] out Plaintext. Minimal buffer length = inlen bytes. + * @param[out] out Plaintext. Minimal buffer length = (inlen - 8) bytes. * Input and output buffers can overlap if block function * supports that. * @param[in] in Ciphertext as n 64-bit blocks. @@ -267,7 +267,6 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX) return 0; - memmove(out, in, inlen); if (inlen == 16) { /* * Section 4.2 - special case in step 1: When n=1, the ciphertext @@ -275,14 +274,17 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] | * C[1]) */ - block(out, out, key); - memcpy(aiv, out, 8); + unsigned char buff[16]; + + block(in, buff, key); + memcpy(aiv, buff, 8); /* Remove AIV */ - memmove(out, out + 8, 8); + memcpy(out, buff + 8, 8); padded_len = 8; + OPENSSL_cleanse(buff, inlen); } else { padded_len = inlen - 8; - ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block); + ret = crypto_128_unwrap_raw(key, aiv, out, in, inlen, block); if (padded_len != ret) { OPENSSL_cleanse(out, inlen); return 0; From levitte at openssl.org Thu May 31 09:01:06 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 31 May 2018 09:01:06 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527757266.586178.11611.nullmailer@dev.openssl.org> The branch master has been updated via 3190d1dca43ecfd748c06aa06752de06af3768b9 (commit) from a133883752af41ae20bcee8153bc52e8a4b522c8 (commit) - Log ----------------------------------------------------------------- commit 3190d1dca43ecfd748c06aa06752de06af3768b9 Author: Richard Levitte Date: Thu May 31 06:51:25 2018 +0200 apps: when the 'compat' nameopt has been set, leave it be XN_FLAG_COMPAT has a unique property, its zero for value. This means it needs special treatment; if it has been set (which can only be determined indirectly) and set alone (*), no other flags should be set. (*) if any other nameopt flag has been set by the user, compatibility mode is blown away. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6382) ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index d5a6aea..2740275 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1050,7 +1050,8 @@ int set_name_ex(unsigned long *flags, const char *arg) }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; - if ((*flags & XN_FLAG_SEP_MASK) == 0) + if (*flags != XN_FLAG_COMPAT + && (*flags & XN_FLAG_SEP_MASK) == 0) *flags |= XN_FLAG_SEP_CPLUS_SPC; return 1; } From levitte at openssl.org Thu May 31 09:02:21 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 31 May 2018 09:02:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527757341.106902.13168.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 7e2e10aaec5461915a074aff42285916bd7da3cf (commit) from 6912debb881e669f7a7fb621588e20347111c4f0 (commit) - Log ----------------------------------------------------------------- commit 7e2e10aaec5461915a074aff42285916bd7da3cf Author: Richard Levitte Date: Thu May 31 06:51:25 2018 +0200 apps: when the 'compat' nameopt has been set, leave it be XN_FLAG_COMPAT has a unique property, its zero for value. This means it needs special treatment; if it has been set (which can only be determined indirectly) and set alone (*), no other flags should be set. (*) if any other nameopt flag has been set by the user, compatibility mode is blown away. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6382) (cherry picked from commit 3190d1dca43ecfd748c06aa06752de06af3768b9) ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index 8703d0c..4409dcb 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1012,7 +1012,8 @@ int set_name_ex(unsigned long *flags, const char *arg) }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; - if ((*flags & XN_FLAG_SEP_MASK) == 0) + if (*flags != XN_FLAG_COMPAT + && (*flags & XN_FLAG_SEP_MASK) == 0) *flags |= XN_FLAG_SEP_CPLUS_SPC; return 1; } From levitte at openssl.org Thu May 31 09:03:03 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 31 May 2018 09:03:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1527757383.395770.13973.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via af21f71e7c59474271f0c24d58f212fad4032e3a (commit) from 235119f015e46a74040b78b10fd6e954f7f07774 (commit) - Log ----------------------------------------------------------------- commit af21f71e7c59474271f0c24d58f212fad4032e3a Author: Richard Levitte Date: Thu May 31 06:51:25 2018 +0200 apps: when the 'compat' nameopt has been set, leave it be XN_FLAG_COMPAT has a unique property, its zero for value. This means it needs special treatment; if it has been set (which can only be determined indirectly) and set alone (*), no other flags should be set. (*) if any other nameopt flag has been set by the user, compatibility mode is blown away. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6382) (cherry picked from commit 3190d1dca43ecfd748c06aa06752de06af3768b9) ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index c5a5152..07ffad1 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1359,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg) }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; - if ((*flags & XN_FLAG_SEP_MASK) == 0) + if (*flags != XN_FLAG_COMPAT + && (*flags & XN_FLAG_SEP_MASK) == 0) *flags |= XN_FLAG_SEP_CPLUS_SPC; return 1; } From matt at openssl.org Thu May 31 09:43:46 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 31 May 2018 09:43:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527759826.095623.20818.nullmailer@dev.openssl.org> The branch master has been updated via 5f49783c12e9e6100075e50fe727ee2d5cc30445 (commit) via bdd5f12ea6b76fb133b152a3ca38a3c045be4de3 (commit) via 28c73b34dfe00e786fc9198d89e089655ec5ae01 (commit) via fbccfedf9bb0840e6c2db54b66ac511b85a3f587 (commit) via 6712ba9323cd9dc550ae3cc258cb61b5b23dcd83 (commit) via bceae201b45fdbc7898adada6aebe2a1b6145009 (commit) via 1b3c89cd1e579aa8b9229498699ce54fa7986fa7 (commit) via 5be77b074c17a506f222a28f13a0b64bbef9da7a (commit) from 3190d1dca43ecfd748c06aa06752de06af3768b9 (commit) - Log ----------------------------------------------------------------- commit 5f49783c12e9e6100075e50fe727ee2d5cc30445 Author: Matt Caswell Date: Tue May 29 16:09:02 2018 +0100 Don't call setsockopt with an invalid fd This is probably a "should not happen" scenario, but better check anyway. Found by Coverity. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6373) commit bdd5f12ea6b76fb133b152a3ca38a3c045be4de3 Author: Matt Caswell Date: Tue May 29 16:05:10 2018 +0100 Fix a memory leak in an error path Found by Coverity Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6373) commit 28c73b34dfe00e786fc9198d89e089655ec5ae01 Author: Matt Caswell Date: Tue May 29 16:01:30 2018 +0100 Free a variable Fix a memory leak in storeutl. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6373) commit fbccfedf9bb0840e6c2db54b66ac511b85a3f587 Author: Matt Caswell Date: Tue May 29 15:59:25 2018 +0100 Free a variable on an error path Issue found by Coverity. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6373) commit 6712ba9323cd9dc550ae3cc258cb61b5b23dcd83 Author: Matt Caswell Date: Tue May 29 15:58:47 2018 +0100 Only set TCP_NODELAY if the protocol is TCP This doesn't apply if we're doing DTLS, or using UNIX domain sockets. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6373) commit bceae201b45fdbc7898adada6aebe2a1b6145009 Author: Matt Caswell Date: Tue May 29 16:27:25 2018 +0100 EVP_MD_size() can return an error Fix some instances where we weren't checking the error return. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6373) commit 1b3c89cd1e579aa8b9229498699ce54fa7986fa7 Author: Matt Caswell Date: Tue May 29 14:55:45 2018 +0100 Remove some logically dead code Found by coverity. This is an artifact left over from the original decaf import which generated the source code for different curves. For curve 448 this is dead. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6373) commit 5be77b074c17a506f222a28f13a0b64bbef9da7a Author: Matt Caswell Date: Tue May 29 14:33:12 2018 +0100 Remove some logically dead code Issues found by Coverity Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6373) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 1 + apps/s_server.c | 1 + apps/s_socket.c | 2 +- apps/s_time.c | 7 +++++-- apps/storeutl.c | 1 + crypto/ec/curve448/eddsa.c | 4 ---- crypto/ec/ec_pmeth.c | 11 ++++------- ssl/statem/extensions.c | 11 ++++++++++- ssl/tls13_enc.c | 21 +++++++++++++++++++-- 9 files changed, 42 insertions(+), 17 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 9122d48..09f5340 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -201,6 +201,7 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md, cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); if (cipher == NULL) { BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); + OPENSSL_free(key); return 0; } diff --git a/apps/s_server.c b/apps/s_server.c index b0d38e4..df2bf02 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -212,6 +212,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); if (cipher == NULL) { BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); + OPENSSL_free(key); return 0; } diff --git a/apps/s_socket.c b/apps/s_socket.c index f4264cd..76f9289 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port, #endif if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), - type == SOCK_STREAM ? BIO_SOCK_NODELAY : 0)) { + protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { BIO_closesocket(*sock); *sock = INVALID_SOCKET; continue; diff --git a/apps/s_time.c b/apps/s_time.c index 5688f4f..82d40a5 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -389,11 +389,14 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) #if defined(SOL_SOCKET) && defined(SO_LINGER) { struct linger no_linger; + int fd; no_linger.l_onoff = 1; no_linger.l_linger = 0; - (void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER, - (char*)&no_linger, sizeof(no_linger)); + fd = SSL_get_fd(serverCon); + if (fd >= 0) + (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger, + sizeof(no_linger)); } #endif diff --git a/apps/storeutl.c b/apps/storeutl.c index 0f310d2..50007f6 100644 --- a/apps/storeutl.c +++ b/apps/storeutl.c @@ -308,6 +308,7 @@ int storeutl_main(int argc, char *argv[]) text, noout, recursive, 0, out, prog); end: + OPENSSL_free(fingerprint); OPENSSL_free(alias); ASN1_INTEGER_free(serial); X509_NAME_free(subject); diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index d318876..85565a8 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -253,7 +253,6 @@ c448_error_t c448_ed448_verify( curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); curve448_scalar_t challenge_scalar; curve448_scalar_t response_scalar; - unsigned int c; if (C448_SUCCESS != error) return error; @@ -291,9 +290,6 @@ c448_error_t c448_ed448_verify( &signature[EDDSA_448_PUBLIC_BYTES], EDDSA_448_PRIVATE_BYTES); - for (c = 1; c < C448_EDDSA_DECODE_RATIO; c <<= 1) - curve448_scalar_add(response_scalar, response_scalar, response_scalar); - /* pk_point = -c(x(P)) + (cx + k)G = kG */ curve448_base_double_scalarmul_non_secret(pk_point, response_scalar, diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 2fde4f7..b4105c2 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -219,10 +219,8 @@ static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx, if (dctx->md) md_type = EVP_MD_type(dctx->md); - else if (ec_nid == NID_sm2) - md_type = NID_sm3; else - md_type = NID_sha256; + md_type = NID_sm3; if (out == NULL) { *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type), @@ -259,13 +257,12 @@ static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx, if (dctx->md) md_type = EVP_MD_type(dctx->md); - else if (ec_nid == NID_sm2) - md_type = NID_sm3; else - md_type = NID_sha256; + md_type = NID_sm3; if (out == NULL) { - *outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen); + *outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type), + inlen); ret = 1; } else { diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 7f9fd5f..209b4df 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1427,10 +1427,19 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, const char external_label[] = "ext binder"; const char nonce_label[] = "resumption"; const char *label; - size_t bindersize, labelsize, psklen, hashsize = EVP_MD_size(md); + size_t bindersize, labelsize, psklen, hashsize; + int hashsizei = EVP_MD_size(md); int ret = -1; int usepskfored = 0; + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashsizei >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER, + ERR_R_INTERNAL_ERROR); + goto err; + } + hashsize = (size_t)hashsizei; + if (external && s->early_data_state == SSL_EARLY_DATA_CONNECTING && s->session->ext.max_early_data == 0 diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 1e6db92..3fc8e96 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -129,6 +129,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, unsigned char *outsecret) { size_t mdlen, prevsecretlen; + int mdleni; int ret; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); static const char derived_secret_label[] = "derived"; @@ -140,7 +141,14 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, return 0; } - mdlen = EVP_MD_size(md); + mdleni = EVP_MD_size(md); + /* Ensure cast to size_t is safe */ + if (!ossl_assert(mdleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, + ERR_R_INTERNAL_ERROR); + return 0; + } + mdlen = (size_t)mdleni; if (insecret == NULL) { insecret = default_zeros; @@ -316,7 +324,16 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, { unsigned char key[EVP_MAX_KEY_LENGTH]; size_t ivlen, keylen, taglen; - size_t hashlen = EVP_MD_size(md); + int hashleni = EVP_MD_size(md); + size_t hashlen; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, + ERR_R_EVP_LIB); + goto err; + } + hashlen = (size_t)hashleni; if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen, secret, hashlen)) { From levitte at openssl.org Thu May 31 10:00:31 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 31 May 2018 10:00:31 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1527760831.207916.24115.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 1ac3cd6277f880fac4df313702d5e3b3814e56e2 (commit) from af21f71e7c59474271f0c24d58f212fad4032e3a (commit) - Log ----------------------------------------------------------------- commit 1ac3cd6277f880fac4df313702d5e3b3814e56e2 Author: Richard Levitte Date: Thu May 31 11:12:34 2018 +0200 ENGINE_pkey_asn1_find_str(): don't assume an engine implements ASN1 method Just because an engine implements algorithm methods, that doesn't mean it also implements the ASN1 method. Therefore, be careful when looking for an ASN1 method among all engines, don't try to use one that doesn't exist. Fixes #6381 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6383) ----------------------------------------------------------------------- Summary of changes: crypto/engine/tb_asnmth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index a1a9b88..59e4ebf 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -215,7 +215,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) ENGINE *e = sk_ENGINE_value(sk, i); EVP_PKEY_ASN1_METHOD *ameth; e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (((int)strlen(ameth->pem_str) == lk->len) && + if (ameth != NULL && ((int)strlen(ameth->pem_str) == lk->len) && !strncasecmp(ameth->pem_str, lk->str, lk->len)) { lk->e = e; lk->ameth = ameth; From levitte at openssl.org Thu May 31 10:02:49 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 31 May 2018 10:02:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527760969.259000.25628.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 13b578ada3106a4ce9b836f167ee520539f5fa8f (commit) from 7e2e10aaec5461915a074aff42285916bd7da3cf (commit) - Log ----------------------------------------------------------------- commit 13b578ada3106a4ce9b836f167ee520539f5fa8f Author: Richard Levitte Date: Thu May 31 11:12:34 2018 +0200 ENGINE_pkey_asn1_find_str(): don't assume an engine implements ASN1 method Just because an engine implements algorithm methods, that doesn't mean it also implements the ASN1 method. Therefore, be careful when looking for an ASN1 method among all engines, don't try to use one that doesn't exist. Fixes #6381 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6383) (cherry picked from commit 1ac3cd6277f880fac4df313702d5e3b3814e56e2) ----------------------------------------------------------------------- Summary of changes: crypto/engine/tb_asnmth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index 480267d..980c127 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -170,7 +170,8 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) ENGINE *e = sk_ENGINE_value(sk, i); EVP_PKEY_ASN1_METHOD *ameth; e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (((int)strlen(ameth->pem_str) == lk->len) + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == lk->len) && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { lk->e = e; lk->ameth = ameth; From levitte at openssl.org Thu May 31 10:03:33 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 31 May 2018 10:03:33 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527761013.416853.26505.nullmailer@dev.openssl.org> The branch master has been updated via 5eb774324a14b03835020bb3ae2e1c6c92515db0 (commit) from 5f49783c12e9e6100075e50fe727ee2d5cc30445 (commit) - Log ----------------------------------------------------------------- commit 5eb774324a14b03835020bb3ae2e1c6c92515db0 Author: Richard Levitte Date: Thu May 31 11:12:34 2018 +0200 ENGINE_pkey_asn1_find_str(): don't assume an engine implements ASN1 method Just because an engine implements algorithm methods, that doesn't mean it also implements the ASN1 method. Therefore, be careful when looking for an ASN1 method among all engines, don't try to use one that doesn't exist. Fixes #6381 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6383) (cherry picked from commit 1ac3cd6277f880fac4df313702d5e3b3814e56e2) (cherry picked from commit 13b578ada3106a4ce9b836f167ee520539f5fa8f) ----------------------------------------------------------------------- Summary of changes: crypto/engine/tb_asnmth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index bc6e91c..ae99a37 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -171,7 +171,8 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) ENGINE *e = sk_ENGINE_value(sk, i); EVP_PKEY_ASN1_METHOD *ameth; e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (((int)strlen(ameth->pem_str) == lk->len) + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == lk->len) && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { lk->e = e; lk->ameth = ameth;