From shane.lontis at oracle.com Sun Sep 1 04:08:52 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Sun, 01 Sep 2019 04:08:52 +0000 Subject: [openssl] master update Message-ID: <1567310932.257348.1751.nullmailer@dev.openssl.org> The branch master has been updated via 2f9789f7e7e8f17da32e1cadbbc3c398f99f2d23 (commit) from 5ffc33244cd4d66e47dfa66ce89cb38d0f3074cc (commit) - Log ----------------------------------------------------------------- commit 2f9789f7e7e8f17da32e1cadbbc3c398f99f2d23 Author: Shane Lontis Date: Tue Aug 27 19:22:42 2019 +1000 Fix platform specific issues with provider ciphers s390_aes naming issues with ofb128 and cfb128 Solaris missing include for camellia. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9702) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/ciphermode_platform.h | 1 + providers/common/ciphers/cipher_aes_hw_s390x.inc | 23 +++++++++++++++-------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/crypto/include/internal/ciphermode_platform.h b/crypto/include/internal/ciphermode_platform.h index 5db2e23eb9..40d012a8d1 100644 --- a/crypto/include/internal/ciphermode_platform.h +++ b/crypto/include/internal/ciphermode_platform.h @@ -194,6 +194,7 @@ extern unsigned int OPENSSL_sparcv9cap_P[]; # ifndef OPENSSL_NO_CAMELLIA # define SPARC_CMLL_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA) +# include "openssl/camellia.h" void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks); void cmll_t4_encrypt(const unsigned char *in, unsigned char *out, diff --git a/providers/common/ciphers/cipher_aes_hw_s390x.inc b/providers/common/ciphers/cipher_aes_hw_s390x.inc index 1a8ee07c87..cefaa1c583 100644 --- a/providers/common/ciphers/cipher_aes_hw_s390x.inc +++ b/providers/common/ciphers/cipher_aes_hw_s390x.inc @@ -21,6 +21,13 @@ #define s390x_aes_cfb1_cipher_hw cipher_hw_generic_cfb1 #define s390x_aes_ctr_cipher_hw cipher_hw_generic_ctr +#define S390X_aes_128_ofb128_CAPABLE S390X_aes_128_ofb_CAPABLE +#define S390X_aes_192_ofb128_CAPABLE S390X_aes_192_ofb_CAPABLE +#define S390X_aes_256_ofb128_CAPABLE S390X_aes_256_ofb_CAPABLE +#define S390X_aes_128_cfb128_CAPABLE S390X_aes_128_cfb_CAPABLE +#define S390X_aes_192_cfb128_CAPABLE S390X_aes_192_cfb_CAPABLE +#define S390X_aes_256_cfb128_CAPABLE S390X_aes_256_cfb_CAPABLE + static int s390x_aes_ecb_initkey(PROV_CIPHER_CTX *dat, const unsigned char *key, size_t keylen) { @@ -43,8 +50,8 @@ static int s390x_aes_ecb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, return 1; } -static int s390x_aes_ofb_initkey(PROV_CIPHER_CTX *dat, - const unsigned char *key, size_t keylen) +static int s390x_aes_ofb128_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; @@ -55,8 +62,8 @@ static int s390x_aes_ofb_initkey(PROV_CIPHER_CTX *dat, return 1; } -static int s390x_aes_ofb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) +static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; int n = adat->plat.s390x.res; @@ -96,8 +103,8 @@ static int s390x_aes_ofb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, return 1; } -static int s390x_aes_cfb_initkey(PROV_CIPHER_CTX *dat, - const unsigned char *key, size_t keylen) +static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat, + const unsigned char *key, size_t keylen) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; @@ -112,8 +119,8 @@ static int s390x_aes_cfb_initkey(PROV_CIPHER_CTX *dat, return 1; } -static int s390x_aes_cfb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) +static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, + const unsigned char *in, size_t len) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; int n = adat->plat.s390x.res; From builds at travis-ci.org Sun Sep 1 04:29:11 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 01 Sep 2019 04:29:11 +0000 Subject: Still Failing: openssl/openssl#27783 (master - 2f9789f) In-Reply-To: Message-ID: <5d6b4916e671c_43fd44c47e83810284f@d4432673-d06d-40f8-b422-ace00f0a6591.mail> Build Update for openssl/openssl ------------------------------------- Build: #27783 Status: Still Failing Duration: 19 mins and 29 secs Commit: 2f9789f (master) Author: Shane Lontis Message: Fix platform specific issues with provider ciphers s390_aes naming issues with ofb128 and cfb128 Solaris missing include for camellia. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9702) View the changeset: https://github.com/openssl/openssl/compare/5ffc33244cd4...2f9789f7e7e8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/579333582?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Sep 1 06:59:18 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 01 Sep 2019 06:59:18 +0000 Subject: Build failed: openssl master.27211 Message-ID: <20190901065918.1.DC6CD769CF3AECB7@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Sep 1 07:44:40 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 01 Sep 2019 07:44:40 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5d6b76e7a4281_659b2ae0c3490f4c8777b@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEvyxzJHSwEoiXkZglM3WeHA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0PMCeKPRNoe4TLKMC3sWzwypTjJy3LiXOf6RBFf-2BrNcE2KLpceLl3-2BqFQSUIW-2Fu2NhcOeASyM0q1d84yWGAT01VvWEjBSQJGbT8MzA2mTyh6AzuC1L1H3DHSAcHLo2drmKLgoEQGhp5UIOSvchFrwlGXRVsms0pHqkoo9Brz4mAke2befF-2BMTsD3-2FqbOolsc8-3D Build ID: 270814 Analysis Summary: New defects found: 4 Defects eliminated: 8 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6zzUI-2FRfbrE6mNOeeukHUQw-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0PMCeKPRNoe4TLKMC3sWzwypTjJy3LiXOf6RBFf-2BrNcEXueRmh1JzyZldwKiinsaCOGcoNZ6ipXX2fzrSsHWLYKHGvkShQR14UYT07xSXp-2FwVIqSPUDhUYbrKsWgNRNqAiHx36RJMB-2Fr5p1fltgdxvyXV1usFAd08bodAWTkFBtn6ZL3MfpSRU1wP1-2Bpj0fGk-3D From scan-admin at coverity.com Sun Sep 1 07:49:46 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 01 Sep 2019 07:49:46 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5d6b781a154be_69612ae0c3490f4c8774c@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEOo3rtGjiQZqYPGgcjfkiXQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I10nMCYz-2BsjWjPicdAJVJtWLBl8a9tbl6oQrNuDTtHOVv2Pxaxln8o-2FmzkIYMLeeqsB0femeGP8AQtzc4KUUKipBEiGmWe-2BoocZusWHSGax0iXjKOLwCoyjMWLBRWSIQ4ksgxQMePabH0xq-2BXUw3BuLS2msQPg-2ByGTjRxPdxS0jJxuRhelemVjwFR1DSi60Nvw-3D Build ID: 270816 Analysis Summary: New defects found: 0 Defects eliminated: 0 From bernd.edlinger at hotmail.de Sun Sep 1 13:52:32 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 01 Sep 2019 13:52:32 +0000 Subject: [openssl] master update Message-ID: <1567345952.406570.29861.nullmailer@dev.openssl.org> The branch master has been updated via 24fd8541d47a46052b975db98b465faa7e4d898c (commit) from 2f9789f7e7e8f17da32e1cadbbc3c398f99f2d23 (commit) - Log ----------------------------------------------------------------- commit 24fd8541d47a46052b975db98b465faa7e4d898c Author: Bernd Edlinger Date: Sat Aug 24 11:28:19 2019 +0200 Remove extern declarations of OPENSSL_ia32cap_P Use the header file internal/cryptlib.h instead. Remove checks for OPENSSL_NO_ASM and I386_ONLY in cryptlib.c, to match the checks in other places where OPENSSL_ia32cap_P is used and assumed to be initialized. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9688) ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 2 +- crypto/engine/eng_rdrand.c | 3 +-- crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +- crypto/evp/e_aes_cbc_hmac_sha256.c | 2 +- crypto/evp/e_rc4_hmac_md5.c | 1 - crypto/include/internal/ciphermode_platform.h | 1 - crypto/modes/gcm128.c | 2 +- crypto/rand/rand_lib.c | 2 -- crypto/whrlpool/wp_block.c | 2 +- include/internal/cryptlib.h | 4 ++++ test/rdrand_sanitytest.c | 6 +----- 11 files changed, 11 insertions(+), 16 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 0048a3d210..7e89bbd6b5 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -18,7 +18,7 @@ extern unsigned int OPENSSL_ia32cap_P[4]; -# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) +# if defined(OPENSSL_CPUID_OBJ) /* * Purpose of these minimalistic and character-type-agnostic subroutines diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c index 2fcc0edff2..7dd3b9fdf6 100644 --- a/crypto/engine/eng_rdrand.c +++ b/crypto/engine/eng_rdrand.c @@ -12,6 +12,7 @@ #include #include #include "internal/engine.h" +#include "internal/cryptlib.h" #include #include #include @@ -79,8 +80,6 @@ static ENGINE *ENGINE_rdrand(void) void engine_load_rdrand_int(void) { - extern unsigned int OPENSSL_ia32cap_P[]; - if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) { ENGINE *toadd = ENGINE_rdrand(); if (!toadd) diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 8d557e512e..9e393f0b88 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -15,6 +15,7 @@ #include #include #include +#include "internal/cryptlib.h" #include "internal/modes_int.h" #include "internal/evp_int.h" #include "internal/constant_time_locl.h" @@ -35,7 +36,6 @@ typedef struct { defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) -extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 6efd3000b8..e434ec009f 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -15,6 +15,7 @@ #include #include #include +#include "internal/cryptlib.h" #include "internal/modes_int.h" #include "internal/constant_time_locl.h" #include "internal/evp_int.h" @@ -35,7 +36,6 @@ typedef struct { defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) -extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index d22abbb325..4d61faff61 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -71,7 +71,6 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * rc4_md5-x86_64.pl */ md5_off = MD5_CBLOCK - key->md.num, blocks; unsigned int l; - extern unsigned int OPENSSL_ia32cap_P[]; # endif size_t plen = key->payload_length; diff --git a/crypto/include/internal/ciphermode_platform.h b/crypto/include/internal/ciphermode_platform.h index 40d012a8d1..f357ea5c84 100644 --- a/crypto/include/internal/ciphermode_platform.h +++ b/crypto/include/internal/ciphermode_platform.h @@ -101,7 +101,6 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, defined(_M_AMD64) || defined(_M_X64) ) /* AES-NI section */ -extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) # ifdef VPAES_ASM diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 371bf7637d..f37653be67 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -9,6 +9,7 @@ #include #include +#include "internal/cryptlib.h" #include "internal/modes_int.h" #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) @@ -635,7 +636,6 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) # define GHASH_ASM_X86_OR_64 # define GCM_FUNCREF_4BIT -extern unsigned int OPENSSL_ia32cap_P[]; void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 8b44b5502d..c865ece978 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -69,8 +69,6 @@ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool) size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); -extern unsigned int OPENSSL_ia32cap_P[]; - /* * Acquire entropy using Intel-specific cpu instructions * diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index 574ac124d4..c2c0b72681 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -36,6 +36,7 @@ * */ +#include "internal/cryptlib.h" #include "wp_locl.h" #include @@ -75,7 +76,6 @@ typedef unsigned long long u64; # define OPENSSL_SMALL_FOOTPRINT # endif # define GO_FOR_MMX(ctx,inp,num) do { \ - extern unsigned long OPENSSL_ia32cap_P[]; \ void whirlpool_block_mmx(void *,const void *,size_t); \ if (!(OPENSSL_ia32cap_P[0] & (1<<23))) break; \ whirlpool_block_mmx(ctx->H.c,inp,num); return; \ diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index d54ca24ee1..d591f203d2 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -84,7 +84,11 @@ DEFINE_LHASH_OF(MEM); # define HEX_SIZE(type) (sizeof(type)*2) void OPENSSL_cpuid_setup(void); +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) extern unsigned int OPENSSL_ia32cap_P[]; +#endif void OPENSSL_showfatal(const char *fmta, ...); int do_ex_data_init(OPENSSL_CTX *ctx); void crypto_cleanup_all_ex_data_int(OPENSSL_CTX *ctx); diff --git a/test/rdrand_sanitytest.c b/test/rdrand_sanitytest.c index 851e14ccf7..dcc9d2800a 100644 --- a/test/rdrand_sanitytest.c +++ b/test/rdrand_sanitytest.c @@ -11,7 +11,7 @@ #include #include #include "testutil.h" -#include +#include "internal/cryptlib.h" #if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(__x86_64__) || \ @@ -20,10 +20,6 @@ size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len); -void OPENSSL_cpuid_setup(void); - -extern unsigned int OPENSSL_ia32cap_P[4]; - static int sanity_check_bytes(size_t (*rng)(unsigned char *, size_t), int rounds, int min_failures, int max_retries, int max_zero_words) { From builds at travis-ci.org Sun Sep 1 14:16:37 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 01 Sep 2019 14:16:37 +0000 Subject: Still Failing: openssl/openssl#27790 (master - 24fd854) In-Reply-To: Message-ID: <5d6bd2c55908a_43feb0ebb9f9819161e@e91a5a48-b1b8-4114-abb4-2e0d1dad6d81.mail> Build Update for openssl/openssl ------------------------------------- Build: #27790 Status: Still Failing Duration: 23 mins and 21 secs Commit: 24fd854 (master) Author: Bernd Edlinger Message: Remove extern declarations of OPENSSL_ia32cap_P Use the header file internal/cryptlib.h instead. Remove checks for OPENSSL_NO_ASM and I386_ONLY in cryptlib.c, to match the checks in other places where OPENSSL_ia32cap_P is used and assumed to be initialized. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/9688) View the changeset: https://github.com/openssl/openssl/compare/2f9789f7e7e8...24fd8541d47a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/579436138?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Sep 1 23:48:29 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 01 Sep 2019 23:48:29 +0000 Subject: Build failed: openssl master.27222 Message-ID: <20190901234829.1.EF5DAF72F3BEEDB4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Sep 2 00:16:19 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 02 Sep 2019 00:16:19 +0000 Subject: Build completed: openssl master.27223 Message-ID: <20190902001619.1.696C9BB876398B54@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Mon Sep 2 04:29:02 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 02 Sep 2019 04:29:02 +0000 Subject: [openssl] master update Message-ID: <1567398542.511521.29886.nullmailer@dev.openssl.org> The branch master has been updated via ba24076face82b45b0adf66a40e2771a319d6375 (commit) from 24fd8541d47a46052b975db98b465faa7e4d898c (commit) - Log ----------------------------------------------------------------- commit ba24076face82b45b0adf66a40e2771a319d6375 Author: Pauli Date: Mon Sep 2 14:09:37 2019 +1000 Fix function name typo in MAC documentation. A spurious CTX crept into one of the function names. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9750) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_MAC.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index afb54e3ef7..5fa498a471 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -147,7 +147,7 @@ defined by the implementation. EVP_MAC_gettable_params(), EVP_MAC_CTX_gettable_params() and EVP_MAC_CTX_settable_params() get a constant B array that decribes the retrievable and settable parameters, i.e. parameters that -can be used with EVP_MAC_CTX_get_params(), EVP_MAC_CTX_get_params() +can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params(), respectively. See L for the use of B as parameter descriptor. From builds at travis-ci.org Mon Sep 2 04:57:09 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 02 Sep 2019 04:57:09 +0000 Subject: Still Failing: openssl/openssl#27800 (master - ba24076) In-Reply-To: Message-ID: <5d6ca125264b5_43fb1406c34c4184535@ac16a6b6-6552-4172-9f8e-4f98896882b3.mail> Build Update for openssl/openssl ------------------------------------- Build: #27800 Status: Still Failing Duration: 25 mins and 17 secs Commit: ba24076 (master) Author: Pauli Message: Fix function name typo in MAC documentation. A spurious CTX crept into one of the function names. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9750) View the changeset: https://github.com/openssl/openssl/compare/24fd8541d47a...ba24076face8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/579625141?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Sep 2 05:22:06 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 02 Sep 2019 05:22:06 +0000 Subject: [openssl] master update Message-ID: <1567401726.298713.30094.nullmailer@dev.openssl.org> The branch master has been updated via e592dbde6ff177a43cf66a95c59d101afb74cf5d (commit) from ba24076face82b45b0adf66a40e2771a319d6375 (commit) - Log ----------------------------------------------------------------- commit e592dbde6ff177a43cf66a95c59d101afb74cf5d Author: Richard Levitte Date: Wed Aug 28 09:13:21 2019 +0200 Rework the documentation of our individual MAC implementations We now describe parameters instead of controls. Also, since macros like EVP_MAC_CMAC do not exist any more, we rename the pod files from EVP_MAC_{algo}.pod to EVP_MAC-{algo}.pod. This allows getting the documentation like this: man EVP_MAC CMAC [skip ci] Fixes #9709 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9713) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_MAC.pod | 29 +++++++---- doc/man7/EVP_MAC-BLAKE2.pod | 79 +++++++++++++++++++++++++++++ doc/man7/EVP_MAC-CMAC.pod | 66 ++++++++++++++++++++++++ doc/man7/EVP_MAC-GMAC.pod | 68 +++++++++++++++++++++++++ doc/man7/EVP_MAC-HMAC.pod | 70 ++++++++++++++++++++++++++ doc/man7/EVP_MAC-KMAC.pod | 64 ++++++++++++++++++++++++ doc/man7/EVP_MAC-Poly1305.pod | 60 ++++++++++++++++++++++ doc/man7/EVP_MAC-Siphash.pod | 54 ++++++++++++++++++++ doc/man7/EVP_MAC_BLAKE2.pod | 114 ------------------------------------------ doc/man7/EVP_MAC_CMAC.pod | 65 ------------------------ doc/man7/EVP_MAC_GMAC.pod | 83 ------------------------------ doc/man7/EVP_MAC_HMAC.pod | 71 -------------------------- doc/man7/EVP_MAC_KMAC.pod | 94 ---------------------------------- doc/man7/EVP_MAC_POLY1305.pod | 55 -------------------- doc/man7/EVP_MAC_SIPHASH.pod | 61 ---------------------- 15 files changed, 479 insertions(+), 554 deletions(-) create mode 100644 doc/man7/EVP_MAC-BLAKE2.pod create mode 100644 doc/man7/EVP_MAC-CMAC.pod create mode 100644 doc/man7/EVP_MAC-GMAC.pod create mode 100644 doc/man7/EVP_MAC-HMAC.pod create mode 100644 doc/man7/EVP_MAC-KMAC.pod create mode 100644 doc/man7/EVP_MAC-Poly1305.pod create mode 100644 doc/man7/EVP_MAC-Siphash.pod delete mode 100644 doc/man7/EVP_MAC_BLAKE2.pod delete mode 100644 doc/man7/EVP_MAC_CMAC.pod delete mode 100644 doc/man7/EVP_MAC_GMAC.pod delete mode 100644 doc/man7/EVP_MAC_HMAC.pod delete mode 100644 doc/man7/EVP_MAC_KMAC.pod delete mode 100644 doc/man7/EVP_MAC_POLY1305.pod delete mode 100644 doc/man7/EVP_MAC_SIPHASH.pod diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 5fa498a471..6daa82d753 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -167,49 +167,56 @@ and the given I as argument. =head1 PARAMETER NAMES +Parameters are identified by name as strings, and have an expected +data type and maximum size. +OpenSSL has a set of macros for parameter names it expects to see in +its own MAC implementations. +Here, we show all three, the OpenSSL macro for the parameter name, the +name in string form, and a type description. + The standard parameter names are: =over 4 -=item OSSL_MAC_PARAM_KEY ("key") +=item B ("key") Its value is the MAC key as an array of bytes. For MACs that use an underlying computation algorithm, the algorithm must be set first, see parameter names "algorithm" below. -=item OSSL_MAC_PARAM_IV ("iv") +=item B ("iv") Some MAC implementations require an IV, this parameter sets the IV. -=item OSSL_MAC_PARAM_CUSTOM ("custom") +=item B ("custom") Some MAC implementations (KMAC, BLAKE2) accept a Customization String, this parameter sets the Customization String. The default value is the empty string. -=item OSSL_MAC_PARAM_SALT ("salt") +=item B ("salt") This option is used by BLAKE2 MAC. -=item OSSL_MAC_PARAM_XOF ("xof") +=item B ("xof") It's a simple flag, the value 0 or 1 are expected. This option is used by KMAC. -=item OSSL_MAC_PARAM_FLAGS ("flags") +=item B ("flags") These will set the MAC flags to the given numbers. Some MACs do not support this option. -=item OSSL_MAC_PARAM_ENGINE ("engine") +=item B ("engine") -=item OSSL_MAC_PARAM_PROPERTIES ("properties") +=item B ("properties") -=item OSSL_MAC_PARAM_DIGEST ("digest") +=item B ("digest") -=item OSSL_MAC_PARAM_CIPHER ("cipher") +=item B ("cipher") For MAC implementations that use an underlying computation cipher or digest, these parameters set what the algorithm should be, and the @@ -223,7 +230,7 @@ Note that not all algorithms may support all digests. HMAC does not support variable output length digests such as SHAKE128 or SHAKE256. -=item OSSL_MAC_PARAM_SIZE +=item B ("size") For MAC implementations that support it, set the output size that EVP_MAC_final() should produce. diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod new file mode 100644 index 0000000000..6ceb65d9e9 --- /dev/null +++ b/doc/man7/EVP_MAC-BLAKE2.pod @@ -0,0 +1,79 @@ +=pod + +=head1 NAME + +EVP_MAC-BLAKE2, EVP_MAC-BLAKE2BMAC, EVP_MAC-BLAKE2SMAC +- The BLAKE2 EVP_MAC implementations + +=head1 DESCRIPTION + +Support for computing BLAKE2 MACs through the B API. + +=head2 Identity + +These implementations are identified with one of these names and +properties, to be used with EVP_MAC_fetch(): + +=over 4 + +=item "BLAKE2BMAC", "default=yes" + +=item "BLAKE2SMAC", "default=yes" + +=back + +=head2 Supported parameters + +The general description of these parameters can be found in +L. + +All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). + +=over 4 + +=item B ("key") + +This may be at most 64 bytes for BLAKE2BMAC or 32 for BLAKE2SMAC and +at least 1 byte in both cases. + +=item B ("custom") + +This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC. +It is empty by default. + +=item B ("salt") + +This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for +BLAKE2SMAC. +It is empty by default. + +=item B ("size") + +When set, this can be any number between between 1 and 32 for +EVP_MAC_BLAKE2S or 64 for EVP_MAC_BLAKE2B. +It is 32 and 64 respectively by default. + +=back + +=head1 SEE ALSO + +L, L, +L, L + +=head1 HISTORY + +The macros and functions described here were added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod new file mode 100644 index 0000000000..e7675e2f7a --- /dev/null +++ b/doc/man7/EVP_MAC-CMAC.pod @@ -0,0 +1,66 @@ +=pod + +=head1 NAME + +EVP_MAC-CMAC - The CMAC EVP_MAC implementation + +=head1 DESCRIPTION + +Support for computing CMAC MACs through the B API. + +=head2 Identity + +This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch(): + +=over 4 + +=item "CMAC", "default=yes" + +=back + +=head2 Supported parameters + +The general description of these parameters can be found in +L. + +The following parameter can be set with EVP_MAC_CTX_set_params(): + +=over 4 + +=item B ("key") + +=item B ("engine") + +=item B ("cipher") + +=item B ("properties") + +=back + +The following parameters can be retrieved with +EVP_MAC_CTX_get_params(): + +=over 4 + +=item B ("size") + +=back + +The "size" parameter can also be retrieved with with EVP_MAC_size(). + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod new file mode 100644 index 0000000000..fcd9c9625a --- /dev/null +++ b/doc/man7/EVP_MAC-GMAC.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +EVP_MAC-GMAC - The GMAC EVP_MAC implementation + +=head1 DESCRIPTION + +Support for computing GMAC MACs through the B API. + +=head2 Identity + +This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch(): + +=over 4 + +=item "GMAC", "default=yes" + +=back + +=head2 Supported parameters + +The general description of these parameters can be found in +L. + +The following parameter can be set with EVP_MAC_CTX_set_params(): + +=over 4 + +=item B ("key") + +=item B ("iv") + +=item B ("engine") + +=item B ("cipher") + +=item B ("properties") + +=back + +The following parameters can be retrieved with +EVP_MAC_CTX_get_params(): + +=over 4 + +=item B ("size") + +=back + +The "size" parameter can also be retrieved with EVP_MAC_size(). + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod new file mode 100644 index 0000000000..0fb92d329e --- /dev/null +++ b/doc/man7/EVP_MAC-HMAC.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +EVP_MAC-HMAC - The HMAC EVP_MAC implementation + +=head1 DESCRIPTION + +Support for computing HMAC MACs through the B API. + +=head2 Identity + +This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch(): + +=over 4 + +=item "HMAC", "default=yes" + +=back + +=head2 Supported parameters + +The general description of these parameters can be found in +L. + +The following parameter can be set with EVP_MAC_CTX_set_params(): + +=over 4 + +=item B ("key") + +=item B ("flags") + +=item B ("engine") + +=item B ("digest") + +=item B ("properties") + +=back + +The "flags" parameter is passed directly to HMAC_CTX_set_flags(). + +The following parameters can be retrieved with +EVP_MAC_CTX_get_params(): + +=over 4 + +=item B ("size") + +=back + +The "size" parameter can also be retrieved with EVP_MAC_size(). + +=head1 SEE ALSO + +L, L, +L, L, L + +=head1 COPYRIGHT + +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod new file mode 100644 index 0000000000..71a3bf21c2 --- /dev/null +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + +EVP_MAC-KMAC, EVP_MAC-KMAC256, EVP_MAC-KMAC256 +- The KMAC EVP_MAC implementations + +=head1 DESCRIPTION + +Support for computing KMAC MACs through the B API. + +=head2 Identity + +These implementations are identified with one of these names and +properties, to be used with EVP_MAC_fetch(): + +=over 4 + +=item "KMAC128", "default=yes" + +=item "KMAC256", "default=yes" + +=back + +=head2 Supported parameters + +The general description of these parameters can be found in +L. + +All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). + +=over 4 + +=item B ("key") + +=item B ("custom") + +=item B ("size") + +=item B + +=back + +The "xof" parameter value is exptect to be 1 or 0. Use 1 to enable XOF +mode. If XOF is enabled then the output len that is encoded as part of +the input stream is set to zero. + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod new file mode 100644 index 0000000000..02cbe0e4b4 --- /dev/null +++ b/doc/man7/EVP_MAC-Poly1305.pod @@ -0,0 +1,60 @@ +=pod + +=head1 NAME + +EVP_MAC-Poly1305 - The Poly1305 EVP_MAC implementation + +=head1 DESCRIPTION + +Support for computing Poly1305 MACs through the B API. + +=head2 Identity + +This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch(): + +=over 4 + +=item "Poly1305", "default=yes" + +=back + +=head2 Supported parameters + +The general description of these parameters can be found in +L. + +The following parameter can be set with EVP_MAC_CTX_set_params(): + +=over 4 + +=item B ("key") + +=back + +The following parameters can be retrieved with +EVP_MAC_CTX_get_params(): + +=over 4 + +=item B ("size") + +=back + +The "size" parameter can also be retrieved with with EVP_MAC_size(). + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod new file mode 100644 index 0000000000..25e0a8fa38 --- /dev/null +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -0,0 +1,54 @@ +=pod + +=head1 NAME + +EVP_MAC-Siphash - The SipHash EVP_MAC implementation + +=head1 DESCRIPTION + +Support for computing SipHash MACs through the B API. + +=head2 Identity + +This implementation is identified with this name and properties, to be +used with EVP_MAC_fetch(): + +=over 4 + +=item "Siphash", "default=yes" + +=back + + +=head2 Supported parameters + +The general description of these parameters can be found in +L. + +All these parameters can be set with EVP_MAC_CTX_set_params(). +Furthermore, the "size" parameter can be retrieved with +EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). + +=over 4 + +=item B ("key") + +=item B ("size") + +=back + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_MAC_BLAKE2.pod b/doc/man7/EVP_MAC_BLAKE2.pod deleted file mode 100644 index 2fc8051475..0000000000 --- a/doc/man7/EVP_MAC_BLAKE2.pod +++ /dev/null @@ -1,114 +0,0 @@ -=pod - -=head1 NAME - -EVP_MAC_BLAKE2 - The BLAKE2 EVP_MAC implementation - -=head1 DESCRIPTION - -Support for computing BLAKE2 MACs through the B API. - -=head2 Numeric identity - -B and B are the numeric identities for this -implementation, and can be used in functions like EVP_MAC_CTX_new_id() and -EVP_get_macbynid(). - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -This is a string value of at most 64 bytes for EVP_MAC_BLAKE2B -or 32 for EVP_MAC_BLAKE2S and at least 1 byte in both cases. -This must be set before calling EVP_MAC_init(). - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "key" - -The value string is used as is. - -=item "hexkey" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -This is an optional string value of at most 16 bytes for EVP_MAC_BLAKE2B -or 8 for EVP_MAC_BLAKE2S, set to all-NULL by default. -If used this must be set before calling EVP_MAC_init(). - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "custom" - -The value string is used as is. - -=item "hexcustom" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -This is an optional string value of at most 16 bytes for EVP_MAC_BLAKE2B -or 8 for EVP_MAC_BLAKE2S, set to all-NULL by default. -If used this must be set before calling EVP_MAC_init(). - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "salt" - -The value string is used as is. - -=item "hexsalt" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -EVP_MAC_ctrl_str() type string: "outlen" - -This is an optional value string containing a decimal number between 1 and -32 for EVP_MAC_BLAKE2S or 64 for EVP_MAC_BLAKE2B. -If it is not set it uses the default digest size of 32 and 64 respectively. -If used this must be set before calling EVP_MAC_init(). - -=back - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -The macros and functions described here were added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_MAC_CMAC.pod b/doc/man7/EVP_MAC_CMAC.pod deleted file mode 100644 index cda3f3f515..0000000000 --- a/doc/man7/EVP_MAC_CMAC.pod +++ /dev/null @@ -1,65 +0,0 @@ -=pod - -=head1 NAME - -EVP_MAC_CMAC - The CMAC EVP_MAC implementation - -=head1 DESCRIPTION - -Support for computing CMAC MACs through the B API. - -=head2 Numeric identity - -B is the numeric identity for this implementation, and -can be used in functions like EVP_MAC_CTX_new_id() and -EVP_get_macbynid(). - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "key" - -The value string is used as is. - -=item "hexkey" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -=item B - -These work as described in L. - -EVP_MAC_ctrl_str() type string for B: "cipher" - -The value is expected to be the name of a cipher. - -=back - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_MAC_GMAC.pod b/doc/man7/EVP_MAC_GMAC.pod deleted file mode 100644 index 6e4ba1a740..0000000000 --- a/doc/man7/EVP_MAC_GMAC.pod +++ /dev/null @@ -1,83 +0,0 @@ -=pod - -=head1 NAME - -EVP_MAC_GMAC - The GMAC EVP_MAC implementation - -=head1 DESCRIPTION - -Support for computing GMAC MACs through the B API. - -=head2 Numeric identity - -B is the numeric identity for this implementation, and -can be used in functions like EVP_MAC_CTX_new_id() and -EVP_get_macbynid(). - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "key" - -The value string is used as is. - -=item "hexkey" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "iv" - -The value string is used as is. - -=item "hexiv" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -=item B - -These work as described in L with the restriction that the -cipher must be an AEAD one. - -EVP_MAC_ctrl_str() type string for B: "cipher" - -The value is expected to be the name of a cipher. - -=back - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_MAC_HMAC.pod b/doc/man7/EVP_MAC_HMAC.pod deleted file mode 100644 index c8aa04756d..0000000000 --- a/doc/man7/EVP_MAC_HMAC.pod +++ /dev/null @@ -1,71 +0,0 @@ -=pod - -=head1 NAME - -EVP_MAC_HMAC - The HMAC EVP_MAC implementation - -=head1 DESCRIPTION - -Support for computing HMAC MACs through the B API. - -=head2 Numeric identity - -B is the numeric identity for this implementation, and -can be used in functions like EVP_MAC_CTX_new_id() and -EVP_get_macbynid(). - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "key" - -The value string is used as is. - -=item "hexkey" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -Sets HMAC flags. This is passed directly to HMAC_CTX_set_flags(). - -There are no corresponding string control types. - -=item B - -=item B - -These work as described in L. - -EVP_MAC_ctrl_str() type string for B: "digest" - -The value is expected to be the name of a cipher. - -=back - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_MAC_KMAC.pod b/doc/man7/EVP_MAC_KMAC.pod deleted file mode 100644 index 4ccaabe6cb..0000000000 --- a/doc/man7/EVP_MAC_KMAC.pod +++ /dev/null @@ -1,94 +0,0 @@ -=pod - -=head1 NAME - -EVP_MAC_KMAC - The KMAC EVP_MAC implementation - -=head1 DESCRIPTION - -Support for computing KMAC MACs through the B API. - -=head2 Numeric identity - -B and B are the numeric identities for this -implementation, and can be used in functions like EVP_MAC_CTX_new_id() and -EVP_get_macbynid(). - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -This must be set before calling EVP_MAC_init(). - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "key" - -The value string is used as is. - -=item "hexkey" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -This is an optional string value that can be set before calling EVP_MAC_init(). -If it is not set it uses the default value "". - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "custom" - -The value string is used as is. - -=item "hexcustom" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=item B - -EVP_MAC_ctrl_str() type string: "outlen" - -This is an optional value string containing a decimal number. If it is not set -it uses the default value of 32 for EVP_MAC_KMAC128 and 64 for EVP_MAC_KMAC256. -This can be called any time before EVP_MAC_final(). - -=item B - -EVP_MAC_ctrl_str() type string: "xof" - -The value string is expected to be an integer value of 1 or 0. Use 1 to enable -XOF mode. If XOF is enabled then the output len that is encoded as part of the -input stream is set to zero. -This can be called any time before EVP_MAC_final(). - -=back - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_MAC_POLY1305.pod b/doc/man7/EVP_MAC_POLY1305.pod deleted file mode 100644 index 89234b74a4..0000000000 --- a/doc/man7/EVP_MAC_POLY1305.pod +++ /dev/null @@ -1,55 +0,0 @@ -=pod - -=head1 NAME - -EVP_MAC_POLY1305 - The Poly1305 EVP_MAC implementation - -=head1 DESCRIPTION - -Support for computing Poly1305 MACs through the B API. - -=head2 Numeric identity - -B is the numeric identity for this implementation, -and can be used in functions like EVP_MAC_CTX_new_id() and -EVP_get_macbynid(). - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "key" - -The value string is used as is. - -=item "hexkey" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=back - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_MAC_SIPHASH.pod b/doc/man7/EVP_MAC_SIPHASH.pod deleted file mode 100644 index eeb0cfd148..0000000000 --- a/doc/man7/EVP_MAC_SIPHASH.pod +++ /dev/null @@ -1,61 +0,0 @@ -=pod - -=head1 NAME - -EVP_MAC_SIPHASH - The SipHash EVP_MAC implementation - -=head1 DESCRIPTION - -Support for computing SipHash MACs through the B API. - -=head2 Numeric identity - -B is the numeric identity for this implementation, -and can be used in functions like EVP_MAC_CTX_new_id() and -EVP_get_macbynid(). - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -EVP_MAC_ctrl_str() type string: "digestsize" - -The value string is expected to contain a decimal number. - -=item B - -EVP_MAC_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "key" - -The value string is used as is. - -=item "hexkey" - -The value string is expected to be a hexadecimal number, which will be -decoded before passing on as control value. - -=back - -=back - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut From openssl at openssl.org Mon Sep 2 08:49:26 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 02 Sep 2019 08:49:26 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1567414166.265756.8352.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 24fd8541d4 Remove extern declarations of OPENSSL_ia32cap_P 2f9789f7e7 Fix platform specific issues with provider ciphers 5ffc33244c Fix pkeyutl -verifyrecover 280cc01808 Don't include the DEVRANDOM being seeded logic on Android. From levitte at openssl.org Mon Sep 2 09:02:16 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 02 Sep 2019 09:02:16 +0000 Subject: [openssl] master update Message-ID: <1567414936.576230.18709.nullmailer@dev.openssl.org> The branch master has been updated via 586dd674f57e0df08b76388f2680dc1b2c8c81f5 (commit) from e592dbde6ff177a43cf66a95c59d101afb74cf5d (commit) - Log ----------------------------------------------------------------- commit 586dd674f57e0df08b76388f2680dc1b2c8c81f5 Author: Richard Levitte Date: Sun Sep 1 10:58:19 2019 +0200 Diverse ERR fixes 1. There are still references to the removed ERR_put_func_error(). 2. ERR_put_error() is deprecated as off version 3.0, so should ERR_PUT_error(). 3. 'no-err' didn't affect what was passed to ERR_set_debug(). Fixes #9522 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9747) ----------------------------------------------------------------------- Summary of changes: include/openssl/err.h | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/include/openssl/err.h b/include/openssl/err.h index e5a1a0dc1e..88c8f1c83d 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -25,12 +25,12 @@ extern "C" { #endif -# ifndef OPENSSL_NO_ERR -# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,fn,ln) -# define ERR_PUT_func_error(l,f,r,fn,ln) ERR_put_func_error(l,f,r,fn,ln) -# else -# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,NULL,0) -# define ERR_PUT_func_error(l,f,r,fn,ln) ERR_put_func_error(l,f,r,NULL,0) +# if !OPENSSL_API_3 +# ifndef OPENSSL_NO_ERR +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,fn,ln) +# else +# define ERR_PUT_error(l,f,r,fn,ln) ERR_put_error(l,f,r,NULL,0) +# endif # endif # include @@ -244,20 +244,30 @@ void ERR_set_debug(const char *file, int line, const char *func); void ERR_set_error(int lib, int reason, const char *fmt, ...); void ERR_vset_error(int lib, int reason, const char *fmt, va_list args); +# ifndef OPENSSL_NO_ERR +# define ERR_DBG_FILE OPENSSL_FILE +# define ERR_DBG_LINE OPENSSL_LINE +# define ERR_DBG_FUNC OPENSSL_FUNC +# else +# define ERR_DBG_FILE NULL +# define ERR_DBG_LINE 0 +# define ERR_DBG_FUNC NULL +# endif + /* Main error raising functions */ -#define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL) -#define ERR_raise_data \ +# define ERR_raise(lib, reason) ERR_raise_data((lib),(reason),NULL) +# define ERR_raise_data \ (ERR_new(), \ - ERR_set_debug(OPENSSL_FILE,OPENSSL_LINE,OPENSSL_FUNC), \ + ERR_set_debug(ERR_DBG_FILE,ERR_DBG_LINE,ERR_DBG_FUNC), \ ERR_set_error) -#if !OPENSSL_API_3 +# if !OPENSSL_API_3 /* Backward compatibility */ -#define ERR_put_error(lib, func, reason, file, line) \ +# define ERR_put_error(lib, func, reason, file, line) \ (ERR_new(), \ ERR_set_debug((file), (line), NULL), \ ERR_set_error((lib), (reason), NULL)) -#endif +# endif void ERR_set_error_data(char *data, int flags); From builds at travis-ci.org Mon Sep 2 09:26:50 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 02 Sep 2019 09:26:50 +0000 Subject: Still Failing: openssl/openssl#27805 (master - 586dd67) In-Reply-To: Message-ID: <5d6ce059ddf9b_43f8e4cb2883c133039@16577cfb-327d-4fae-9421-6e7ff984f8ad.mail> Build Update for openssl/openssl ------------------------------------- Build: #27805 Status: Still Failing Duration: 23 mins and 55 secs Commit: 586dd67 (master) Author: Richard Levitte Message: Diverse ERR fixes 1. There are still references to the removed ERR_put_func_error(). 2. ERR_put_error() is deprecated as off version 3.0, so should ERR_PUT_error(). 3. 'no-err' didn't affect what was passed to ERR_set_debug(). Fixes #9522 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9747) View the changeset: https://github.com/openssl/openssl/compare/e592dbde6ff1...586dd674f57e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/579704489?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Mon Sep 2 18:49:05 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 02 Sep 2019 18:49:05 +0000 Subject: [openssl] master update Message-ID: <1567450145.138315.22772.nullmailer@dev.openssl.org> The branch master has been updated via 363e941ed43c648adf4d6d0874077ddd80041e1f (commit) from 586dd674f57e0df08b76388f2680dc1b2c8c81f5 (commit) - Log ----------------------------------------------------------------- commit 363e941ed43c648adf4d6d0874077ddd80041e1f Author: Bernd Edlinger Date: Thu Aug 22 14:28:23 2019 +0200 Add CPU info to the speed command summary Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9669) ----------------------------------------------------------------------- Summary of changes: apps/info.c | 7 +++++- apps/speed.c | 1 + apps/version.c | 28 +++++++++++------------- crypto/cversion.c | 7 ++++++ crypto/info.c | 52 ++++++++++++++++++++++++++++++++++++++++++-- doc/man1/openssl-info.pod | 5 +++++ doc/man1/openssl-version.pod | 15 +++++++++++++ doc/man3/OpenSSL_version.pod | 24 +++++++++++++++++++- include/openssl/crypto.h | 2 ++ 9 files changed, 122 insertions(+), 19 deletions(-) diff --git a/apps/info.c b/apps/info.c index d67ed87df3..4656141184 100644 --- a/apps/info.c +++ b/apps/info.c @@ -14,7 +14,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP, - OPT_LISTSEP, OPT_SEEDS + OPT_LISTSEP, OPT_SEEDS, OPT_CPUSETTINGS } OPTION_CHOICE; const OPTIONS info_options[] = { @@ -31,6 +31,7 @@ const OPTIONS info_options[] = { {"dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator"}, {"listsep", OPT_LISTSEP, '-', "List separator character"}, {"seeds", OPT_SEEDS, '-', "Seed sources"}, + {"cpusettings", OPT_CPUSETTINGS, '-', "CPU settings info"}, {NULL} }; @@ -79,6 +80,10 @@ opthelp: type = OPENSSL_INFO_SEED_SOURCE; dirty++; break; + case OPT_CPUSETTINGS: + type = OPENSSL_INFO_CPU_SETTINGS; + dirty++; + break; } } if (opt_num_rest() != 0) { diff --git a/apps/speed.c b/apps/speed.c index d71b823f2a..59594f0e49 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -3363,6 +3363,7 @@ int speed_main(int argc, char **argv) printf("%s ", BF_options()); #endif printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS)); + printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO)); } if (pr_header) { diff --git a/apps/version.c b/apps/version.c index caa3e76ffe..7350ccf78f 100644 --- a/apps/version.c +++ b/apps/version.c @@ -33,7 +33,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R + OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C } OPTION_CHOICE; const OPTIONS version_options[] = { @@ -48,24 +48,15 @@ const OPTIONS version_options[] = { {"p", OPT_P, '-', "Show target build platform"}, {"r", OPT_R, '-', "Show random seeding options"}, {"v", OPT_V, '-', "Show library version"}, + {"c", OPT_C, '-', "Show CPU settings info"}, {NULL} }; -#if defined(OPENSSL_RAND_SEED_DEVRANDOM) || defined(OPENSSL_RAND_SEED_EGD) -static void printlist(const char *prefix, const char **dev) -{ - printf("%s (", prefix); - for ( ; *dev != NULL; dev++) - printf(" \"%s\"", *dev); - printf(" )"); -} -#endif - int version_main(int argc, char **argv) { int ret = 1, dirty = 0, seed = 0; int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; - int engdir = 0, moddir = 0; + int engdir = 0, moddir = 0, cpuinfo = 0; char *prog; OPTION_CHOICE o; @@ -108,9 +99,12 @@ opthelp: case OPT_V: dirty = version = 1; break; + case OPT_C: + dirty = cpuinfo = 1; + break; case OPT_A: seed = options = cflags = version = date = platform - = dir = engdir = moddir + = dir = engdir = moddir = cpuinfo = 1; break; } @@ -157,8 +151,12 @@ opthelp: printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR)); if (moddir) printf("%s\n", OpenSSL_version(OPENSSL_MODULES_DIR)); - if (seed) - printf("Seeding source: %s\n", OPENSSL_info(OPENSSL_INFO_SEED_SOURCE)); + if (seed) { + const char *src = OPENSSL_info(OPENSSL_INFO_SEED_SOURCE); + printf("Seeding source: %s\n", src ? src : "N/A"); + } + if (cpuinfo) + printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO)); ret = 0; end: return ret; diff --git a/crypto/cversion.c b/crypto/cversion.c index aef84e9c60..2a0dcf9445 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -43,6 +43,8 @@ const char *OPENSSL_version_build_metadata(void) return OPENSSL_VERSION_BUILD_METADATA_STR; } +extern char ossl_cpu_info_str[]; + const char *OpenSSL_version(int t) { switch (t) { @@ -76,6 +78,11 @@ const char *OpenSSL_version(int t) #else return "MODULESDIR: N/A"; #endif + case OPENSSL_CPU_INFO: + if (OPENSSL_info(OPENSSL_INFO_CPU_SETTINGS) != NULL) + return ossl_cpu_info_str; + else + return "CPUINFO: N/A"; } return "not available"; } diff --git a/crypto/info.c b/crypto/info.c index c5eb1fcba9..355827c451 100644 --- a/crypto/info.c +++ b/crypto/info.c @@ -7,18 +7,57 @@ * https://www.openssl.org/source/license.html */ -#include #include #include "internal/dso_conf.h" +#include "internal/thread_once.h" +#include "internal/cryptlib.h" #include "e_os.h" #include "buildinf.h" -#include "internal/thread_once.h" + +#if defined(__arm__) || defined(__arm) || defined(__aarch64__) +# include "arm_arch.h" +#endif + +/* extern declaration to avoid warning */ +extern char ossl_cpu_info_str[]; static char *seed_sources = NULL; + +char ossl_cpu_info_str[128] = ""; +#define CPUINFO_PREFIX "CPUINFO: " + static CRYPTO_ONCE init_info = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(init_info_strings) { +#if defined(OPENSSL_CPUID_OBJ) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) + const char *env; + + BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), + CPUINFO_PREFIX "OPENSSL_ia32cap=0x%llx:0x%llx", + (long long)OPENSSL_ia32cap_P[0] | + (long long)OPENSSL_ia32cap_P[1] << 32, + (long long)OPENSSL_ia32cap_P[2] | + (long long)OPENSSL_ia32cap_P[3] << 32); + if ((env = getenv("OPENSSL_ia32cap")) != NULL) + BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); +# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) + const char *env; + + BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), + CPUINFO_PREFIX "OPENSSL_armcap=0x%x", OPENSSL_armcap_P); + if ((env = getenv("OPENSSL_armcap")) != NULL) + BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); +# endif +#endif + { static char seeds[512] = ""; @@ -107,6 +146,15 @@ const char *OPENSSL_info(int t) } case OPENSSL_INFO_SEED_SOURCE: return seed_sources; + case OPENSSL_INFO_CPU_SETTINGS: + /* + * If successfully initialized, ossl_cpu_info_str will start + * with CPUINFO_PREFIX, if failed it will be an empty string. + * Strip away the CPUINFO_PREFIX which we don't need here. + */ + if (ossl_cpu_info_str[0] != '\0') + return ossl_cpu_info_str + strlen(CPUINFO_PREFIX); + break; default: break; } diff --git a/doc/man1/openssl-info.pod b/doc/man1/openssl-info.pod index 2b9383fc9d..637b60b267 100644 --- a/doc/man1/openssl-info.pod +++ b/doc/man1/openssl-info.pod @@ -15,6 +15,7 @@ B [B<-dirfilesep>] [B<-listsep]> [B<-seeds]> +[B<-cpusettings]> =head1 DESCRIPTION @@ -67,6 +68,10 @@ style lists. Outputs the randomness seed sources. +=item B<-cpusettings> + +Outputs the OpenSSL CPU settings info. + =back =head1 HISTORY diff --git a/doc/man1/openssl-version.pod b/doc/man1/openssl-version.pod index b2a235e0b7..278769423e 100644 --- a/doc/man1/openssl-version.pod +++ b/doc/man1/openssl-version.pod @@ -16,6 +16,9 @@ B [B<-p>] [B<-d>] [B<-e>] +[B<-m>] +[B<-r>] +[B<-c>] =head1 DESCRIPTION @@ -61,6 +64,18 @@ OPENSSLDIR setting. ENGINESDIR settings. +=item B<-m> + +MODULESDIR settings. + +=item B<-r> + +The random number generator source settings. + +=item B<-c> + +The OpenSSL CPU settings info. + =back =head1 NOTES diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index 9b8ecd2d2c..66abd3e4b7 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -125,6 +125,20 @@ if available or "OPENSSLDIR: N/A" otherwise. The "ENGINESDIR" setting of the library build in the form "ENGINESDIR: "..."" if available or "ENGINESDIR: N/A" otherwise. +=item OPENSSL_MODULES_DIR + +The "MODULESDIR" setting of the library build in the form "MODULESDIR: "..."" +if available or "MODULESDIR: N/A" otherwise. + +=item OPENSSL_CPU_INFO + +The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like "CPUINFO: OPENSSL_ia32cap=0x123:0x456". +Or "CPUINFO: N/A" if not available, e.g. no-asm build. + =back For an unknown B, the text "not available" is returned. @@ -166,6 +180,14 @@ value of the environment variable C<$PATH> on Unix (where the separator is ":") or C<%PATH%> on Windows (where the separator is ";"). +=item OPENSSL_INFO_CPU_SETTINGS + +The current OpenSSL cpu settings. +This is the current setting of the cpu capability flags. It is usually +automatically configured but may be set via an environment variable. +The value has the same syntax as the environment variable. +For x86 the string looks like "OPENSSL_ia32cap=0x123:0x456". + =back For an unknown B, NULL is returned. @@ -224,7 +246,7 @@ with the exception of the L ones. =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index e16e3e4743..05580ad93c 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -169,6 +169,7 @@ const char *OpenSSL_version(int type); # define OPENSSL_VERSION_STRING 6 # define OPENSSL_FULL_VERSION_STRING 7 # define OPENSSL_MODULES_DIR 8 +# define OPENSSL_CPU_INFO 9 const char *OPENSSL_info(int type); /* @@ -182,6 +183,7 @@ const char *OPENSSL_info(int type); # define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 # define OPENSSL_INFO_LIST_SEPARATOR 1006 # define OPENSSL_INFO_SEED_SOURCE 1007 +# define OPENSSL_INFO_CPU_SETTINGS 1008 int OPENSSL_issetugid(void); From builds at travis-ci.org Mon Sep 2 19:13:39 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 02 Sep 2019 19:13:39 +0000 Subject: Still Failing: openssl/openssl#27813 (master - 363e941) In-Reply-To: Message-ID: <5d6d69e3737eb_43fb18676f9682856b1@a894fb9d-6317-44a2-af7f-175e1c0be120.mail> Build Update for openssl/openssl ------------------------------------- Build: #27813 Status: Still Failing Duration: 23 mins and 54 secs Commit: 363e941 (master) Author: Bernd Edlinger Message: Add CPU info to the speed command summary Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9669) View the changeset: https://github.com/openssl/openssl/compare/586dd674f57e...363e941ed43c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/579935367?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 3 04:19:29 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 03 Sep 2019 04:19:29 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1567484369.240282.19343.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 363e941ed4 Add CPU info to the speed command summary 586dd674f5 Diverse ERR fixes e592dbde6f Rework the documentation of our individual MAC implementations ba24076fac Fix function name typo in MAC documentation. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=176, Tests=1586, 304 wallclock secs ( 3.31 usr 0.44 sys + 289.36 cusr 24.88 csys = 317.99 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Tue Sep 3 08:06:51 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 03 Sep 2019 08:06:51 +0000 Subject: [openssl] master update Message-ID: <1567498011.963667.8812.nullmailer@dev.openssl.org> The branch master has been updated via 7964e3709af59675795ab1f4f69a935980379a66 (commit) from 363e941ed43c648adf4d6d0874077ddd80041e1f (commit) - Log ----------------------------------------------------------------- commit 7964e3709af59675795ab1f4f69a935980379a66 Author: Pauli Date: Mon Sep 2 09:12:53 2019 +1000 Fix Coverity 1453452: Control flow issues (DEADCODE) Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9749) ----------------------------------------------------------------------- Summary of changes: apps/provider.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apps/provider.c b/apps/provider.c index 932bc40931..fe5ca1d1f7 100644 --- a/apps/provider.c +++ b/apps/provider.c @@ -165,8 +165,7 @@ int provider_main(int argc, char **argv) prog = opt_init(argc, argv, provider_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { - case OPT_EOF: - case OPT_ERR: + default: /* Catching OPT_ERR & covering OPT_EOF which isn't possible */ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: From builds at travis-ci.org Tue Sep 3 08:27:36 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 03 Sep 2019 08:27:36 +0000 Subject: Still Failing: openssl/openssl#27833 (master - 7964e37) In-Reply-To: Message-ID: <5d6e23f817c0e_43fb53853f340225251@d5974881-a62e-458a-86a1-d0efc76a9a04.mail> Build Update for openssl/openssl ------------------------------------- Build: #27833 Status: Still Failing Duration: 20 mins and 5 secs Commit: 7964e37 (master) Author: Pauli Message: Fix Coverity 1453452: Control flow issues (DEADCODE) Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9749) View the changeset: https://github.com/openssl/openssl/compare/363e941ed43c...7964e3709af5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580118916?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Sep 3 08:36:54 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 03 Sep 2019 08:36:54 +0000 Subject: [openssl] master update Message-ID: <1567499814.918869.12791.nullmailer@dev.openssl.org> The branch master has been updated via 3ca9d210c94b9b88b89b224797aa403dfe97ccce (commit) from 7964e3709af59675795ab1f4f69a935980379a66 (commit) - Log ----------------------------------------------------------------- commit 3ca9d210c94b9b88b89b224797aa403dfe97ccce Author: Richard Levitte Date: Fri Aug 23 14:03:28 2019 +0200 Refactor how KEYMGMT methods get associated with other methods KEYMGMT methods were attached to other methods after those were fully created and registered, thereby creating a potential data race, if two threads tried to create the exact same method at the same time. Instead of this, we change the method creating function to take an extra data parameter, passed all the way from the public fetching function. In the case of EVP_KEYEXCH, we pass all the necessary data that evp_keyexch_from_dispatch() needs to be able to fetch the appropriate KEYMGMT method on the fly. Fixes #9592 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9678) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/evp/digest.c | 6 +-- crypto/evp/evp_enc.c | 7 ++-- crypto/evp/evp_err.c | 2 + crypto/evp/evp_fetch.c | 21 ++++++---- crypto/evp/evp_locl.h | 8 +++- crypto/evp/exchange.c | 74 ++++++++++++++++++++------------- crypto/evp/keymgmt_meth.c | 4 +- crypto/evp/mac_meth.c | 6 +-- doc/internal/man3/evp_generic_fetch.pod | 9 +++- include/openssl/evperr.h | 5 +-- 11 files changed, 87 insertions(+), 56 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 58f6c4894f..9b682d5084 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2484,6 +2484,7 @@ EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length EVP_R_NO_CIPHER_SET:131:no cipher set EVP_R_NO_DEFAULT_DIGEST:158:no default digest EVP_R_NO_DIGEST_SET:139:no digest set +EVP_R_NO_KEYMGMT_AVAILABLE:199:no keymgmt available EVP_R_NO_KEYMGMT_PRESENT:196:no keymgmt present EVP_R_NO_KEY_SET:154:no key set EVP_R_NO_OPERATION_SET:149:no operation set diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index dc7f922a11..bb6d31bf4f 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -617,7 +617,7 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) } static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov, void *unused) { EVP_MD *md = NULL; int fncnt = 0; @@ -744,7 +744,7 @@ EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, { EVP_MD *md = evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties, - evp_md_from_dispatch, evp_md_up_ref, + evp_md_from_dispatch, NULL, evp_md_up_ref, evp_md_free); return md; @@ -756,5 +756,5 @@ void EVP_MD_do_all_ex(OPENSSL_CTX *libctx, { evp_generic_do_all(libctx, OSSL_OP_DIGEST, (void (*)(void *, void *))fn, arg, - evp_md_from_dispatch, evp_md_free); + evp_md_from_dispatch, NULL, evp_md_free); } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 96a15ef897..142ffecfed 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1246,7 +1246,8 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) static void *evp_cipher_from_dispatch(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov, + void *unused) { EVP_CIPHER *cipher = NULL; int fnciphcnt = 0, fnctxcnt = 0; @@ -1386,7 +1387,7 @@ EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, { EVP_CIPHER *cipher = evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties, - evp_cipher_from_dispatch, evp_cipher_up_ref, + evp_cipher_from_dispatch, NULL, evp_cipher_up_ref, evp_cipher_free); return cipher; @@ -1398,5 +1399,5 @@ void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx, { evp_generic_do_all(libctx, OSSL_OP_CIPHER, (void (*)(void *, void *))fn, arg, - evp_cipher_from_dispatch, evp_cipher_free); + evp_cipher_from_dispatch, NULL, evp_cipher_free); } diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 749f189be3..63174f98f6 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -99,6 +99,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_AVAILABLE), + "no keymgmt available"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_PRESENT), "no keymgmt present"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"}, diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index fa85178a7e..662195e4de 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -41,7 +41,8 @@ struct method_data_st { const char *name; OSSL_METHOD_CONSTRUCT_METHOD *mcm; void *(*method_from_dispatch)(const char *, const OSSL_DISPATCH *, - OSSL_PROVIDER *); + OSSL_PROVIDER *, void *); + void *method_data; int (*refcnt_up_method)(void *method); void (*destruct_method)(void *method); }; @@ -142,7 +143,8 @@ static void *construct_method(const char *name, const OSSL_DISPATCH *fns, { struct method_data_st *methdata = data; - return methdata->method_from_dispatch(name, fns, prov); + return methdata->method_from_dispatch(name, fns, prov, + methdata->method_data); } static void destruct_method(void *method, void *data) @@ -156,7 +158,9 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, const char *name, const char *properties, void *(*new_method)(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov), + OSSL_PROVIDER *prov, + void *method_data), + void *method_data, int (*up_ref_method)(void *), void (*free_method)(void *)) { @@ -205,6 +209,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, mcmdata.destruct_method = free_method; mcmdata.refcnt_up_method = up_ref_method; mcmdata.destruct_method = free_method; + mcmdata.method_data = method_data; if ((method = ossl_method_construct(libctx, operation_id, name, properties, 0 /* !force_cache */, &mcm, &mcmdata)) != NULL) { @@ -239,7 +244,7 @@ struct do_all_data_st { void (*user_fn)(void *method, void *arg); void *user_arg; void *(*new_method)(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov); + OSSL_PROVIDER *prov, void *method_data); void (*free_method)(void *); }; @@ -248,7 +253,7 @@ static void do_one(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, { struct do_all_data_st *data = vdata; void *method = data->new_method(algo->algorithm_name, - algo->implementation, provider); + algo->implementation, provider, NULL); if (method != NULL) { data->user_fn(method, data->user_arg); @@ -261,7 +266,9 @@ void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, void *user_arg, void *(*new_method)(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov), + OSSL_PROVIDER *prov, + void *method_data), + void *method_data, void (*free_method)(void *)) { struct do_all_data_st data; @@ -270,5 +277,5 @@ void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, data.free_method = free_method; data.user_fn = user_fn; data.user_arg = user_arg; - ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data); + ossl_algorithm_do_all(libctx, operation_id, method_data, do_one, &data); } diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 3fd73212a4..a7b36dbc0e 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -141,7 +141,9 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, const char *algorithm, const char *properties, void *(*new_method)(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov), + OSSL_PROVIDER *prov, + void *method_data), + void *method_data, int (*up_ref_method)(void *), void (*free_method)(void *)); void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, @@ -149,7 +151,9 @@ void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, void *user_arg, void *(*new_method)(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov), + OSSL_PROVIDER *prov, + void *method_data), + void *method_data, void (*free_method)(void *)); /* Helper functions to avoid duplicating code */ diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 20503b5f67..e69e4fd0b2 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -32,20 +32,45 @@ static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov) return exchange; } +struct keymgmt_data_st { + OPENSSL_CTX *ctx; + const char *properties; +}; + static void *evp_keyexch_from_dispatch(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov, + void *vkeymgmt_data) { + /* + * Key exchange cannot work without a key, and key management + * from the same provider to manage its keys. We therefore fetch + * a key management method using the same algorithm and properties + * and pass that down to evp_generic_fetch to be passed on to our + * evp_keyexch_from_dispatch, which will attach the key management + * method to the newly created key exchange method as long as the + * provider matches. + */ + struct keymgmt_data_st *keymgmt_data = vkeymgmt_data; + EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(keymgmt_data->ctx, name, + keymgmt_data->properties); EVP_KEYEXCH *exchange = NULL; int fncnt = 0; + if (keymgmt == NULL || EVP_KEYMGMT_provider(keymgmt) != prov) { + ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE); + goto err; + } + if ((exchange = evp_keyexch_new(prov)) == NULL || (exchange->name = OPENSSL_strdup(name)) == NULL) { - EVP_KEYEXCH_free(exchange); - EVPerr(0, ERR_R_MALLOC_FAILURE); - return NULL; + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + goto err; } + exchange->keymgmt = keymgmt; + keymgmt = NULL; /* avoid double free on failure below */ + for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_KEYEXCH_NEWCTX: @@ -96,13 +121,17 @@ static void *evp_keyexch_from_dispatch(const char *name, * and freectx. The dupctx, set_peer and set_params functions are * optional. */ - EVP_KEYEXCH_free(exchange); EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; + goto err; } return exchange; + + err: + EVP_KEYEXCH_free(exchange); + EVP_KEYMGMT_free(keymgmt); + return NULL; } void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange) @@ -137,31 +166,16 @@ OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange) EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties) { - /* - * Key exchange cannot work without a key, and we key management - * from the same provider to manage its keys. - */ - EVP_KEYEXCH *keyexch = - evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties, - evp_keyexch_from_dispatch, - (int (*)(void *))EVP_KEYEXCH_up_ref, - (void (*)(void *))EVP_KEYEXCH_free); - - /* If the method is newly created, there's no keymgmt attached */ - if (keyexch->keymgmt == NULL) { - EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(ctx, algorithm, properties); - - if (keymgmt == NULL - || (EVP_KEYEXCH_provider(keyexch) - != EVP_KEYMGMT_provider(keymgmt))) { - EVP_KEYEXCH_free(keyexch); - EVP_KEYMGMT_free(keymgmt); - EVPerr(EVP_F_EVP_KEYEXCH_FETCH, EVP_R_NO_KEYMGMT_PRESENT); - return NULL; - } + EVP_KEYEXCH *keyexch = NULL; + struct keymgmt_data_st keymgmt_data; + + keymgmt_data.ctx = ctx; + keymgmt_data.properties = properties; + keyexch = evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties, + evp_keyexch_from_dispatch, &keymgmt_data, + (int (*)(void *))EVP_KEYEXCH_up_ref, + (void (*)(void *))EVP_KEYEXCH_free); - keyexch->keymgmt = keymgmt; - } return keyexch; } diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 67c33eb78b..72ef1bdb0c 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -34,7 +34,7 @@ static void *keymgmt_new(void) } static void *keymgmt_from_dispatch(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov, void *unused) { EVP_KEYMGMT *keymgmt = NULL; @@ -156,7 +156,7 @@ EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm, { EVP_KEYMGMT *keymgmt = evp_generic_fetch(ctx, OSSL_OP_KEYMGMT, algorithm, properties, - keymgmt_from_dispatch, + keymgmt_from_dispatch, NULL, (int (*)(void *))EVP_KEYMGMT_up_ref, (void (*)(void *))EVP_KEYMGMT_free); diff --git a/crypto/evp/mac_meth.c b/crypto/evp/mac_meth.c index 1c0d6425f7..a317127e15 100644 --- a/crypto/evp/mac_meth.c +++ b/crypto/evp/mac_meth.c @@ -48,7 +48,7 @@ static void *evp_mac_new(void) } static void *evp_mac_from_dispatch(const char *name, const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov) + OSSL_PROVIDER *prov, void *unused) { EVP_MAC *mac = NULL; int fnmaccnt = 0, fnctxcnt = 0; @@ -154,7 +154,7 @@ EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, const char *properties) { return evp_generic_fetch(libctx, OSSL_OP_MAC, algorithm, properties, - evp_mac_from_dispatch, evp_mac_up_ref, + evp_mac_from_dispatch, NULL, evp_mac_up_ref, evp_mac_free); } @@ -205,5 +205,5 @@ void EVP_MAC_do_all_ex(OPENSSL_CTX *libctx, { evp_generic_do_all(libctx, OSSL_OP_MAC, (void (*)(void *, void *))fn, arg, - evp_mac_from_dispatch, evp_mac_free); + evp_mac_from_dispatch, NULL, evp_mac_free); } diff --git a/doc/internal/man3/evp_generic_fetch.pod b/doc/internal/man3/evp_generic_fetch.pod index 0688ac0170..b77391e386 100644 --- a/doc/internal/man3/evp_generic_fetch.pod +++ b/doc/internal/man3/evp_generic_fetch.pod @@ -11,8 +11,11 @@ evp_generic_fetch - generic algorithm fetcher and method creator for EVP void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, const char *name, const char *properties, - void *(*new_method)(const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov), + void *(*new_method)(const char *name, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov, + void *method_data), + void *method_data, int (*up_ref_method)(void *), void (*free_method)(void *)); @@ -31,6 +34,8 @@ The three functions are supposed to: creates an internal method from function pointers found in the dispatch table C. +The algorithm I, provider I, and I are +also passed to be used as new_method() sees fit. =item up_ref_method() diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 34966f84cd..714f170bd9 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -41,10 +41,6 @@ int ERR_load_EVP_strings(void); # define EVP_F_ARIA_GCM_INIT_KEY 0 # define EVP_F_ARIA_INIT_KEY 0 # define EVP_F_B64_NEW 0 -# define EVP_F_BLAKE2B_MAC_CTRL 0 -# define EVP_F_BLAKE2B_MAC_INIT 0 -# define EVP_F_BLAKE2S_MAC_CTRL 0 -# define EVP_F_BLAKE2S_MAC_INIT 0 # define EVP_F_CAMELLIA_INIT_KEY 0 # define EVP_F_CHACHA20_POLY1305_CTRL 0 # define EVP_F_CMLL_T4_INIT_KEY 0 @@ -218,6 +214,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_NO_CIPHER_SET 131 # define EVP_R_NO_DEFAULT_DIGEST 158 # define EVP_R_NO_DIGEST_SET 139 +# define EVP_R_NO_KEYMGMT_AVAILABLE 199 # define EVP_R_NO_KEYMGMT_PRESENT 196 # define EVP_R_NO_KEY_SET 154 # define EVP_R_NO_OPERATION_SET 149 From builds at travis-ci.org Tue Sep 3 08:57:26 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 03 Sep 2019 08:57:26 +0000 Subject: Still Failing: openssl/openssl#27834 (master - 3ca9d21) In-Reply-To: Message-ID: <5d6e2af61f138_43fb5384799d823182d@d5974881-a62e-458a-86a1-d0efc76a9a04.mail> Build Update for openssl/openssl ------------------------------------- Build: #27834 Status: Still Failing Duration: 19 mins and 53 secs Commit: 3ca9d21 (master) Author: Richard Levitte Message: Refactor how KEYMGMT methods get associated with other methods KEYMGMT methods were attached to other methods after those were fully created and registered, thereby creating a potential data race, if two threads tried to create the exact same method at the same time. Instead of this, we change the method creating function to take an extra data parameter, passed all the way from the public fetching function. In the case of EVP_KEYEXCH, we pass all the necessary data that evp_keyexch_from_dispatch() needs to be able to fetch the appropriate KEYMGMT method on the fly. Fixes #9592 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9678) View the changeset: https://github.com/openssl/openssl/compare/7964e3709af5...3ca9d210c94b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580129447?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Sep 3 14:49:22 2019 From: levitte at openssl.org (Richard Levitte) Date: Tue, 03 Sep 2019 14:49:22 +0000 Subject: [openssl] master update Message-ID: <1567522162.581678.10168.nullmailer@dev.openssl.org> The branch master has been updated via 8648a50a2704307fa4633b3d11724dfdae11f125 (commit) from 3ca9d210c94b9b88b89b224797aa403dfe97ccce (commit) - Log ----------------------------------------------------------------- commit 8648a50a2704307fa4633b3d11724dfdae11f125 Author: Richard Levitte Date: Tue Sep 3 15:10:43 2019 +0200 test/errtest.c: more conditions for checking __FILE__ and __LINE__ When at least one of OPENSSL_NO_ERR or OPENSSL_NO_FILENAMES is defined, __FILE__ and __LINE__ are not saved with the error record. This test only checked OPENSSL_NO_FILENAMES. Now fixed. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9755) ----------------------------------------------------------------------- Summary of changes: test/errtest.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/test/errtest.c b/test/errtest.c index 37e9686663..ffe6532240 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -44,13 +44,17 @@ static int vdata_appends(void) return TEST_str_eq(data, "hello world"); } -/* Test that setting a platform error sets the right values. */ -static int platform_error(void) +static int raised_error(void) { const char *f, *data; int l; unsigned long e; -#ifndef OPENSSL_NO_FILENAMES + + /* + * When OPENSSL_NO_ERR or OPENSSL_NO_FILENAMES, no file name or line + * number is saved, so no point checking them. + */ +#if !defined(OPENSSL_NO_FILENAMES) && !defined(OPENSSL_NO_ERR) const char *file; int line; @@ -61,7 +65,7 @@ static int platform_error(void) "calling exit()"); if (!TEST_ulong_ne(e = ERR_get_error_line_data(&f, &l, &data, NULL), 0) || !TEST_int_eq(ERR_GET_REASON(e), ERR_R_INTERNAL_ERROR) -#ifndef OPENSSL_NO_FILENAMES +#if !defined(OPENSSL_NO_FILENAMES) && !defined(OPENSSL_NO_ERR) || !TEST_int_eq(l, line) || !TEST_str_eq(f, file) #endif @@ -74,6 +78,6 @@ int setup_tests(void) { ADD_TEST(preserves_system_error); ADD_TEST(vdata_appends); - ADD_TEST(platform_error); + ADD_TEST(raised_error); return 1; } From builds at travis-ci.org Tue Sep 3 15:09:26 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 03 Sep 2019 15:09:26 +0000 Subject: Still Failing: openssl/openssl#27838 (master - 8648a50) In-Reply-To: Message-ID: <5d6e822625a03_43fb5aa17da143148cb@5af97e6e-e58a-404c-b2a8-2f4a04b7ccab.mail> Build Update for openssl/openssl ------------------------------------- Build: #27838 Status: Still Failing Duration: 19 mins and 13 secs Commit: 8648a50 (master) Author: Richard Levitte Message: test/errtest.c: more conditions for checking __FILE__ and __LINE__ When at least one of OPENSSL_NO_ERR or OPENSSL_NO_FILENAMES is defined, __FILE__ and __LINE__ are not saved with the error record. This test only checked OPENSSL_NO_FILENAMES. Now fixed. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9755) View the changeset: https://github.com/openssl/openssl/compare/3ca9d210c94b...8648a50a2704 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580275711?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Sep 3 20:21:23 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 03 Sep 2019 20:21:23 +0000 Subject: Build failed: openssl master.27268 Message-ID: <20190903202123.1.84A3992F430185C4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Sep 3 23:36:53 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 03 Sep 2019 23:36:53 +0000 Subject: Build failed: openssl master.27269 Message-ID: <20190903233653.1.9861690127FE67DA@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 4 00:42:17 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 00:42:17 +0000 Subject: Build failed: openssl master.27271 Message-ID: <20190904004217.1.D2A792D6E35E73E8@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 4 01:34:32 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 01:34:32 +0000 Subject: Build completed: openssl master.27272 Message-ID: <20190904013432.1.D769E28CDCC38180@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Sep 4 04:20:42 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 04 Sep 2019 04:20:42 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1567570842.483023.7290.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 8648a50a27 test/errtest.c: more conditions for checking __FILE__ and __LINE__ 3ca9d210c9 Refactor how KEYMGMT methods get associated with other methods 7964e3709a Fix Coverity 1453452: Control flow issues (DEADCODE) From no-reply at appveyor.com Wed Sep 4 08:36:57 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 08:36:57 +0000 Subject: Build failed: openssl master.27275 Message-ID: <20190904083657.1.8B866DCECD93E4F4@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Sep 4 08:38:44 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 04 Sep 2019 08:38:44 +0000 Subject: [openssl] master update Message-ID: <1567586324.556093.28939.nullmailer@dev.openssl.org> The branch master has been updated via 550f974a09942ace37cf3cf14021ea5e51e6dd11 (commit) via 3fd7026276475d72a3b5bbbe42cd1f5ff6b0e736 (commit) from 8648a50a2704307fa4633b3d11724dfdae11f125 (commit) - Log ----------------------------------------------------------------- commit 550f974a09942ace37cf3cf14021ea5e51e6dd11 Author: Richard Levitte Date: Tue Sep 3 18:11:49 2019 +0200 New function EVP_CIPHER_free() This function re-implements EVP_CIPHER_meth_free(), but has a name that isn't encumbered by legacy EVP_CIPHER construction functionality. We also refactor most of EVP_CIPHER_meth_new() into an internal evp_cipher_new() that's used when creating fetched methods. EVP_CIPHER_meth_new() and EVP_CIPHER_meth_free() are rewritten in terms of evp_cipher_new() and EVP_CIPHER_free(). This means that at any time, we can deprecate all the EVP_CIPHER_meth_ functions with no harmful consequence. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9758) commit 3fd7026276475d72a3b5bbbe42cd1f5ff6b0e736 Author: Richard Levitte Date: Tue Sep 3 17:47:13 2019 +0200 New function EVP_MD_free() This function re-implements EVP_MD_meth_free(), but has a name that isn't encumbered by legacy EVP_MD construction functionality. We also refactor most of EVP_MD_meth_new() into an internal evp_md_new() that's used when creating fetched methods. EVP_MD_meth_new() and EVP_MD_meth_free() are rewritten in terms of evp_md_new() and EVP_MD_free(). This means that at any time, we can deprecate all the EVP_MD_meth_ functions with no harmful consequence. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9758) ----------------------------------------------------------------------- Summary of changes: apps/list.c | 4 +-- crypto/bn/bn_rand.c | 2 +- crypto/ec/curve448/eddsa.c | 6 ++--- crypto/evp/cmeth_lib.c | 41 +++++++++-------------------- crypto/evp/digest.c | 55 +++++++++++++++++++++++++++++++++------ crypto/evp/evp_enc.c | 53 ++++++++++++++++++++++++++++++++----- crypto/evp/evp_lib.c | 40 +++++++++------------------- crypto/evp/evp_locl.h | 4 +++ crypto/rand/drbg_ctr.c | 4 +-- crypto/rand/drbg_hash.c | 6 ++--- crypto/rand/drbg_hmac.c | 6 ++--- crypto/rand/rand_crng_test.c | 2 +- doc/man3/EVP_CIPHER_meth_new.pod | 10 +++---- doc/man3/EVP_DigestInit.pod | 29 +++++++++++++++++---- doc/man3/EVP_EncryptInit.pod | 22 ++++++++++++++-- doc/man3/EVP_MD_meth_new.pod | 24 +++++++---------- include/openssl/evp.h | 6 +++-- providers/common/macs/cmac_prov.c | 4 +-- providers/common/macs/gmac_prov.c | 4 +-- providers/common/macs/hmac_prov.c | 4 +-- providers/common/macs/kmac_prov.c | 4 +-- providers/fips/fipsprov.c | 2 +- test/evp_extra_test.c | 20 +++++++------- util/libcrypto.num | 2 ++ 24 files changed, 218 insertions(+), 136 deletions(-) diff --git a/apps/list.c b/apps/list.c index 446a6e1ab9..3e34228d1e 100644 --- a/apps/list.c +++ b/apps/list.c @@ -80,7 +80,7 @@ static void list_ciphers(void) EVP_CIPHER_CTX_settable_params(c), 4); } } - sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_meth_free); + sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_free); } static void list_md_fn(const EVP_MD *m, @@ -143,7 +143,7 @@ static void list_digests(void) EVP_MD_CTX_settable_params(m), 4); } } - sk_EVP_MD_pop_free(digests, EVP_MD_meth_free); + sk_EVP_MD_pop_free(digests, EVP_MD_free); } DEFINE_STACK_OF(EVP_MAC) diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index d1743ddf7a..fa75a3b10e 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -310,7 +310,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, err: EVP_MD_CTX_free(mdctx); - EVP_MD_meth_free(md); + EVP_MD_free(md); OPENSSL_free(k_bytes); OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); return ret; diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index 58e9e92d4c..45b6c4ab69 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -41,7 +41,7 @@ static c448_error_t oneshot_hash(OPENSSL_CTX *ctx, uint8_t *out, size_t outlen, ret = C448_SUCCESS; err: EVP_MD_CTX_free(hashctx); - EVP_MD_meth_free(shake256); + EVP_MD_free(shake256); return ret; } @@ -77,11 +77,11 @@ static c448_error_t hash_init_with_dom(OPENSSL_CTX *ctx, EVP_MD_CTX *hashctx, || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) || !EVP_DigestUpdate(hashctx, context, context_len)) { - EVP_MD_meth_free(shake256); + EVP_MD_free(shake256); return C448_FAILURE; } - EVP_MD_meth_free(shake256); + EVP_MD_free(shake256); return C448_SUCCESS; } diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 51c9b6ece2..34e85f6366 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -16,28 +16,29 @@ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) { - EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); + EVP_CIPHER *cipher = evp_cipher_new(); if (cipher != NULL) { cipher->nid = cipher_type; cipher->block_size = block_size; cipher->key_len = key_len; - cipher->lock = CRYPTO_THREAD_lock_new(); - if (cipher->lock == NULL) { - OPENSSL_free(cipher); - return NULL; - } - cipher->refcnt = 1; } return cipher; } EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) { - EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, - cipher->key_len); + EVP_CIPHER *to = NULL; - if (to != NULL) { + /* + * Non-legacy EVP_CIPHERs can't be duplicated like this. + * Use EVP_CIPHER_up_ref() instead. + */ + if (cipher->prov != NULL) + return NULL; + + if ((to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, + cipher->key_len)) == NULL) { CRYPTO_RWLOCK *lock = to->lock; memcpy(to, cipher, sizeof(*to)); @@ -48,25 +49,7 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) { - if (cipher != NULL) { - int i; - - CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock); - if (i > 0) - return; - ossl_provider_free(cipher->prov); - OPENSSL_free(cipher->name); - CRYPTO_THREAD_lock_free(cipher->lock); - OPENSSL_free(cipher); - } -} - -int EVP_CIPHER_up_ref(EVP_CIPHER *cipher) -{ - int ref = 0; - - CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); - return 1; + EVP_CIPHER_free(cipher); } int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index bb6d31bf4f..6cb9064b6c 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -86,7 +86,7 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx) EVP_MD_CTX_reset(ctx); - EVP_MD_meth_free(ctx->fetched_digest); + EVP_MD_free(ctx->fetched_digest); ctx->fetched_digest = NULL; ctx->digest = NULL; ctx->reqdigest = NULL; @@ -156,7 +156,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) { if (ctx->digest == ctx->fetched_digest) ctx->digest = NULL; - EVP_MD_meth_free(ctx->fetched_digest); + EVP_MD_free(ctx->fetched_digest); ctx->fetched_digest = NULL; goto legacy; } @@ -181,7 +181,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) return 0; } type = provmd; - EVP_MD_meth_free(ctx->fetched_digest); + EVP_MD_free(ctx->fetched_digest); ctx->fetched_digest = provmd; #endif } @@ -415,7 +415,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVP_MD_CTX_reset(out); if (out->fetched_digest != NULL) - EVP_MD_meth_free(out->fetched_digest); + EVP_MD_free(out->fetched_digest); *out = *in; /* NULL out pointers in case of error */ out->pctx = NULL; @@ -616,6 +616,21 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) return ret; } +EVP_MD *evp_md_new(void) +{ + EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); + + if (md != NULL) { + md->lock = CRYPTO_THREAD_lock_new(); + if (md->lock == NULL) { + OPENSSL_free(md); + return NULL; + } + md->refcnt = 1; + } + return md; +} + static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *unused) { @@ -623,9 +638,9 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, int fncnt = 0; /* EVP_MD_fetch() will set the legacy NID if available */ - if ((md = EVP_MD_meth_new(NID_undef, NID_undef)) == NULL + if ((md = evp_md_new()) == NULL || (md->name = OPENSSL_strdup(name)) == NULL) { - EVP_MD_meth_free(md); + EVP_MD_free(md); EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } @@ -718,7 +733,7 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, * The "digest" function can standalone. We at least need one way to * generate digests. */ - EVP_MD_meth_free(md); + EVP_MD_free(md); ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); return NULL; } @@ -736,7 +751,7 @@ static int evp_md_up_ref(void *md) static void evp_md_free(void *md) { - EVP_MD_meth_free(md); + EVP_MD_free(md); } EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, @@ -750,6 +765,30 @@ EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, return md; } +int EVP_MD_up_ref(EVP_MD *md) +{ + int ref = 0; + + CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); + return 1; +} + +void EVP_MD_free(EVP_MD *md) +{ + int i; + + if (md == NULL) + return; + + CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock); + if (i > 0) + return; + ossl_provider_free(md->prov); + OPENSSL_free(md->name); + CRYPTO_THREAD_lock_free(md->lock); + OPENSSL_free(md); +} + void EVP_MD_do_all_ex(OPENSSL_CTX *libctx, void (*fn)(EVP_MD *mac, void *arg), void *arg) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 142ffecfed..96dc83b2a0 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -35,7 +35,7 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) ctx->provctx = NULL; } if (ctx->fetched_cipher != NULL) - EVP_CIPHER_meth_free(ctx->fetched_cipher); + EVP_CIPHER_free(ctx->fetched_cipher); memset(ctx, 0, sizeof(*ctx)); return 1; @@ -133,7 +133,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, || impl != NULL) { if (ctx->cipher == ctx->fetched_cipher) ctx->cipher = NULL; - EVP_CIPHER_meth_free(ctx->fetched_cipher); + EVP_CIPHER_free(ctx->fetched_cipher); ctx->fetched_cipher = NULL; goto legacy; } @@ -274,7 +274,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return 0; } cipher = provciph; - EVP_CIPHER_meth_free(ctx->fetched_cipher); + EVP_CIPHER_free(ctx->fetched_cipher); ctx->fetched_cipher = provciph; #endif } @@ -1244,6 +1244,21 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return 1; } +EVP_CIPHER *evp_cipher_new(void) +{ + EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); + + if (cipher != NULL) { + cipher->lock = CRYPTO_THREAD_lock_new(); + if (cipher->lock == NULL) { + OPENSSL_free(cipher); + return NULL; + } + cipher->refcnt = 1; + } + return cipher; +} + static void *evp_cipher_from_dispatch(const char *name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, @@ -1252,9 +1267,9 @@ static void *evp_cipher_from_dispatch(const char *name, EVP_CIPHER *cipher = NULL; int fnciphcnt = 0, fnctxcnt = 0; - if ((cipher = EVP_CIPHER_meth_new(0, 0, 0)) == NULL + if ((cipher = evp_cipher_new()) == NULL || (cipher->name = OPENSSL_strdup(name)) == NULL) { - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } @@ -1361,7 +1376,7 @@ static void *evp_cipher_from_dispatch(const char *name, * functions, or a single "cipher" function. In all cases we need both * the "newctx" and "freectx" functions. */ - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); EVPerr(EVP_F_EVP_CIPHER_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS); return NULL; } @@ -1379,7 +1394,7 @@ static int evp_cipher_up_ref(void *cipher) static void evp_cipher_free(void *cipher) { - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); } EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, @@ -1393,6 +1408,30 @@ EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, return cipher; } +int EVP_CIPHER_up_ref(EVP_CIPHER *cipher) +{ + int ref = 0; + + CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); + return 1; +} + +void EVP_CIPHER_free(EVP_CIPHER *cipher) +{ + int i; + + if (cipher == NULL) + return; + + CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock); + if (i > 0) + return; + ossl_provider_free(cipher->prov); + OPENSSL_free(cipher->name); + CRYPTO_THREAD_lock_free(cipher->lock); + OPENSSL_free(cipher); +} + void EVP_CIPHER_do_all_ex(OPENSSL_CTX *libctx, void (*fn)(EVP_CIPHER *mac, void *arg), void *arg) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 460a5db003..b5b39a7f2d 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -529,54 +529,38 @@ unsigned long EVP_MD_flags(const EVP_MD *md) EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) { - EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); + EVP_MD *md = evp_md_new(); if (md != NULL) { md->type = md_type; md->pkey_type = pkey_type; - md->lock = CRYPTO_THREAD_lock_new(); - if (md->lock == NULL) { - OPENSSL_free(md); - return NULL; - } - md->refcnt = 1; } return md; } EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) { - EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type); + EVP_MD *to = NULL; - if (to != NULL) { + /* + * Non-legacy EVP_MDs can't be duplicated like this. + * Use EVP_MD_up_ref() instead. + */ + if (md->prov != NULL) + return NULL; + + if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) { CRYPTO_RWLOCK *lock = to->lock; + memcpy(to, md, sizeof(*to)); to->lock = lock; } return to; } -int EVP_MD_up_ref(EVP_MD *md) -{ - int ref = 0; - - CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); - return 1; -} - void EVP_MD_meth_free(EVP_MD *md) { - if (md != NULL) { - int i; - - CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock); - if (i > 0) - return; - ossl_provider_free(md->prov); - OPENSSL_free(md->name); - CRYPTO_THREAD_lock_free(md->lock); - OPENSSL_free(md); - } + EVP_MD_free(md); } int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) { diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index a7b36dbc0e..87f54bdc5f 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -156,6 +156,10 @@ void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, void *method_data, void (*free_method)(void *)); +/* Internal structure constructors for fetched methods */ +EVP_MD *evp_md_new(void); +EVP_CIPHER *evp_cipher_new(void); + /* Helper functions to avoid duplicating code */ /* diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index 23e504bfac..28db4eed7f 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -354,7 +354,7 @@ static int drbg_ctr_uninstantiate(RAND_DRBG *drbg) { EVP_CIPHER_CTX_free(drbg->data.ctr.ctx); EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df); - EVP_CIPHER_meth_free(drbg->data.ctr.cipher); + EVP_CIPHER_free(drbg->data.ctr.cipher); OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr)); return 1; } @@ -392,7 +392,7 @@ int drbg_ctr_init(RAND_DRBG *drbg) if (cipher == NULL) return 0; - EVP_CIPHER_meth_free(ctr->cipher); + EVP_CIPHER_free(ctr->cipher); ctr->cipher = cipher; drbg->meth = &drbg_ctr_meth; diff --git a/crypto/rand/drbg_hash.c b/crypto/rand/drbg_hash.c index bb6f36ce54..6bef917e0f 100644 --- a/crypto/rand/drbg_hash.c +++ b/crypto/rand/drbg_hash.c @@ -290,7 +290,7 @@ static int drbg_hash_generate(RAND_DRBG *drbg, static int drbg_hash_uninstantiate(RAND_DRBG *drbg) { - EVP_MD_meth_free(drbg->data.hash.md); + EVP_MD_free(drbg->data.hash.md); EVP_MD_CTX_free(drbg->data.hash.ctx); OPENSSL_cleanse(&drbg->data.hash, sizeof(drbg->data.hash)); return 1; @@ -346,12 +346,12 @@ int drbg_hash_init(RAND_DRBG *drbg) if (hash->ctx == NULL) { hash->ctx = EVP_MD_CTX_new(); if (hash->ctx == NULL) { - EVP_MD_meth_free(md); + EVP_MD_free(md); return 0; } } - EVP_MD_meth_free(hash->md); + EVP_MD_free(hash->md); hash->md = md; /* These are taken from SP 800-90 10.1 Table 2 */ diff --git a/crypto/rand/drbg_hmac.c b/crypto/rand/drbg_hmac.c index baafc59064..14c4570b6b 100644 --- a/crypto/rand/drbg_hmac.c +++ b/crypto/rand/drbg_hmac.c @@ -184,7 +184,7 @@ static int drbg_hmac_generate(RAND_DRBG *drbg, static int drbg_hmac_uninstantiate(RAND_DRBG *drbg) { - EVP_MD_meth_free(drbg->data.hmac.md); + EVP_MD_free(drbg->data.hmac.md); HMAC_CTX_free(drbg->data.hmac.ctx); OPENSSL_cleanse(&drbg->data.hmac, sizeof(drbg->data.hmac)); return 1; @@ -239,13 +239,13 @@ int drbg_hmac_init(RAND_DRBG *drbg) if (hmac->ctx == NULL) { hmac->ctx = HMAC_CTX_new(); if (hmac->ctx == NULL) { - EVP_MD_meth_free(md); + EVP_MD_free(md); return 0; } } /* These are taken from SP 800-90 10.1 Table 2 */ - EVP_MD_meth_free(hmac->md); + EVP_MD_free(hmac->md); hmac->md = md; hmac->blocklen = EVP_MD_size(md); /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ diff --git a/crypto/rand/rand_crng_test.c b/crypto/rand/rand_crng_test.c index a014f936fa..0ba0986b96 100644 --- a/crypto/rand/rand_crng_test.c +++ b/crypto/rand/rand_crng_test.c @@ -87,7 +87,7 @@ int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx, if (r != 0) memcpy(buf, p, CRNGT_BUFSIZ); rand_pool_reattach(pool, p); - EVP_MD_meth_free(fmd); + EVP_MD_free(fmd); return r; } return 0; diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod index 3d4da9c04e..8a6a4b99de 100644 --- a/doc/man3/EVP_CIPHER_meth_new.pod +++ b/doc/man3/EVP_CIPHER_meth_new.pod @@ -10,7 +10,7 @@ EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, -EVP_CIPHER_meth_get_ctrl, EVP_CIPHER_up_ref +EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods =head1 SYNOPSIS @@ -63,8 +63,6 @@ EVP_CIPHER_meth_get_ctrl, EVP_CIPHER_up_ref int type, int arg, void *ptr); - int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); - =head1 DESCRIPTION The B type is a structure for symmetric cipher method @@ -226,8 +224,6 @@ EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl() are all used to retrieve the method data given with the EVP_CIPHER_meth_set_*() functions above. -EVP_CIPHER_up_ref() increments the reference count for an EVP_CIPHER structure. - =head1 RETURN VALUES EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a @@ -236,8 +232,6 @@ All EVP_CIPHER_meth_set_*() functions return 1. All EVP_CIPHER_meth_get_*() functions return pointers to their respective B function. -EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise. - =head1 SEE ALSO L @@ -245,6 +239,8 @@ L =head1 HISTORY The functions described here were added in OpenSSL 1.1.0. +The B structure created with these functions became reference +counted in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index bdc48c3a4b..cc38235274 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -2,7 +2,7 @@ =head1 NAME -EVP_MD_fetch, +EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free, EVP_MD_get_params, EVP_MD_gettable_params, EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, @@ -28,6 +28,8 @@ EVP_MD_do_all_ex EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); + int EVP_MD_up_ref(EVP_MD *md); + void EVP_MD_free(EVP_MD *md); int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); EVP_MD_CTX *EVP_MD_CTX_new(void); @@ -92,7 +94,9 @@ EVP_MD_do_all_ex =head1 DESCRIPTION The EVP digest routines are a high level interface to message digests, -and should be used instead of the cipher-specific functions. +and should be used instead of the digest-specific functions. + +The B type is a structure for digest method implementation. =over 4 @@ -102,7 +106,18 @@ Fetches the digest implementation for the given B from any provider offering it, within the criteria given by the B. See L for further information. -The returned value must eventually be freed with L. +The returned value must eventually be freed with EVP_MD_free(). + +Fetched B structures are reference counted. + +=item EVP_MD_up_ref() + +Increments the reference count for an B structure. + +=item EVP_MD_free() + +Decrements the reference count for the fetched B structure. +If the reference count drops to 0 then the structure is freed. =item EVP_MD_CTX_new() @@ -409,6 +424,10 @@ disabled with this flag. Returns a pointer to a B for success or NULL for failure. +=item EVP_MD_up_ref() + +Returns 1 for success or 0 for failure. + =item EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex() @@ -573,8 +592,8 @@ The EVP_dss1() function was removed in OpenSSL 1.1.0. The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. -The EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() functions were -added in 3.0. +The EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), EVP_MD_CTX_set_params() +and EVP_MD_CTX_get_params() functions were added in 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 7f69a23dd7..11d0250a0d 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -3,6 +3,8 @@ =head1 NAME EVP_CIPHER_fetch, +EVP_CIPHER_up_ref, +EVP_CIPHER_free, EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, @@ -67,6 +69,8 @@ EVP_CIPHER_do_all_ex EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); + int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); + void EVP_CIPHER_free(EVP_CIPHER *cipher); EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); @@ -150,13 +154,21 @@ EVP_CIPHER_do_all_ex The EVP cipher routines are a high level interface to certain symmetric ciphers. +The B type is a structure for cipher method implementation. + EVP_CIPHER_fetch() fetches the cipher implementation for the given B from any provider offering it, within the criteria given by the B. See L for further information. -The returned value must eventually be freed with -L. +The returned value must eventually be freed with EVP_CIPHER_free(). + +EVP_CIPHER_up_ref() increments the reference count for an B +structure. + +EVP_CIPHER_free() decrements the reference count for the B +structure. +If the reference count drops to 0 then the structure is freed. EVP_CIPHER_CTX_new() creates a cipher context. @@ -351,6 +363,8 @@ and the given I as argument. EVP_CIPHER_fetch() returns a pointer to a B for success and B for failure. +EVP_CIPHER_up_ref() returns 1 for success or 0 otherwise. + EVP_CIPHER_CTX_new() returns a pointer to a newly created B for success and B for failure. @@ -757,6 +771,10 @@ EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset(). +The EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), +EVP_CIPHER_CTX_set_params() and EVP_CIPHER_CTX_get_params() functions +were added in 3.0. + =head1 COPYRIGHT Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EVP_MD_meth_new.pod b/doc/man3/EVP_MD_meth_new.pod index 5e35539efe..7777a33586 100644 --- a/doc/man3/EVP_MD_meth_new.pod +++ b/doc/man3/EVP_MD_meth_new.pod @@ -2,8 +2,8 @@ =head1 NAME -EVP_MD_meth_dup, -EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, +EVP_MD_meth_new, EVP_MD_meth_dup, EVP_MD_meth_free, +EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, @@ -11,8 +11,8 @@ EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, -EVP_MD_meth_get_ctrl, EVP_MD_up_ref -- Routines to build up EVP_MD methods +EVP_MD_meth_get_ctrl +- Routines to build up legacy EVP_MD methods =head1 SYNOPSIS @@ -54,16 +54,14 @@ EVP_MD_meth_get_ctrl, EVP_MD_up_ref int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); - int EVP_MD_up_ref(EVP_MD *md); - =head1 DESCRIPTION The B type is a structure for digest method implementation. It can also have associated public/private key signing and verifying routines. -EVP_MD_meth_new() creates a new B structure. Note that B -structures are reference counted. +EVP_MD_meth_new() creates a new B structure. +These B structures are reference counted. EVP_MD_meth_dup() creates a copy of B. @@ -162,8 +160,6 @@ EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used to retrieve the method data given with the EVP_MD_meth_set_*() functions above. -EVP_MD_up_ref() increments the reference count for an EVP_MD structure. - =head1 RETURN VALUES EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly @@ -175,8 +171,6 @@ indicated sizes or flags. All other EVP_CIPHER_meth_get_*() functions return pointers to their respective B function. -EVP_MD_up_ref() returns 1 for success or 0 otherwise. - =head1 SEE ALSO L, L, L @@ -184,8 +178,10 @@ L, L, L =head1 HISTORY The B structure was openly available in OpenSSL before version -1.1. EVP_MD_up_ref() was added in OpenSSL 3.0. All other functions described -here were added in OpenSSL 1.1. +1.1. +The functions described here were added in OpenSSL 1.1. +The B structure created with these functions became reference +counted in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index c778ef43da..a0733b9697 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -81,7 +81,6 @@ int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq); # ifndef EVP_MD EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); -int EVP_MD_up_ref(EVP_MD *md); void EVP_MD_meth_free(EVP_MD *md); int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); @@ -192,7 +191,6 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); -int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); @@ -486,6 +484,8 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); int EVP_CIPHER_mode(const EVP_CIPHER *cipher); EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); +int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); +void EVP_CIPHER_free(EVP_CIPHER *cipher); const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); @@ -585,6 +585,8 @@ __owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, __owur EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); +int EVP_MD_up_ref(EVP_MD *md); +void EVP_MD_free(EVP_MD *md); int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, diff --git a/providers/common/macs/cmac_prov.c b/providers/common/macs/cmac_prov.c index 4dcdea6ebe..7c15bc77b0 100644 --- a/providers/common/macs/cmac_prov.c +++ b/providers/common/macs/cmac_prov.c @@ -76,7 +76,7 @@ static void cmac_free(void *vmacctx) if (macctx != NULL) { CMAC_CTX_free(macctx->ctx); - EVP_CIPHER_meth_free(macctx->alloc_cipher); + EVP_CIPHER_free(macctx->alloc_cipher); OPENSSL_free(macctx); } } @@ -208,7 +208,7 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) propquery = p->data; } - EVP_CIPHER_meth_free(macctx->alloc_cipher); + EVP_CIPHER_free(macctx->alloc_cipher); macctx->tmpcipher = macctx->alloc_cipher = EVP_CIPHER_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx), diff --git a/providers/common/macs/gmac_prov.c b/providers/common/macs/gmac_prov.c index abd5baa106..22c8c95550 100644 --- a/providers/common/macs/gmac_prov.c +++ b/providers/common/macs/gmac_prov.c @@ -64,7 +64,7 @@ static void gmac_free(void *vmacctx) if (macctx != NULL) { EVP_CIPHER_CTX_free(macctx->ctx); - EVP_CIPHER_meth_free(macctx->alloc_cipher); + EVP_CIPHER_free(macctx->alloc_cipher); OPENSSL_free(macctx); } } @@ -222,7 +222,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) propquery = p->data; } - EVP_CIPHER_meth_free(macctx->alloc_cipher); + EVP_CIPHER_free(macctx->alloc_cipher); macctx->cipher = macctx->alloc_cipher = NULL; macctx->cipher = macctx->alloc_cipher = diff --git a/providers/common/macs/hmac_prov.c b/providers/common/macs/hmac_prov.c index e9be9802e6..d5f6db79de 100644 --- a/providers/common/macs/hmac_prov.c +++ b/providers/common/macs/hmac_prov.c @@ -79,7 +79,7 @@ static void hmac_free(void *vmacctx) if (macctx != NULL) { HMAC_CTX_free(macctx->ctx); - EVP_MD_meth_free(macctx->alloc_md); + EVP_MD_free(macctx->alloc_md); OPENSSL_free(macctx); } } @@ -222,7 +222,7 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) propquery = p->data; } - EVP_MD_meth_free(macctx->alloc_md); + EVP_MD_free(macctx->alloc_md); macctx->tmpmd = macctx->alloc_md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx), diff --git a/providers/common/macs/kmac_prov.c b/providers/common/macs/kmac_prov.c index b1e852ac77..9ffdbd5249 100644 --- a/providers/common/macs/kmac_prov.c +++ b/providers/common/macs/kmac_prov.c @@ -150,7 +150,7 @@ static void kmac_free(void *vmacctx) if (kctx != NULL) { EVP_MD_CTX_free(kctx->ctx); - EVP_MD_meth_free(kctx->alloc_md); + EVP_MD_free(kctx->alloc_md); OPENSSL_cleanse(kctx->key, kctx->key_len); OPENSSL_cleanse(kctx->custom, kctx->custom_len); OPENSSL_free(kctx); @@ -197,7 +197,7 @@ static void *kmac_fetch_new(void *provctx, const char *mdname) ret = kmac_new(provctx, fetched_md, md); if (ret == NULL) - EVP_MD_meth_free(fetched_md); + EVP_MD_free(fetched_md); return ret; } diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index f8f0a90c24..000bf73672 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -186,7 +186,7 @@ static int dummy_evp_call(void *provctx) BN_CTX_free(bnctx); EVP_MD_CTX_free(ctx); - EVP_MD_meth_free(sha256); + EVP_MD_free(sha256); #ifndef OPENSSL_NO_EC EC_KEY_free(key); diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f187f73bf0..1ad62d2f79 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1154,8 +1154,8 @@ static int test_EVP_MD_fetch(int tst) if (!TEST_true(EVP_MD_up_ref(md))) goto err; /* Ref count should now be 2. Release both */ - EVP_MD_meth_free(md); - EVP_MD_meth_free(md); + EVP_MD_free(md); + EVP_MD_free(md); md = NULL; /* @@ -1174,7 +1174,7 @@ static int test_EVP_MD_fetch(int tst) goto err; } - EVP_MD_meth_free(md); + EVP_MD_free(md); md = NULL; /* @@ -1195,7 +1195,7 @@ static int test_EVP_MD_fetch(int tst) goto err; } - EVP_MD_meth_free(md); + EVP_MD_free(md); md = NULL; /* @@ -1217,7 +1217,7 @@ static int test_EVP_MD_fetch(int tst) ret = 1; err: - EVP_MD_meth_free(md); + EVP_MD_free(md); OSSL_PROVIDER_unload(defltprov); OSSL_PROVIDER_unload(fipsprov); /* Not normally needed, but we would like to test that @@ -1317,8 +1317,8 @@ static int test_EVP_CIPHER_fetch(int tst) if (!TEST_true(EVP_CIPHER_up_ref(cipher))) goto err; /* Ref count should now be 2. Release both */ - EVP_CIPHER_meth_free(cipher); - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); + EVP_CIPHER_free(cipher); cipher = NULL; /* @@ -1336,7 +1336,7 @@ static int test_EVP_CIPHER_fetch(int tst) goto err; } - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); cipher = NULL; /* @@ -1355,7 +1355,7 @@ static int test_EVP_CIPHER_fetch(int tst) goto err; } - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); cipher = NULL; /* @@ -1381,7 +1381,7 @@ static int test_EVP_CIPHER_fetch(int tst) ret = 1; err: - EVP_CIPHER_meth_free(cipher); + EVP_CIPHER_free(cipher); OSSL_PROVIDER_unload(defltprov); OSSL_PROVIDER_unload(fipsprov); /* Not normally needed, but we would like to test that diff --git a/util/libcrypto.num b/util/libcrypto.num index ac1c110133..9f7b0fd7c6 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4732,3 +4732,5 @@ EVP_MAC_get_params 4841 3_0_0 EXIST::FUNCTION: EVP_MAC_gettable_params 4842 3_0_0 EXIST::FUNCTION: EVP_MAC_provider 4843 3_0_0 EXIST::FUNCTION: EVP_MAC_do_all_ex 4844 3_0_0 EXIST::FUNCTION: +EVP_MD_free 4845 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_free 4846 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Wed Sep 4 09:00:59 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 04 Sep 2019 09:00:59 +0000 Subject: Still Failing: openssl/openssl#27849 (master - 550f974) In-Reply-To: Message-ID: <5d6f7d4ac0d7d_43ff3cba7899827547c@e02c509a-fd52-4ae3-a33b-0befcfe60f87.mail> Build Update for openssl/openssl ------------------------------------- Build: #27849 Status: Still Failing Duration: 21 mins and 34 secs Commit: 550f974 (master) Author: Richard Levitte Message: New function EVP_CIPHER_free() This function re-implements EVP_CIPHER_meth_free(), but has a name that isn't encumbered by legacy EVP_CIPHER construction functionality. We also refactor most of EVP_CIPHER_meth_new() into an internal evp_cipher_new() that's used when creating fetched methods. EVP_CIPHER_meth_new() and EVP_CIPHER_meth_free() are rewritten in terms of evp_cipher_new() and EVP_CIPHER_free(). This means that at any time, we can deprecate all the EVP_CIPHER_meth_ functions with no harmful consequence. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9758) View the changeset: https://github.com/openssl/openssl/compare/8648a50a2704...550f974a0994 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580614710?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 4 09:35:29 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 09:35:29 +0000 Subject: Build completed: openssl master.27276 Message-ID: <20190904093529.1.93C50D48E885275A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 4 09:40:14 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 09:40:14 +0000 Subject: Build failed: openssl master.27277 Message-ID: <20190904094014.1.744AD1A1BB33F6A1@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Sep 4 10:15:39 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 04 Sep 2019 10:15:39 +0000 Subject: [openssl] master update Message-ID: <1567592139.106461.2770.nullmailer@dev.openssl.org> The branch master has been updated via 7f588d20cd9ed2bb0ee2577a4523453964f532b0 (commit) from 550f974a09942ace37cf3cf14021ea5e51e6dd11 (commit) - Log ----------------------------------------------------------------- commit 7f588d20cd9ed2bb0ee2577a4523453964f532b0 Author: Pauli Date: Wed Sep 4 19:27:08 2019 +1000 OSSL_PARAM_construct_utf8_string computes the string length. If the passed string length is zero, the function computes the string length from the passed string. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9760) ----------------------------------------------------------------------- Summary of changes: crypto/crmf/crmf_pbm.c | 2 +- crypto/evp/p_lib.c | 6 ++---- crypto/evp/pkey_mac.c | 13 ++++--------- crypto/kdf/sskdf.c | 3 +-- crypto/kdf/tls1_prf.c | 3 +-- crypto/modes/siv128.c | 3 +-- crypto/params.c | 2 ++ doc/man3/EVP_MAC.pod | 6 ++---- doc/man3/OSSL_PARAM_int.pod | 15 +++++++-------- test/evp_test.c | 6 ++---- 10 files changed, 23 insertions(+), 36 deletions(-) diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index aef676f252..a3ac45557d 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -208,7 +208,7 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, macparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - (char *)mdname, strlen(mdname) + 1); + (char *)mdname, 0); macparams[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, basekey, bklen); if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) == NULL diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 5691fffae3..5ec519d27c 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -345,14 +345,12 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, if (engine_id != NULL) params[paramsn++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ENGINE, - (char *)engine_id, - strlen(engine_id) + 1); + (char *)engine_id, 0); # endif params[paramsn++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - (char *)cipher_name, - strlen(cipher_name) + 1); + (char *)cipher_name, 0); params[paramsn++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, (char *)priv, len); diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 05eb2b1b3a..fc600fb845 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -279,13 +279,11 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ENGINE, - engineid, - strlen(engineid) + 1); + engineid, 0); #endif params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - ciphname, - strlen(ciphname) + 1); + ciphname, 0); params[params_n] = OSSL_PARAM_construct_end(); if (!EVP_MAC_CTX_set_params(hctx->ctx, params) @@ -403,17 +401,14 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ? NULL : (char *)ENGINE_get_id(ctx->engine); if (engineid != NULL) { - size_t engineid_l = strlen(engineid) + 1; params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ENGINE, - engineid, - engineid_l); + engineid, 0); } #endif params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - mdname, - strlen(mdname) + 1); + mdname, 0); params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, key->data, key->length); diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c index 916a06e5a1..b20eff2865 100644 --- a/crypto/kdf/sskdf.c +++ b/crypto/kdf/sskdf.c @@ -223,8 +223,7 @@ static int SSKDF_mac_kdm(EVP_MAC *kdf_mac, const EVP_MD *hmac_md, const char *mdname = EVP_MD_name(hmac_md); params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - (char *)mdname, - strlen(mdname) + 1); + (char *)mdname, 0); } params[params_n++] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, (void *)salt, diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index f5d2314681..edd7f05ce0 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -252,8 +252,7 @@ static int tls1_prf_P_hash(const EVP_MD *md, mac_flags = EVP_MD_CTX_FLAG_NON_FIPS_ALLOW; params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_FLAGS, &mac_flags); params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - (char *)mdname, - strlen(mdname) + 1); + (char *)mdname, 0); params[2] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, (void *)sec, sec_len); params[3] = OSSL_PARAM_construct_end(); diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index de6a3b853f..1d91ee78ee 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -173,8 +173,7 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, const char *cbc_name = EVP_CIPHER_name(cbc); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - (char *)cbc_name, - strlen(cbc_name) + 1); + (char *)cbc_name, 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, (void *)key, klen); params[2] = OSSL_PARAM_construct_end(); diff --git a/crypto/params.c b/crypto/params.c index b3fbb12b9b..20082ad90b 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -808,6 +808,8 @@ int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, size_t bsize) { + if (buf != NULL && bsize == 0) + bsize = strlen(buf) + 1; return ossl_param_construct(key, OSSL_PARAM_UTF8_STRING, buf, bsize); } diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 6daa82d753..4d3b223934 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -305,12 +305,10 @@ EVP_MAC_do_all_ex() returns nothing at all. if (cipher != NULL) params[params_n++] = - OSSL_PARAM_construct_utf8_string("cipher", cipher, - strlen(cipher) + 1, NULL); + OSSL_PARAM_construct_utf8_string("cipher", cipher, 0, NULL); if (digest != NULL) params[params_n++] = - OSSL_PARAM_construct_utf8_string("digest", digest, - strlen(digest) + 1, NULL); + OSSL_PARAM_construct_utf8_string("digest", digest, 0, NULL); params[params_n++] = OSSL_PARAM_construct_octet_string("key", key, strlen(key), NULL); params[params_n] = OSSL_PARAM_construct_end(); diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index b73d2b16c2..742e8d5774 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -166,23 +166,22 @@ size B is created. OSSL_PARAM_construct_utf8_string() is a function that constructs a UTF8 string OSSL_PARAM structure. -A parameter with name B, storage B, size B and return -size B is created. +A parameter with name B, storage B and size B is created. +If B is zero, the string length is determined using strlen(3). OSSL_PARAM_construct_octet_string() is a function that constructs an OCTET string OSSL_PARAM structure. -A parameter with name B, storage B, size B and return -size B is created. +A parameter with name B, storage B and size B is created. OSSL_PARAM_construct_utf8_ptr() is a function that constructes a UTF string pointer OSSL_PARAM structure. -A parameter with name B, storage pointer B<*buf>, size B and -return size B is created. +A parameter with name B, storage pointer B<*buf> and size B +is created. OSSL_PARAM_construct_octet_ptr() is a function that constructes an OCTET string pointer OSSL_PARAM structure. -A parameter with name B, storage pointer B<*buf>, size B and -return size B is created. +A parameter with name B, storage pointer B<*buf> and size B +is created. OSSL_PARAM_construct_end() is a function that constructs the terminating OSSL_PARAM structure. diff --git a/test/evp_test.c b/test/evp_test.c index fd50c71354..b2047d591a 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1173,14 +1173,12 @@ static int mac_test_run_mac(EVP_TEST *t) OSSL_MAC_PARAM_CIPHER) != NULL) { params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - expected->alg, - strlen(expected->alg) + 1); + expected->alg, 0); } else if (OSSL_PARAM_locate_const(defined_params, OSSL_MAC_PARAM_DIGEST) != NULL) { params[params_n++] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - expected->alg, - strlen(expected->alg) + 1); + expected->alg, 0); } else { t->err = "MAC_BAD_PARAMS"; goto err; From builds at travis-ci.org Wed Sep 4 10:38:56 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 04 Sep 2019 10:38:56 +0000 Subject: Still Failing: openssl/openssl#27855 (master - 7f588d2) In-Reply-To: Message-ID: <5d6f94409fbd3_43ff3ce5ddb38307839@e02c509a-fd52-4ae3-a33b-0befcfe60f87.mail> Build Update for openssl/openssl ------------------------------------- Build: #27855 Status: Still Failing Duration: 22 mins and 39 secs Commit: 7f588d2 (master) Author: Pauli Message: OSSL_PARAM_construct_utf8_string computes the string length. If the passed string length is zero, the function computes the string length from the passed string. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9760) View the changeset: https://github.com/openssl/openssl/compare/550f974a0994...7f588d20cd9e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580651103?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 4 13:59:40 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 13:59:40 +0000 Subject: Build failed: openssl master.27284 Message-ID: <20190904135940.1.1A4B440C456A70AD@appveyor.com> An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Wed Sep 4 14:20:34 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 04 Sep 2019 14:20:34 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567606834.484561.23988.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 9757a5ad8a3bb3869fc0e159b10ff6061c9d0eda (commit) from 1bf29d497e66efef0fbc9b1864d8a5db64bf898e (commit) - Log ----------------------------------------------------------------- commit 9757a5ad8a3bb3869fc0e159b10ff6061c9d0eda Author: David Woodhouse Date: Thu Aug 22 18:42:05 2019 +0100 Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable() In commit 6aca8d1a5 ("Honour mandatory digest on private key in has_usable_cert()") I added two checks for the capabilities of the EVP_PKEY being used. One of them was wrong, as it should only be checking the signature of the X.509 cert (by its issuer) against the sigalgs given in a TLS v1.3 signature_algorithms_cert extension. Remove it. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9705) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e5e77023cc..52d58ddd4f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2563,27 +2563,23 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, { const SIGALG_LOOKUP *lu; int mdnid, pknid, default_mdnid; - int mandatory_md = 0; size_t i; /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */ ERR_set_mark(); - switch (EVP_PKEY_get_default_digest_nid(pkey, &default_mdnid)) { - case 2: - mandatory_md = 1; - break; - case 1: - default: /* If it didn't report a mandatory NID, for whatever reasons, - * just clear the error and allow all hashes to be used. */ - break; - } + if (EVP_PKEY_get_default_digest_nid(pkey, &default_mdnid) == 2 && + sig->hash != default_mdnid) + return 0; + + /* If it didn't report a mandatory NID, for whatever reasons, + * just clear the error and allow all hashes to be used. */ ERR_pop_to_mark(); + if (s->s3->tmp.peer_cert_sigalgs != NULL) { for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) { lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); if (lu == NULL - || !X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL) - || (mandatory_md && mdnid != default_mdnid)) + || !X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL)) continue; /* * TODO this does not differentiate between the @@ -2596,7 +2592,7 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, } return 0; } - return !mandatory_md || sig->hash == default_mdnid; + return 1; } /* From tmraz at fedoraproject.org Wed Sep 4 14:23:45 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 04 Sep 2019 14:23:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567607025.220045.25081.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 907f87d6f5105e10a211e89b1d6050a3d36a35ba (commit) via 432717135c3f42adc74e0fde494e672340fb4741 (commit) from 9757a5ad8a3bb3869fc0e159b10ff6061c9d0eda (commit) - Log ----------------------------------------------------------------- commit 907f87d6f5105e10a211e89b1d6050a3d36a35ba Author: raja-ashok Date: Fri May 31 08:50:54 2019 +0530 Test SSL_set_ciphersuites Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9621) commit 432717135c3f42adc74e0fde494e672340fb4741 Author: raja-ashok Date: Thu May 30 23:51:18 2019 +0530 Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9621) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_ciph.c | 13 +++--- test/sslapitest.c | 137 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 144 insertions(+), 6 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b60d67aa0d..27a1b2ec68 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1377,24 +1377,25 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) { int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str); - if (ret && ctx->cipher_list != NULL) { - /* We already have a cipher_list, so we need to update it */ + if (ret && ctx->cipher_list != NULL) return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id, ctx->tls13_ciphersuites); - } return ret; } int SSL_set_ciphersuites(SSL *s, const char *str) { + STACK_OF(SSL_CIPHER) *cipher_list; int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); - if (ret && s->cipher_list != NULL) { - /* We already have a cipher_list, so we need to update it */ + if (s->cipher_list == NULL) { + if ((cipher_list = SSL_get_ciphers(s)) != NULL) + s->cipher_list = sk_SSL_CIPHER_dup(cipher_list); + } + if (ret && s->cipher_list != NULL) return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id, s->tls13_ciphersuites); - } return ret; } diff --git a/test/sslapitest.c b/test/sslapitest.c index c29bb64f6f..7a142268fa 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -3289,6 +3289,142 @@ static int test_ciphersuite_change(void) return testresult; } +/* + * Test TLSv1.3 Cipher Suite + * Test 0 = Set TLS1.3 cipher on context + * Test 1 = Set TLS1.3 cipher on SSL + * Test 2 = Set TLS1.3 and TLS1.2 cipher on context + * Test 3 = Set TLS1.3 and TLS1.2 cipher on SSL + */ +static int test_tls13_ciphersuite(int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + static const char *t13_ciphers[] = { + TLS1_3_RFC_AES_128_GCM_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384, + TLS1_3_RFC_AES_128_CCM_SHA256, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384 ":" TLS1_3_RFC_CHACHA20_POLY1305_SHA256, +# endif + TLS1_3_RFC_AES_128_CCM_8_SHA256 ":" TLS1_3_RFC_AES_128_CCM_SHA256 + }; + const char *t13_cipher = NULL; + const char *t12_cipher = NULL; + const char *negotiated_scipher; + const char *negotiated_ccipher; + int set_at_ctx = 0; + int set_at_ssl = 0; + int testresult = 0; + int max_ver; + size_t i; + + switch (idx) { + case 0: + set_at_ctx = 1; + break; + case 1: + set_at_ssl = 1; + break; + case 2: + set_at_ctx = 1; + t12_cipher = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256; + break; + case 3: + set_at_ssl = 1; + t12_cipher = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256; + break; + } + + for (max_ver = TLS1_2_VERSION; max_ver <= TLS1_3_VERSION; max_ver++) { +# ifdef OPENSSL_NO_TLS1_2 + if (max_ver == TLS1_2_VERSION) + continue; +# endif + for (i = 0; i < OSSL_NELEM(t13_ciphers); i++) { + t13_cipher = t13_ciphers[i]; + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, max_ver, + &sctx, &cctx, cert, privkey))) + goto end; + + if (set_at_ctx) { + if (!TEST_true(SSL_CTX_set_ciphersuites(sctx, t13_cipher)) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, t13_cipher))) + goto end; + if (t12_cipher != NULL) { + if (!TEST_true(SSL_CTX_set_cipher_list(sctx, t12_cipher)) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, + t12_cipher))) + goto end; + } + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if (set_at_ssl) { + if (!TEST_true(SSL_set_ciphersuites(serverssl, t13_cipher)) + || !TEST_true(SSL_set_ciphersuites(clientssl, t13_cipher))) + goto end; + if (t12_cipher != NULL) { + if (!TEST_true(SSL_set_cipher_list(serverssl, t12_cipher)) + || !TEST_true(SSL_set_cipher_list(clientssl, + t12_cipher))) + goto end; + } + } + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + negotiated_scipher = SSL_CIPHER_get_name(SSL_get_current_cipher( + serverssl)); + negotiated_ccipher = SSL_CIPHER_get_name(SSL_get_current_cipher( + clientssl)); + if (!TEST_str_eq(negotiated_scipher, negotiated_ccipher)) + goto end; + + /* + * TEST_strn_eq is used below because t13_cipher can contain + * multiple ciphersuites + */ + if (max_ver == TLS1_3_VERSION + && !TEST_strn_eq(t13_cipher, negotiated_scipher, + strlen(negotiated_scipher))) + goto end; + +# ifndef OPENSSL_NO_TLS1_2 + /* Below validation is not done when t12_cipher is NULL */ + if (max_ver == TLS1_2_VERSION && t12_cipher != NULL + && !TEST_str_eq(t12_cipher, negotiated_scipher)) + goto end; +# endif + + SSL_free(serverssl); + serverssl = NULL; + SSL_free(clientssl); + clientssl = NULL; + SSL_CTX_free(sctx); + sctx = NULL; + SSL_CTX_free(cctx); + cctx = NULL; + } + } + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + /* * Test TLSv1.3 PSKs * Test 0 = Test new style callbacks @@ -6154,6 +6290,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_TLS1_3 ADD_ALL_TESTS(test_set_ciphersuite, 10); ADD_TEST(test_ciphersuite_change); + ADD_ALL_TESTS(test_tls13_ciphersuite, 4); #ifdef OPENSSL_NO_PSK ADD_ALL_TESTS(test_tls13_psk, 1); #else From no-reply at appveyor.com Wed Sep 4 14:37:49 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 14:37:49 +0000 Subject: Build completed: openssl master.27285 Message-ID: <20190904143749.1.A6FFE68AA5BD3DB9@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Sep 4 14:39:20 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 04 Sep 2019 14:39:20 +0000 Subject: Still Failing: openssl/openssl#27859 (OpenSSL_1_1_1-stable - 9757a5a) In-Reply-To: Message-ID: <5d6fcc97e72da_43faed61757e02711ad@a46de67a-0dc1-45bc-872b-723fef42ee3b.mail> Build Update for openssl/openssl ------------------------------------- Build: #27859 Status: Still Failing Duration: 18 mins and 2 secs Commit: 9757a5a (OpenSSL_1_1_1-stable) Author: David Woodhouse Message: Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable() In commit 6aca8d1a5 ("Honour mandatory digest on private key in has_usable_cert()") I added two checks for the capabilities of the EVP_PKEY being used. One of them was wrong, as it should only be checking the signature of the X.509 cert (by its issuer) against the sigalgs given in a TLS v1.3 signature_algorithms_cert extension. Remove it. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9705) View the changeset: https://github.com/openssl/openssl/compare/1bf29d497e66...9757a5ad8a3b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580750891?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Wed Sep 4 14:48:12 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 04 Sep 2019 14:48:12 +0000 Subject: [openssl] master update Message-ID: <1567608492.614399.27782.nullmailer@dev.openssl.org> The branch master has been updated via 1e8e75d18be8856e753a57771754b9926c3f4264 (commit) from 7f588d20cd9ed2bb0ee2577a4523453964f532b0 (commit) - Log ----------------------------------------------------------------- commit 1e8e75d18be8856e753a57771754b9926c3f4264 Author: Billy Brawner Date: Tue Aug 27 17:07:17 2019 -0700 Suppress 'No server certificate CA names sent' message Fixes #9080 Signed-off-by: Billy Brawner Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9710) ----------------------------------------------------------------------- Summary of changes: apps/s_cb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 935ea9022d..47b8afe9ef 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1508,7 +1508,8 @@ void print_ca_names(BIO *bio, SSL *s) int i; if (sk == NULL || sk_X509_NAME_num(sk) == 0) { - BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); + if (!SSL_is_server(s)) + BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); return; } From tmraz at fedoraproject.org Wed Sep 4 14:48:57 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 04 Sep 2019 14:48:57 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567608537.733398.28685.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via fb6a82c498b895c5d92a59d0b1737d37da98cefc (commit) from 907f87d6f5105e10a211e89b1d6050a3d36a35ba (commit) - Log ----------------------------------------------------------------- commit fb6a82c498b895c5d92a59d0b1737d37da98cefc Author: Billy Brawner Date: Tue Aug 27 17:07:17 2019 -0700 Suppress 'No server certificate CA names sent' message Fixes #9080 Signed-off-by: Billy Brawner Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9710) (cherry picked from commit 1e8e75d18be8856e753a57771754b9926c3f4264) ----------------------------------------------------------------------- Summary of changes: apps/s_cb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 520323c8b0..5dc1d03f28 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1525,7 +1525,8 @@ void print_ca_names(BIO *bio, SSL *s) int i; if (sk == NULL || sk_X509_NAME_num(sk) == 0) { - BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); + if (!SSL_is_server(s)) + BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); return; } From builds at travis-ci.org Wed Sep 4 14:50:13 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 04 Sep 2019 14:50:13 +0000 Subject: Still Failing: openssl/openssl#27860 (OpenSSL_1_1_1-stable - 907f87d) In-Reply-To: Message-ID: <5d6fcf24b9928_43f8fab195abc2445da@9ba7599c-4f44-453d-a932-871e8d86f1d8.mail> Build Update for openssl/openssl ------------------------------------- Build: #27860 Status: Still Failing Duration: 23 mins and 49 secs Commit: 907f87d (OpenSSL_1_1_1-stable) Author: raja-ashok Message: Test SSL_set_ciphersuites Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9621) View the changeset: https://github.com/openssl/openssl/compare/9757a5ad8a3b...907f87d6f510 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580752462?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Sep 4 15:14:11 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 04 Sep 2019 15:14:11 +0000 Subject: Still Failing: openssl/openssl#27861 (master - 1e8e75d) In-Reply-To: Message-ID: <5d6fd4c3235d9_43fae859bde4427942d@95fe395b-eb19-4c4e-b773-63f05cf81a31.mail> Build Update for openssl/openssl ------------------------------------- Build: #27861 Status: Still Failing Duration: 25 mins and 23 secs Commit: 1e8e75d (master) Author: Billy Brawner Message: Suppress 'No server certificate CA names sent' message Fixes #9080 Signed-off-by: Billy Brawner Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9710) View the changeset: https://github.com/openssl/openssl/compare/7f588d20cd9e...1e8e75d18be8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580764293?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Sep 4 15:19:26 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 04 Sep 2019 15:19:26 +0000 Subject: Errored: openssl/openssl#27862 (OpenSSL_1_1_1-stable - fb6a82c) In-Reply-To: Message-ID: <5d6fd5fe4c897_43fd17ce2e6303147b0@9566e0a2-f02b-44f6-9f5b-98fc1d8a4c7e.mail> Build Update for openssl/openssl ------------------------------------- Build: #27862 Status: Errored Duration: 24 mins and 28 secs Commit: fb6a82c (OpenSSL_1_1_1-stable) Author: Billy Brawner Message: Suppress 'No server certificate CA names sent' message Fixes #9080 Signed-off-by: Billy Brawner Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9710) (cherry picked from commit 1e8e75d18be8856e753a57771754b9926c3f4264) View the changeset: https://github.com/openssl/openssl/compare/907f87d6f510...fb6a82c498b8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580764654?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Sep 4 15:27:14 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 04 Sep 2019 15:27:14 +0000 Subject: [openssl] master update Message-ID: <1567610834.702654.871.nullmailer@dev.openssl.org> The branch master has been updated via 2ad75c6c1341db8a3122bbeaf863440057d71307 (commit) from 1e8e75d18be8856e753a57771754b9926c3f4264 (commit) - Log ----------------------------------------------------------------- commit 2ad75c6c1341db8a3122bbeaf863440057d71307 Author: Richard Levitte Date: Wed Aug 28 22:27:47 2019 +0200 Move libapps.a source to apps/lib This makes it clearer what's what. The 'openssl' application and its sub-commands remain in apps/ Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9723) ----------------------------------------------------------------------- Summary of changes: apps/build.info | 39 +++++++++++--------------------------- apps/{ => include}/vms_term_sock.h | 0 apps/{ => lib}/app_rand.c | 0 apps/{ => lib}/apps.c | 0 apps/{ => lib}/apps_ui.c | 0 apps/{ => lib}/bf_prefix.c | 0 apps/lib/build.info | 18 ++++++++++++++++++ apps/{ => lib}/columns.c | 0 apps/{ => lib}/fmt.c | 0 apps/{ => lib}/opt.c | 0 apps/{ => lib}/s_cb.c | 0 apps/{ => lib}/s_socket.c | 0 apps/{ => lib}/vms_decc_argv.c | 0 apps/{ => lib}/vms_term_sock.c | 0 apps/{ => lib}/win32_init.c | 0 test/build.info | 15 ++++++++------- 16 files changed, 37 insertions(+), 35 deletions(-) rename apps/{ => include}/vms_term_sock.h (100%) rename apps/{ => lib}/app_rand.c (100%) rename apps/{ => lib}/apps.c (100%) rename apps/{ => lib}/apps_ui.c (100%) rename apps/{ => lib}/bf_prefix.c (100%) create mode 100644 apps/lib/build.info rename apps/{ => lib}/columns.c (100%) rename apps/{ => lib}/fmt.c (100%) rename apps/{ => lib}/opt.c (100%) rename apps/{ => lib}/s_cb.c (100%) rename apps/{ => lib}/s_socket.c (100%) rename apps/{ => lib}/vms_decc_argv.c (100%) rename apps/{ => lib}/vms_term_sock.c (100%) rename apps/{ => lib}/win32_init.c (100%) diff --git a/apps/build.info b/apps/build.info index aa2c6a302d..f49edb4d44 100644 --- a/apps/build.info +++ b/apps/build.info @@ -1,3 +1,5 @@ +SUBDIRS=lib + # Program init source, that don't have direct linkage with the rest of the # source, and can therefore not be part of a library. IF[{- !$disabled{uplink} -}] @@ -7,37 +9,18 @@ IF[{- $config{target} =~ /^vms-/ -}] $INITSRC=vms_decc_init.c ENDIF -# Auxilliary program source -IF[{- $config{target} =~ /^(?:VC-|mingw)/ -}] - # It's called 'init', but doesn't have much 'init' in it... - $AUXLIBAPPSSRC=win32_init.c -ENDIF -IF[{- $config{target} =~ /^vms-/ -}] - $AUXLIBAPPSSRC=vms_term_sock.c vms_decc_argv.c -ENDIF - # Source for the 'openssl' program -# We need the perl variable for the DEPEND generator further down. -$OPENSSLSRC={- - our @opensslsrc = - qw(openssl.c progs.c - asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c - dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c - genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c - pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c - rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c - spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c - list.c info.c provider.c fipsinstall.c); - join(' ', @opensslsrc); -} -# Source for libapps -$LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \ - bf_prefix.c columns.c lib/app_params.c +$OPENSSLSRC=\ + openssl.c progs.c \ + asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \ + dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \ + genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \ + pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \ + rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ + spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c \ + list.c info.c provider.c fipsinstall.c IF[{- !$disabled{apps} -}] - LIBS{noinst}=libapps.a - SOURCE[libapps.a]=$LIBAPPSSRC $AUXLIBAPPSSRC - INCLUDE[libapps.a]=.. ../include include - PROGRAMS=openssl SOURCE[openssl]=$INITSRC $OPENSSLSRC INCLUDE[openssl]=.. ../include include diff --git a/apps/vms_term_sock.h b/apps/include/vms_term_sock.h similarity index 100% rename from apps/vms_term_sock.h rename to apps/include/vms_term_sock.h diff --git a/apps/app_rand.c b/apps/lib/app_rand.c similarity index 100% rename from apps/app_rand.c rename to apps/lib/app_rand.c diff --git a/apps/apps.c b/apps/lib/apps.c similarity index 100% rename from apps/apps.c rename to apps/lib/apps.c diff --git a/apps/apps_ui.c b/apps/lib/apps_ui.c similarity index 100% rename from apps/apps_ui.c rename to apps/lib/apps_ui.c diff --git a/apps/bf_prefix.c b/apps/lib/bf_prefix.c similarity index 100% rename from apps/bf_prefix.c rename to apps/lib/bf_prefix.c diff --git a/apps/lib/build.info b/apps/lib/build.info new file mode 100644 index 0000000000..f92d4dafc6 --- /dev/null +++ b/apps/lib/build.info @@ -0,0 +1,18 @@ +# Auxilliary program source +IF[{- $config{target} =~ /^(?:VC-|mingw)/ -}] + # It's called 'init', but doesn't have much 'init' in it... + $AUXLIBAPPSSRC=win32_init.c +ENDIF +IF[{- $config{target} =~ /^vms-/ -}] + $AUXLIBAPPSSRC=vms_term_sock.c vms_decc_argv.c +ENDIF + +# Source for libapps +$LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \ + bf_prefix.c columns.c app_params.c + +IF[{- !$disabled{apps} -}] + LIBS{noinst}=../libapps.a + SOURCE[../libapps.a]=$LIBAPPSSRC $AUXLIBAPPSSRC + INCLUDE[../libapps.a]=../.. ../../include ../include +ENDIF diff --git a/apps/columns.c b/apps/lib/columns.c similarity index 100% rename from apps/columns.c rename to apps/lib/columns.c diff --git a/apps/fmt.c b/apps/lib/fmt.c similarity index 100% rename from apps/fmt.c rename to apps/lib/fmt.c diff --git a/apps/opt.c b/apps/lib/opt.c similarity index 100% rename from apps/opt.c rename to apps/lib/opt.c diff --git a/apps/s_cb.c b/apps/lib/s_cb.c similarity index 100% rename from apps/s_cb.c rename to apps/lib/s_cb.c diff --git a/apps/s_socket.c b/apps/lib/s_socket.c similarity index 100% rename from apps/s_socket.c rename to apps/lib/s_socket.c diff --git a/apps/vms_decc_argv.c b/apps/lib/vms_decc_argv.c similarity index 100% rename from apps/vms_decc_argv.c rename to apps/lib/vms_decc_argv.c diff --git a/apps/vms_term_sock.c b/apps/lib/vms_term_sock.c similarity index 100% rename from apps/vms_term_sock.c rename to apps/lib/vms_term_sock.c diff --git a/apps/win32_init.c b/apps/lib/win32_init.c similarity index 100% rename from apps/win32_init.c rename to apps/lib/win32_init.c diff --git a/test/build.info b/test/build.info index 595a0da2ae..eb344fd6c3 100644 --- a/test/build.info +++ b/test/build.info @@ -1,19 +1,20 @@ SUBDIRS=ossl_shim -# TODO: use ../apps/libapps.a instead of direct ../apps source. +# TODO: use ../apps/libapps.a instead of direct ../apps/lib source. # This can't currently be done, because some of its units drag in too many -# unresolved references that don't apply here. Most of all, ../apps/apps.c -# needs to be divided in smaller pieces to be useful here. +# unresolved references that don't apply here. +# Most of all, ../apps/lib/apps.c needs to be divided in smaller pieces to +# be useful here. # # Auxilliary program source (copied from ../apps/build.info) IF[{- $config{target} =~ /^(?:VC-|mingw)/ -}] # It's called 'init', but doesn't have much 'init' in it... - $AUXLIBAPPSSRC=../apps/win32_init.c + $AUXLIBAPPSSRC=../apps/lib/win32_init.c ENDIF IF[{- $config{target} =~ /^vms-/ -}] - $AUXLIBAPPSSRC=../apps/vms_term_sock.c ../apps/vms_decc_argv.c + $AUXLIBAPPSSRC=../apps/lib/vms_term_sock.c ../apps/lib/vms_decc_argv.c ENDIF -$LIBAPPSSRC=../apps/opt.c ../apps/bf_prefix.c $AUXLIBAPPSSRC +$LIBAPPSSRC=../apps/lib/opt.c ../apps/lib/bf_prefix.c $AUXLIBAPPSSRC IF[{- !$disabled{tests} -}] LIBS{noinst,has_main}=libtestutil.a @@ -435,7 +436,7 @@ IF[{- !$disabled{tests} -}] DEPEND[cipher_overhead_test]=../libcrypto ../libssl libtestutil.a ENDIF - SOURCE[uitest]=uitest.c ../apps/apps_ui.c + SOURCE[uitest]=uitest.c ../apps/lib/apps_ui.c INCLUDE[uitest]=.. ../include ../apps/include DEPEND[uitest]=../libcrypto ../libssl libtestutil.a From levitte at openssl.org Wed Sep 4 15:36:35 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 04 Sep 2019 15:36:35 +0000 Subject: [openssl] master update Message-ID: <1567611395.541451.2522.nullmailer@dev.openssl.org> The branch master has been updated via bc5a80910dccbc1e417f96bb7f0a3814d3ad5a4d (commit) from 2ad75c6c1341db8a3122bbeaf863440057d71307 (commit) - Log ----------------------------------------------------------------- commit bc5a80910dccbc1e417f96bb7f0a3814d3ad5a4d Author: Rich Salz Date: Thu Aug 29 12:12:17 2019 -0400 Handle the renamed command POD files in find-doc-nits Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9729) ----------------------------------------------------------------------- Summary of changes: util/find-doc-nits | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/util/find-doc-nits b/util/find-doc-nits index 9126e73586..d6dfa5a0dc 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -533,6 +533,7 @@ my %skips = ( sub checkflags() { my $cmd = shift; + my $doc = shift; my %cmdopts; my %docopts; my $ok = 1; @@ -548,8 +549,8 @@ sub checkflags() { close CFH; # Get the list of flags from the synopsis - open CFH, " ) { chop; last if /DESCRIPTION/; @@ -617,13 +618,15 @@ if ( $opt_c ) { close FH; # See if each has a manpage. - foreach ( @commands ) { - next if $_ eq 'help' || $_ eq 'exit'; - if ( ! -f "doc/man1/$_.pod" ) { - print "doc/man1/$_.pod does not exist\n"; + foreach my $cmd ( @commands ) { + next if $cmd eq 'help' || $cmd eq 'exit'; + my $doc = "doc/man1/$cmd.pod"; + $doc = "doc/man1/openssl-$cmd.pod" if -f "doc/man1/openssl-$cmd.pod"; + if ( ! -f "$doc" ) { + print "$doc does not exist\n"; $ok = 0; } else { - $ok = 0 if not &checkflags($_); + $ok = 0 if not &checkflags($cmd, $doc); } } From builds at travis-ci.org Wed Sep 4 15:47:25 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 04 Sep 2019 15:47:25 +0000 Subject: Still Failing: openssl/openssl#27863 (master - 2ad75c6) In-Reply-To: Message-ID: <5d6fdc8c37e5a_43faed0c4a70c287385@a46de67a-0dc1-45bc-872b-723fef42ee3b.mail> Build Update for openssl/openssl ------------------------------------- Build: #27863 Status: Still Failing Duration: 19 mins and 27 secs Commit: 2ad75c6 (master) Author: Richard Levitte Message: Move libapps.a source to apps/lib This makes it clearer what's what. The 'openssl' application and its sub-commands remain in apps/ Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9723) View the changeset: https://github.com/openssl/openssl/compare/1e8e75d18be8...2ad75c6c1341 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580783515?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Sep 4 16:04:25 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 04 Sep 2019 16:04:25 +0000 Subject: Still Failing: openssl/openssl#27864 (master - bc5a809) In-Reply-To: Message-ID: <5d6fe0899eb12_43f8faa7b216c2627c0@9ba7599c-4f44-453d-a932-871e8d86f1d8.mail> Build Update for openssl/openssl ------------------------------------- Build: #27864 Status: Still Failing Duration: 27 mins and 12 secs Commit: bc5a809 (master) Author: Rich Salz Message: Handle the renamed command POD files in find-doc-nits Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9729) View the changeset: https://github.com/openssl/openssl/compare/2ad75c6c1341...bc5a80910dcc View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580787750?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 4 17:56:00 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 17:56:00 +0000 Subject: Build failed: openssl master.27294 Message-ID: <20190904175600.1.37B8D1DAF7A603E9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 4 20:19:10 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 04 Sep 2019 20:19:10 +0000 Subject: Build completed: openssl master.27295 Message-ID: <20190904201910.1.AC7E7F7ECDDE1E1C@appveyor.com> An HTML attachment was scrubbed... URL: From shane.lontis at oracle.com Thu Sep 5 01:26:36 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Thu, 05 Sep 2019 01:26:36 +0000 Subject: [openssl] master update Message-ID: <1567646796.934455.25437.nullmailer@dev.openssl.org> The branch master has been updated via 1c3ace6898032b7b45d8106ba4e0d21d75b0997e (commit) from bc5a80910dccbc1e417f96bb7f0a3814d3ad5a4d (commit) - Log ----------------------------------------------------------------- commit 1c3ace6898032b7b45d8106ba4e0d21d75b0997e Author: Shane Lontis Date: Thu Sep 5 11:23:57 2019 +1000 Change provider params from int to size_t Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9699) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 32 +++++----- crypto/evp/evp_lib.c | 70 ++++++++++++---------- crypto/evp/pmeth_lib.c | 3 +- doc/man3/EVP_PKEY_CTX_ctrl.pod | 2 +- doc/man7/provider-cipher.pod | 22 +++---- doc/man7/provider-digest.pod | 6 +- doc/man7/provider-keyexch.pod | 2 +- include/openssl/core_names.h | 50 ++++++++-------- include/openssl/mdc2.h | 2 +- providers/common/ciphers/cipher_ccm.c | 4 +- providers/common/ciphers/cipher_common.c | 58 +++++++++--------- providers/common/ciphers/cipher_gcm.c | 28 +++++---- providers/common/ciphers/cipher_gcm_hw.c | 2 +- providers/common/ciphers/cipher_locl.h | 8 +-- providers/common/digests/digest_common.c | 13 ++-- providers/common/exchange/dh_exch.c | 10 ++-- .../common/include/internal/ciphers/cipher_aead.h | 2 + .../common/include/internal/ciphers/cipher_ccm.h | 22 +++---- .../common/include/internal/ciphers/cipher_gcm.h | 30 +++++----- .../common/include/internal/ciphers/ciphercommon.h | 25 ++++---- providers/common/include/internal/digestcommon.h | 2 +- providers/legacy/digests/mdc2_prov.c | 4 +- test/mdc2test.c | 7 ++- 23 files changed, 209 insertions(+), 195 deletions(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 96dc83b2a0..466a03dbf3 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -986,8 +986,9 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { int ok; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t len = keylen; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params); if (ok != EVP_CTRL_RET_UNSUPPORTED) @@ -1010,13 +1011,14 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) { int ok; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + unsigned int pd = pad; if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; else ctx->flags |= EVP_CIPH_NO_PADDING; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_PADDING, &pad); + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd); ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); return ok != 0; @@ -1026,7 +1028,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { int ret = EVP_CTRL_RET_UNSUPPORTED; int set_params = 1; - size_t sz; + size_t sz = arg; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; if (ctx == NULL || ctx->cipher == NULL) { @@ -1039,13 +1041,13 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_SET_KEY_LENGTH: - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &arg); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz); break; case EVP_CTRL_RAND_KEY: /* Used by DES */ set_params = 0; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, - ptr, (size_t)arg); + ptr, sz); break; case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ @@ -1055,35 +1057,29 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) case EVP_CTRL_GET_IV: set_params = 0; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, - ptr, (size_t)arg); + ptr, sz); break; case EVP_CTRL_AEAD_SET_IVLEN: if (arg < 0) return 0; - sz = (size_t)arg; - params[0] = - OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, &sz); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz); break; case EVP_CTRL_GCM_SET_IV_FIXED: params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, - ptr, (size_t)arg); - break; - case EVP_CTRL_AEAD_SET_TAG: - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - ptr, (size_t)arg); + ptr, sz); break; case EVP_CTRL_AEAD_GET_TAG: - set_params = 0; + set_params = 0; /* Fall thru */ + case EVP_CTRL_AEAD_SET_TAG: params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - ptr, (size_t)arg); + ptr, sz); break; case EVP_CTRL_AEAD_TLS1_AAD: /* This one does a set and a get - since it returns a padding size */ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, - ptr, (size_t)arg); + ptr, sz); ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); if (ret <= 0) return ret; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index b5b39a7f2d..acb90f222b 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -218,13 +218,14 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) { - int ok, v = cipher->block_size; + int ok; + size_t v = cipher->block_size; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; + return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) @@ -304,31 +305,33 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) { - int ok, v = cipher->iv_len; + int ok; + size_t v = cipher->iv_len; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; + return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) { - int len, rv, v = EVP_CIPHER_iv_length(ctx->cipher); + int rv; + size_t len, v = EVP_CIPHER_iv_length(ctx->cipher); OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v); rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); if (rv == EVP_CTRL_RET_UNSUPPORTED) goto legacy; - return rv != 0 ? v : -1; + return rv != 0 ? (int)v : -1; /* TODO (3.0) Remove legacy support */ legacy: if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0, &len); - return (rv == 1) ? len : -1; + return (rv == 1) ? (int)len : -1; } return v; } @@ -376,48 +379,52 @@ unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) { - int ok, v = ctx->num; + int ok; + unsigned int v = (unsigned int)ctx->num; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &v); + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &v); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; + return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) { int ok; + unsigned int n = (unsigned int)num; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &num); + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &n); ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params); if (ok != 0) - ctx->num = num; + ctx->num = (int)n; return ok != 0; } int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { - int ok, v = cipher->key_len; + int ok; + size_t v = cipher->key_len; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; + return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) { - int ok, v = ctx->key_len; + int ok; + size_t v = ctx->key_len; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v); + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; + return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_nid(const EVP_CIPHER *cipher) @@ -448,13 +455,14 @@ const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher) int EVP_CIPHER_mode(const EVP_CIPHER *cipher) { - int ok, v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; + int ok; + unsigned int v = EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_MODE, &v); + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : 0; + return ok != 0 ? (int)v : 0; } const char *EVP_MD_name(const EVP_MD *md) @@ -475,7 +483,8 @@ const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md) int EVP_MD_block_size(const EVP_MD *md) { - int ok, v = md->block_size; + int ok; + size_t v = md->block_size; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; if (md == NULL) { @@ -483,10 +492,10 @@ int EVP_MD_block_size(const EVP_MD *md) return -1; } - params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_BLOCK_SIZE, &v); + params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &v); ok = evp_do_md_getparams(md, params); - return ok != 0 ? v : -1; + return ok != 0 ? (int)v : -1; } int EVP_MD_type(const EVP_MD *md) @@ -501,7 +510,8 @@ int EVP_MD_pkey_type(const EVP_MD *md) int EVP_MD_size(const EVP_MD *md) { - int ok, v = md->md_size; + int ok; + size_t v = md->md_size; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; if (md == NULL) { @@ -509,10 +519,10 @@ int EVP_MD_size(const EVP_MD *md) return -1; } - params[0] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_SIZE, &v); + params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &v); ok = evp_do_md_getparams(md, params); - return ok != 0 ? v : -1; + return ok != 0 ? (int)v : -1; } unsigned long EVP_MD_flags(const EVP_MD *md) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 31b4ae4411..d2b28f825b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -409,13 +409,14 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) { OSSL_PARAM dh_pad_params[2]; + unsigned int upad = pad; /* TODO(3.0): Remove this eventually when no more legacy */ if (ctx->exchprovctx == NULL) return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_DH_PAD, pad, NULL); - dh_pad_params[0] = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_PAD, &pad); + dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &upad); dh_pad_params[1] = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, dh_pad_params); diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 369fc0f9d0..1787e19ab7 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -153,7 +153,7 @@ The parameters currently supported by the default provider are: =over 4 -=item OSSL_EXCHANGE_PARAM_PAD (int type) +=item OSSL_EXCHANGE_PARAM_PAD (uint type) Sets the DH padding mode. If B is 1 then the shared secret is padded with zeroes diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index 040a34c126..1b7dff8f76 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -39,7 +39,7 @@ provider-cipher - The cipher library E-E provider functions /* Cipher parameter descriptors */ const OSSL_PARAM *OP_cipher_gettable_params(void); - /* Cipheroperation parameter descriptors */ + /* Cipher operation parameter descriptors */ const OSSL_PARAM *OP_cipher_gettable_ctx_params(void); const OSSL_PARAM *OP_cipher_settable_ctx_params(void); @@ -111,7 +111,7 @@ OP_cipher_newctx() should create and return a pointer to a provider side structure for holding context information during a cipher operation. A pointer to this context will be passed back in a number of the other cipher operation function calls. -The paramater B is the provider context generated during provider +The parameter B is the provider context generated during provider initialisation (see L). OP_cipher_freectx() is passed a pointer to the provider side cipher context in @@ -124,7 +124,7 @@ B parameter and return the duplicate copy. =head2 Encryption/Decryption Functions OP_cipher_encrypt_init() initialises a cipher operation for encryption given a -newly created provider side cipher context in the B paramter. +newly created provider side cipher context in the B parameter. The key to be used is given in B which is B bytes long. The IV to be used is given in B which is B bytes long. @@ -158,7 +158,7 @@ The same expectations apply to B as documented for L and L. OP_cipher_cipher() performs encryption/decryption using the provider side cipher -context in the B paramter that should have been previously initialised via +context in the B parameter that should have been previously initialised via a call to OP_cipher_encrypt_init() or OP_cipher_decrypt_init. This should call the raw underlying cipher function without any padding. This will be invoked in the provider as a result of the application calling @@ -197,18 +197,18 @@ parameters are relevant to, or are understood by all ciphers: =over 4 -=item B (int) +=item B (uint) Sets the padding mode for the associated cipher ctx. Setting a value of 1 will turn padding on. -Setting a vlue of 0 will turn padding off. +Setting a value of 0 will turn padding off. -=item B (int) +=item B (uint) Gets the mode for the associated cipher algorithm. See L for a list of valid modes. -=item B (int) +=item B (size_t) Gets the block size for the associated cipher algorithm. The block size should be 1 for stream ciphers. @@ -223,13 +223,13 @@ Gets any flags for the associated cipher algorithm. See L for a list of currently defined cipher flags. -=item B (int) +=item B (size_t) Gets the key length for the associated cipher algorithm. This can also be used to get or set the key length for the associated cipher ctx. -=item B (int) +=item B (size_t) Gets the IV length for the associated cipher algorithm. @@ -237,7 +237,7 @@ Gets the IV length for the associated cipher algorithm. Gets the IV for the associated cipher ctx. -=item B (int) +=item B (uint) Gets or sets the cipher specific "num" parameter for the associated cipher ctx. Built-in ciphers typically use this to track how much of the current underlying diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index 31d3516def..3d7808452c 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -164,11 +164,11 @@ by all digests: =over 4 -=item B (int) +=item B (size_t) The digest block size. -=item B (int) +=item B (size_t) The digest output size. @@ -243,7 +243,7 @@ section 5.6.8. The next call after setting this parameter will be OP_digest_final(). This is only relevant for implementations of SHA1 or MD5_SHA1. -=item B (int) +=item B (uint) Sets the pad type to be used. The only built-in digest that uses this is MDC2. diff --git a/doc/man7/provider-keyexch.pod b/doc/man7/provider-keyexch.pod index 875d6e267e..71830c12c6 100644 --- a/doc/man7/provider-keyexch.pod +++ b/doc/man7/provider-keyexch.pod @@ -138,7 +138,7 @@ algorithms: =over 4 -=item B (int) +=item B (uint) Sets the padding mode for the associated key exchange ctx. Setting a value of 1 will turn padding on. diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 448bc50e8a..2fe06dc272 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -41,50 +41,50 @@ extern "C" { #define OSSL_PROV_PARAM_MODULE_FILENAME "module-filename" /* cipher parameters */ -#define OSSL_CIPHER_PARAM_PADDING "padding" /* int */ -#define OSSL_CIPHER_PARAM_MODE "mode" /* int */ -#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* int */ +#define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ +#define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ +#define OSSL_CIPHER_PARAM_BLOCK_SIZE "blocksize" /* size_t */ #define OSSL_CIPHER_PARAM_FLAGS "flags" /* ulong */ -#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* int */ -#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* int */ +#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ +#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ #define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ -#define OSSL_CIPHER_PARAM_NUM "num" /* int */ +#define OSSL_CIPHER_PARAM_NUM "num" /* uint */ #define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */ #define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ #define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ #define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_IVLEN "aeadivlen" /* size_t */ +#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN #define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ /* digest parameters */ -#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" -#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" -#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" -#define OSSL_DIGEST_PARAM_MICALG "micalg" -#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* OSSL_PARAM_INTEGER */ -#define OSSL_DIGEST_PARAM_SIZE "size" /* OSSL_PARAM_INTEGER */ -#define OSSL_DIGEST_PARAM_FLAGS "flags" /* OSSL_PARAM_UNSIGNED_INTEGER */ +#define OSSL_DIGEST_PARAM_XOFLEN "xoflen" /* size_t */ +#define OSSL_DIGEST_PARAM_SSL3_MS "ssl3-ms" /* octet string */ +#define OSSL_DIGEST_PARAM_PAD_TYPE "pad_type" /* uint */ +#define OSSL_DIGEST_PARAM_MICALG "micalg" /* utf8 string */ +#define OSSL_DIGEST_PARAM_BLOCK_SIZE "blocksize" /* size_t */ +#define OSSL_DIGEST_PARAM_SIZE "size" /* size_t */ +#define OSSL_DIGEST_PARAM_FLAGS "flags" /* ulong */ /* Known DIGEST names (not a complete list) */ #define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK_KMAC128" #define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK_KMAC256" /* MAC parameters */ -#define OSSL_MAC_PARAM_KEY "key" /* octet string */ -#define OSSL_MAC_PARAM_IV "iv" /* octet string */ -#define OSSL_MAC_PARAM_CUSTOM "custom" /* utf8 string */ -#define OSSL_MAC_PARAM_SALT "salt" /* octet string */ -#define OSSL_MAC_PARAM_XOF "xof" /* int, 0 or 1 */ -#define OSSL_MAC_PARAM_FLAGS "flags" /* int */ +#define OSSL_MAC_PARAM_KEY "key" /* octet string */ +#define OSSL_MAC_PARAM_IV "iv" /* octet string */ +#define OSSL_MAC_PARAM_CUSTOM "custom" /* utf8 string */ +#define OSSL_MAC_PARAM_SALT "salt" /* octet string */ +#define OSSL_MAC_PARAM_XOF "xof" /* int, 0 or 1 */ +#define OSSL_MAC_PARAM_FLAGS "flags" /* int */ /* * If "engine" or "properties" are specified, they should always be paired * with "cipher" or "digest". */ -#define OSSL_MAC_PARAM_CIPHER "cipher" /* utf8 string */ -#define OSSL_MAC_PARAM_DIGEST "digest" /* utf8 string */ -#define OSSL_MAC_PARAM_ENGINE "engine" /* utf8 string */ +#define OSSL_MAC_PARAM_CIPHER "cipher" /* utf8 string */ +#define OSSL_MAC_PARAM_DIGEST "digest" /* utf8 string */ +#define OSSL_MAC_PARAM_ENGINE "engine" /* utf8 string */ #define OSSL_MAC_PARAM_PROPERTIES "properties" /* utf8 string */ -#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ +#define OSSL_MAC_PARAM_SIZE "size" /* size_t */ /* Known MAC names (not a complete list) */ #define OSSL_MAC_NAME_CMAC "CMAC" @@ -103,7 +103,7 @@ extern "C" { /* Key Exchange parameters */ -#define OSSL_EXCHANGE_PARAM_PAD "exchange-pad" +#define OSSL_EXCHANGE_PARAM_PAD "exchange-pad" /* uint */ # ifdef __cplusplus } diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h index a26a3c0f06..576695cf7b 100644 --- a/include/openssl/mdc2.h +++ b/include/openssl/mdc2.h @@ -26,7 +26,7 @@ typedef struct mdc2_ctx_st { unsigned int num; unsigned char data[MDC2_BLOCK]; DES_cblock h, hh; - int pad_type; /* either 1 or 2, default 1 */ + unsigned int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; int MDC2_Init(MDC2_CTX *c); diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c index 211b64f768..8970b02670 100644 --- a/providers/common/ciphers/cipher_ccm.c +++ b/providers/common/ciphers/cipher_ccm.c @@ -143,7 +143,7 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ccm_get_ivlen(ctx))) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, ccm_get_ivlen(ctx))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -161,7 +161,7 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c index 5abd2c0010..de67fc1341 100644 --- a/providers/common/ciphers/cipher_common.c +++ b/providers/common/ciphers/cipher_common.c @@ -19,10 +19,11 @@ * Generic cipher functions for OSSL_PARAM gettables and settables */ static const OSSL_PARAM cipher_known_gettable_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_MODE, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL), + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_MODE, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, NULL), + OSSL_PARAM_ulong(OSSL_CIPHER_PARAM_FLAGS, NULL), OSSL_PARAM_END }; const OSSL_PARAM *cipher_generic_gettable_params(void) @@ -30,13 +31,14 @@ const OSSL_PARAM *cipher_generic_gettable_params(void) return cipher_known_gettable_params; } -int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags, - int kbits, int blkbits, int ivbits) +int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, + unsigned long flags, + size_t kbits, size_t blkbits, size_t ivbits) { OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_MODE); - if (p != NULL && !OSSL_PARAM_set_int(p, md)) { + if (p != NULL && !OSSL_PARAM_set_uint(p, md)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -46,17 +48,17 @@ int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags, return 0; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, kbits / 8)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_BLOCK_SIZE); - if (p != NULL && !OSSL_PARAM_set_int(p, blkbits / 8)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, blkbits / 8)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ivbits / 8)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, ivbits / 8)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -67,9 +69,9 @@ CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(cipher_generic) CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(cipher_generic) static const OSSL_PARAM cipher_known_settable_ctx_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_NUM, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), OSSL_PARAM_END }; const OSSL_PARAM *cipher_generic_settable_ctx_params(void) @@ -81,8 +83,8 @@ const OSSL_PARAM *cipher_generic_settable_ctx_params(void) * AEAD cipher functions for OSSL_PARAM gettables and settables */ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), - OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), @@ -94,7 +96,7 @@ const OSSL_PARAM *cipher_aead_gettable_ctx_params(void) } static const OSSL_PARAM cipher_aead_known_settable_ctx_params[] = { - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, NULL), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0), @@ -111,7 +113,7 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, const unsigned char *iv, size_t ivlen, int enc) { - ctx->enc = enc; + ctx->enc = enc ? 1 : 0; if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { if (ivlen != ctx->ivlen) { @@ -312,12 +314,12 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[]) OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->ivlen)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) { + if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -329,12 +331,12 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM params[]) return 0; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->num)) { + if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -349,9 +351,9 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[]) p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING); if (p != NULL) { - int pad; + unsigned int pad; - if (!OSSL_PARAM_get_int(p, &pad)) { + if (!OSSL_PARAM_get_uint(p, &pad)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } @@ -359,9 +361,9 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_NUM); if (p != NULL) { - int num; + unsigned int num; - if (!OSSL_PARAM_get_int(p, &num)) { + if (!OSSL_PARAM_get_uint(p, &num)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } @@ -369,9 +371,9 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL) { - int keylen; + size_t keylen; - if (!OSSL_PARAM_get_int(p, &keylen)) { + if (!OSSL_PARAM_get_size_t(p, &keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } @@ -381,7 +383,7 @@ int cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits, - size_t ivbits, int mode, + size_t ivbits, unsigned int mode, const PROV_CIPHER_HW *hw, void *provctx) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; diff --git a/providers/common/ciphers/cipher_gcm.c b/providers/common/ciphers/cipher_gcm.c index 7d0e47b823..4247319091 100644 --- a/providers/common/ciphers/cipher_gcm.c +++ b/providers/common/ciphers/cipher_gcm.c @@ -29,8 +29,8 @@ void gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, { ctx->pad = 1; ctx->mode = EVP_CIPH_GCM_MODE; - ctx->taglen = -1; - ctx->tls_aad_len = -1; + ctx->taglen = UNINITIALISED_SIZET; + ctx->tls_aad_len = UNINITIALISED_SIZET; ctx->ivlen_min = ivlen_min; ctx->ivlen = (EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN); ctx->keylen = keybits / 8; @@ -89,12 +89,12 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) size_t sz; p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->ivlen)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_int(p, ctx->keylen)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -103,7 +103,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) if (p != NULL) { if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1) return 0; - if (ctx->ivlen != (int)p->data_size) { + if (ctx->ivlen != p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } @@ -121,7 +121,10 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); if (p != NULL) { sz = p->data_size; - if (sz == 0 || sz > EVP_GCM_TLS_TAG_LEN || !ctx->enc || ctx->taglen < 0) { + if (sz == 0 + || sz > EVP_GCM_TLS_TAG_LEN + || !ctx->enc + || ctx->taglen == UNINITIALISED_SIZET) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG); return 0; } @@ -201,14 +204,14 @@ int gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) */ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL) { - int keylen; + size_t keylen; - if (!OSSL_PARAM_get_int(p, &keylen)) { + if (!OSSL_PARAM_get_size_t(p, &keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } /* The key length can not be modified for gcm mode */ - if (keylen != (int)ctx->keylen) + if (keylen != ctx->keylen) return 0; } @@ -296,7 +299,7 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out, int rv = 0; const PROV_GCM_HW *hw = ctx->hw; - if (ctx->tls_aad_len >= 0) + if (ctx->tls_aad_len != UNINITIALISED_SIZET) return gcm_tls_cipher(ctx, out, padlen, in, len); if (!ctx->key_set || ctx->iv_state == IV_STATE_FINISHED) @@ -425,7 +428,8 @@ static void ctr64_inc(unsigned char *counter) static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len) { - int rv = 0, arg = EVP_GCM_TLS_EXPLICIT_IV_LEN; + int rv = 0; + size_t arg = EVP_GCM_TLS_EXPLICIT_IV_LEN; size_t plen = 0; unsigned char *tag = NULL; @@ -491,7 +495,7 @@ static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen, rv = 1; err: ctx->iv_state = IV_STATE_FINISHED; - ctx->tls_aad_len = -1; + ctx->tls_aad_len = UNINITIALISED_SIZET; *padlen = plen; return rv; } diff --git a/providers/common/ciphers/cipher_gcm_hw.c b/providers/common/ciphers/cipher_gcm_hw.c index 4ef5190b5f..e2587f2e5e 100644 --- a/providers/common/ciphers/cipher_gcm_hw.c +++ b/providers/common/ciphers/cipher_gcm_hw.c @@ -90,7 +90,7 @@ int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag) CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE); ctx->taglen = GCM_TAG_MAX_SIZE; } else { - if (ctx->taglen < 0 + if (ctx->taglen == UNINITIALISED_SIZET || CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0) return 0; } diff --git a/providers/common/ciphers/cipher_locl.h b/providers/common/ciphers/cipher_locl.h index 8313498e5e..7e0aaad438 100644 --- a/providers/common/ciphers/cipher_locl.h +++ b/providers/common/ciphers/cipher_locl.h @@ -11,10 +11,10 @@ #define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(name) \ static const OSSL_PARAM name##_known_gettable_ctx_params[] = { \ - OSSL_PARAM_int(OSSL_CIPHER_PARAM_KEYLEN, NULL), \ - OSSL_PARAM_int(OSSL_CIPHER_PARAM_IVLEN, NULL), \ - OSSL_PARAM_int(OSSL_CIPHER_PARAM_PADDING, NULL), \ - OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_NUM, NULL), \ + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), \ + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), \ + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL), \ + OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL), \ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), #define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(name) \ diff --git a/providers/common/digests/digest_common.c b/providers/common/digests/digest_common.c index de135b0a94..062209f329 100644 --- a/providers/common/digests/digest_common.c +++ b/providers/common/digests/digest_common.c @@ -11,18 +11,18 @@ #include "internal/digestcommon.h" #include "internal/providercommonerr.h" -int digest_default_get_params(OSSL_PARAM params[], int blksz, int paramsz, +int digest_default_get_params(OSSL_PARAM params[], size_t blksz, size_t paramsz, unsigned long flags) { OSSL_PARAM *p = NULL; p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE); - if (p != NULL && !OSSL_PARAM_set_int(p, blksz)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, blksz)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE); - if (p != NULL && !OSSL_PARAM_set_int(p, paramsz)) { + if (p != NULL && !OSSL_PARAM_set_size_t(p, paramsz)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -35,10 +35,9 @@ int digest_default_get_params(OSSL_PARAM params[], int blksz, int paramsz, } static const OSSL_PARAM digest_default_known_gettable_params[] = { - { OSSL_DIGEST_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0}, - { OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0}, - { OSSL_DIGEST_PARAM_FLAGS, OSSL_PARAM_INTEGER, NULL, - sizeof(unsigned long), 0}, + OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL), + OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL), + OSSL_PARAM_ulong(OSSL_DIGEST_PARAM_FLAGS, NULL), OSSL_PARAM_END }; const OSSL_PARAM *digest_default_gettable_params(void) diff --git a/providers/common/exchange/dh_exch.c b/providers/common/exchange/dh_exch.c index 69980d8e97..5ff8318725 100644 --- a/providers/common/exchange/dh_exch.c +++ b/providers/common/exchange/dh_exch.c @@ -30,7 +30,7 @@ static OSSL_OP_keyexch_dupctx_fn dh_dupctx; typedef struct { DH *dh; DH *dhpeer; - int pad; + unsigned int pad : 1; } PROV_DH_CTX; static void *dh_newctx(void *provctx) @@ -128,17 +128,15 @@ static int dh_set_params(void *vpdhctx, const OSSL_PARAM params[]) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; const OSSL_PARAM *p; - int pad; + unsigned int pad; if (pdhctx == NULL || params == NULL) return 0; p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_PAD); - if (p == NULL || !OSSL_PARAM_get_int(p, &pad)) + if (p == NULL || !OSSL_PARAM_get_uint(p, &pad)) return 0; - - pdhctx->pad = pad; - + pdhctx->pad = pad ? 1 : 0; return 1; } diff --git a/providers/common/include/internal/ciphers/cipher_aead.h b/providers/common/include/internal/ciphers/cipher_aead.h index a2fe87e967..1ddba1c325 100644 --- a/providers/common/include/internal/ciphers/cipher_aead.h +++ b/providers/common/include/internal/ciphers/cipher_aead.h @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#define UNINITIALISED_SIZET ((size_t)-1) + /* TODO(3.0) Figure out what flags are really needed */ #define AEAD_FLAGS (EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_DEFAULT_ASN1 \ | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ diff --git a/providers/common/include/internal/ciphers/cipher_ccm.h b/providers/common/include/internal/ciphers/cipher_ccm.h index 503d077def..08a2d46858 100644 --- a/providers/common/include/internal/ciphers/cipher_ccm.h +++ b/providers/common/include/internal/ciphers/cipher_ccm.h @@ -28,24 +28,24 @@ typedef struct S390X_kmac_params_st { /* Base structure that is shared by AES & ARIA for CCM MODE */ typedef struct prov_ccm_st { - int enc; - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - int tag_set; /* Set if tag is valid */ - int len_set; /* Set if message length set */ - size_t l, m; /* L and M parameters from RFC3610 */ + unsigned int enc : 1; + unsigned int key_set : 1; /* Set if key initialised */ + unsigned int iv_set : 1; /* Set if an iv is set */ + unsigned int tag_set : 1; /* Set if tag is valid */ + unsigned int len_set : 1; /* Set if message length set */ + size_t l, m; /* L and M parameters from RFC3610 */ size_t keylen; - int tls_aad_len; /* TLS AAD length */ - int tls_aad_pad_sz; + int tls_aad_len; /* TLS AAD length */ + size_t tls_aad_pad_sz; unsigned char iv[AES_BLOCK_SIZE]; unsigned char buf[AES_BLOCK_SIZE]; CCM128_CONTEXT ccm_ctx; ccm128_f str; - const PROV_CCM_HW *hw; /* hardware specific methods */ + const PROV_CCM_HW *hw; /* hardware specific methods */ } PROV_CCM_CTX; typedef struct prov_aes_ccm_ctx_st { - PROV_CCM_CTX base; /* Must be first */ + PROV_CCM_CTX base; /* Must be first */ union { OSSL_UNION_ALIGN; /*- @@ -71,7 +71,7 @@ typedef struct prov_aes_ccm_ctx_st { unsigned char b[AES_BLOCK_SIZE]; } buf; unsigned char dummy_pad[168]; - unsigned int fc; /* fc has same offset as ks.ks.rounds */ + unsigned int fc; /* fc has same offset as ks.ks.rounds */ } s390x; #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */ } ccm; diff --git a/providers/common/include/internal/ciphers/cipher_gcm.h b/providers/common/include/internal/ciphers/cipher_gcm.h index 63600c38e7..f4e2894fe2 100644 --- a/providers/common/include/internal/ciphers/cipher_gcm.h +++ b/providers/common/include/internal/ciphers/cipher_gcm.h @@ -13,7 +13,7 @@ typedef struct prov_gcm_hw_st PROV_GCM_HW; -#define GCM_IV_DEFAULT_SIZE 12/* IV's for AES_GCM should normally be 12 bytes */ +#define GCM_IV_DEFAULT_SIZE 12 /* IV's for AES_GCM should normally be 12 bytes */ #define GCM_IV_MAX_SIZE 64 #define GCM_TAG_MAX_SIZE 16 @@ -45,18 +45,13 @@ typedef struct S390X_kma_params_st { #endif typedef struct prov_gcm_ctx_st { - int enc; /* Set to 1 if we are encrypting or 0 otherwise */ - int mode; /* The mode that we are using */ + unsigned int mode; /* The mode that we are using */ size_t keylen; - int ivlen; + size_t ivlen; size_t ivlen_min; - int taglen; - int key_set; /* Set if key initialised */ - int iv_state; /* set to one of IV_STATE_XXX */ - int iv_gen_rand; /* No IV was specified, so generate a rand IV */ - int iv_gen; /* It is OK to generate IVs */ - int tls_aad_pad_sz; - int tls_aad_len; /* TLS AAD length */ + size_t taglen; + size_t tls_aad_pad_sz; + size_t tls_aad_len; /* TLS AAD length */ uint64_t tls_enc_records; /* Number of TLS records encrypted */ /* @@ -64,13 +59,18 @@ typedef struct prov_gcm_ctx_st { * manage partial blocks themselves. */ size_t num; - size_t bufsz; /* Number of bytes in buf */ + size_t bufsz; /* Number of bytes in buf */ uint64_t flags; - unsigned int pad : 1; /* Whether padding should be used or not */ + unsigned int iv_state; /* set to one of IV_STATE_XXX */ + unsigned int enc:1; /* Set to 1 if we are encrypting or 0 otherwise */ + unsigned int pad:1; /* Whether padding should be used or not */ + unsigned int key_set:1; /* Set if key initialised */ + unsigned int iv_gen_rand:1; /* No IV was specified, so generate a rand IV */ + unsigned int iv_gen:1; /* It is OK to generate IVs */ unsigned char iv[GCM_IV_MAX_SIZE]; /* Buffer to use for IV's */ - unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */ + unsigned char buf[AES_BLOCK_SIZE]; /* Buffer of partial blocks processed via update calls */ OPENSSL_CTX *libctx; /* needed for rand calls */ const PROV_GCM_HW *hw; /* hardware specific methods */ @@ -153,7 +153,7 @@ int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in, size_t len, unsigned char *out); -#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \ +#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \ ctx->ks = ks; \ fn_set_enc_key(key, keylen * 8, ks); \ CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \ diff --git a/providers/common/include/internal/ciphers/ciphercommon.h b/providers/common/include/internal/ciphers/ciphercommon.h index 38d0396902..5593447264 100644 --- a/providers/common/include/internal/ciphers/ciphercommon.h +++ b/providers/common/include/internal/ciphers/ciphercommon.h @@ -39,20 +39,20 @@ struct prov_cipher_ctx_st { ctr128_f ctr; } stream; + unsigned int mode; + size_t keylen; /* key size (in bytes) */ + size_t ivlen; + size_t blocksize; + size_t bufsz; /* Number of bytes in buf */ + unsigned int pad : 1; /* Whether padding should be used or not */ + unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */ + /* * num contains the number of bytes of |iv| which are valid for modes that * manage partial blocks themselves. */ - size_t num; - - int mode; - int enc; /* Set to 1 for encrypt, or 0 otherwise */ - size_t bufsz; /* Number of bytes in buf */ - size_t keylen; /* key size (in bytes) */ - size_t ivlen; - size_t blocksize; + unsigned int num; uint64_t flags; - unsigned int pad : 1; /* Whether padding should be used or not */ /* Buffer of partial blocks processed via update calls */ unsigned char buf[GENERIC_BLOCK_SIZE]; @@ -81,10 +81,11 @@ OSSL_OP_cipher_gettable_ctx_params_fn cipher_generic_gettable_ctx_params; OSSL_OP_cipher_settable_ctx_params_fn cipher_generic_settable_ctx_params; OSSL_OP_cipher_gettable_ctx_params_fn cipher_aead_gettable_ctx_params; OSSL_OP_cipher_settable_ctx_params_fn cipher_aead_settable_ctx_params; -int cipher_generic_get_params(OSSL_PARAM params[], int md, unsigned long flags, - int kbits, int blkbits, int ivbits); +int cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, + unsigned long flags, + size_t kbits, size_t blkbits, size_t ivbits); void cipher_generic_initkey(void *vctx, size_t kbits, size_t blkbits, - size_t ivbits, int mode, + size_t ivbits, unsigned int mode, const PROV_CIPHER_HW *hw, void *provctx); #define IMPLEMENT_generic_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ diff --git a/providers/common/include/internal/digestcommon.h b/providers/common/include/internal/digestcommon.h index 533e854e30..88caccf7cd 100644 --- a/providers/common/include/internal/digestcommon.h +++ b/providers/common/include/internal/digestcommon.h @@ -93,7 +93,7 @@ PROV_DISPATCH_FUNC_DIGEST_CONSTRUCT_END const OSSL_PARAM *digest_default_gettable_params(void); -int digest_default_get_params(OSSL_PARAM params[], int blksz, int paramsz, +int digest_default_get_params(OSSL_PARAM params[], size_t blksz, size_t paramsz, unsigned long flags); # ifdef __cplusplus diff --git a/providers/legacy/digests/mdc2_prov.c b/providers/legacy/digests/mdc2_prov.c index b30d50327d..cf37b528e7 100644 --- a/providers/legacy/digests/mdc2_prov.c +++ b/providers/legacy/digests/mdc2_prov.c @@ -20,7 +20,7 @@ static OSSL_OP_digest_set_ctx_params_fn mdc2_set_ctx_params; static OSSL_OP_digest_settable_ctx_params_fn mdc2_settable_ctx_params; static const OSSL_PARAM known_mdc2_settable_ctx_params[] = { - {OSSL_DIGEST_PARAM_PAD_TYPE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0}, + OSSL_PARAM_uint(OSSL_DIGEST_PARAM_PAD_TYPE, NULL), OSSL_PARAM_END }; @@ -36,7 +36,7 @@ static int mdc2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (ctx != NULL && params != NULL) { p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_PAD_TYPE); - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->pad_type)) { + if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->pad_type)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } diff --git a/test/mdc2test.c b/test/mdc2test.c index 5b54f1038b..d1c2f26bdc 100644 --- a/test/mdc2test.c +++ b/test/mdc2test.c @@ -39,7 +39,8 @@ static unsigned char pad2[16] = { static int test_mdc2(void) { - int testresult = 0, pad_type = 2; + int testresult = 0; + unsigned int pad_type = 2; unsigned char md[MDC2_DIGEST_LENGTH]; EVP_MD_CTX *c; static char text[] = "Now is the time for all "; @@ -47,8 +48,8 @@ static int test_mdc2(void) OSSL_PROVIDER *prov = NULL; OSSL_PARAM params[2]; - params[i++] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_PAD_TYPE, - &pad_type), + params[i++] = OSSL_PARAM_construct_uint(OSSL_DIGEST_PARAM_PAD_TYPE, + &pad_type), params[i++] = OSSL_PARAM_construct_end(); prov = OSSL_PROVIDER_load(NULL, "legacy"); From builds at travis-ci.org Thu Sep 5 01:47:56 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 01:47:56 +0000 Subject: Still Failing: openssl/openssl#27871 (master - 1c3ace6) In-Reply-To: Message-ID: <5d70694be6876_43f8fa8ae1934135750@e86196f1-8977-4f92-be7e-61e16cd71ede.mail> Build Update for openssl/openssl ------------------------------------- Build: #27871 Status: Still Failing Duration: 20 mins and 28 secs Commit: 1c3ace6 (master) Author: Shane Lontis Message: Change provider params from int to size_t Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9699) View the changeset: https://github.com/openssl/openssl/compare/bc5a80910dcc...1c3ace689803 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/580988509?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Sep 5 04:21:15 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 05 Sep 2019 04:21:15 +0000 Subject: Build failed: openssl master.27302 Message-ID: <20190905042115.1.15D37D71C9EA01C7@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Sep 5 04:50:59 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 05 Sep 2019 04:50:59 +0000 Subject: Build completed: openssl master.27303 Message-ID: <20190905045059.1.A17F7063D0F1AF3D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Sep 5 06:25:05 2019 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 05 Sep 2019 06:25:05 +0000 Subject: Build failed: openssl master.27307 Message-ID: <20190905062505.1.8C3F986938EBD153@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Thu Sep 5 06:27:02 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 05 Sep 2019 06:27:02 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567664822.535052.18987.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via aa24cc01957f813beb5329c26ae581fe6b7482a7 (commit) from fb6a82c498b895c5d92a59d0b1737d37da98cefc (commit) - Log ----------------------------------------------------------------- commit aa24cc01957f813beb5329c26ae581fe6b7482a7 Author: Bernd Edlinger Date: Wed Sep 4 11:50:54 2019 +0200 Remove ifndef FIPS_MODE from rand_unix.c This will never be the case for 1.1.1 so removed. Fixes: comment 1 of #9757 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9762) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index e57b6dd893..d118360366 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -364,12 +364,10 @@ static int keep_random_devices_open = 1; # if defined(__linux) && defined(DEVRANDOM_WAIT) static void *shm_addr; -# if !defined(FIPS_MODE) static void cleanup_shm(void) { shmdt(shm_addr); } -# endif /* * Ensure that the system randomness source has been adequately seeded. @@ -435,11 +433,8 @@ static int wait_random_seeded(void) * If this call fails, it isn't a big problem. */ shm_addr = shmat(shm_id, NULL, SHM_RDONLY); -# ifndef FIPS_MODE - /* TODO 3.0: The FIPS provider doesn't have OPENSSL_atexit */ if (shm_addr != (void *)-1) OPENSSL_atexit(&cleanup_shm); -# endif } } return seeded; From bernd.edlinger at hotmail.de Thu Sep 5 06:32:35 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 05 Sep 2019 06:32:35 +0000 Subject: [openssl] master update Message-ID: <1567665155.358981.20596.nullmailer@dev.openssl.org> The branch master has been updated via 41ffd2ab09d24692c71850ccd7d5ff154196fe01 (commit) from 1c3ace6898032b7b45d8106ba4e0d21d75b0997e (commit) - Log ----------------------------------------------------------------- commit 41ffd2ab09d24692c71850ccd7d5ff154196fe01 Author: Bernd Edlinger Date: Wed Sep 4 11:39:54 2019 +0200 Cleanup includes in rand_unix.c Fixes #9757 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9761) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index e59882cde7..fb8a7b7c6d 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -19,11 +19,12 @@ #include "internal/rand_int.h" #include #include "internal/dso.h" -#if defined(__linux) -# include -# include -# include -# include +#ifdef __linux +# include +# ifdef DEVRANDOM_WAIT +# include +# include +# endif #endif #if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) # include From bernd.edlinger at hotmail.de Thu Sep 5 06:33:57 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 05 Sep 2019 06:33:57 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567665237.600077.21582.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ce1ab24163e451b21de91d49ed8e8c45ccfbcae0 (commit) from aa24cc01957f813beb5329c26ae581fe6b7482a7 (commit) - Log ----------------------------------------------------------------- commit ce1ab24163e451b21de91d49ed8e8c45ccfbcae0 Author: Bernd Edlinger Date: Wed Sep 4 11:39:54 2019 +0200 Cleanup includes in rand_unix.c Fixes #9757 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9761) (cherry picked from commit 41ffd2ab09d24692c71850ccd7d5ff154196fe01) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index d118360366..1f608c9565 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -19,11 +19,12 @@ #include "internal/rand_int.h" #include #include "internal/dso.h" -#if defined(__linux) -# include -# include -# include -# include +#ifdef __linux +# include +# ifdef DEVRANDOM_WAIT +# include +# include +# endif #endif #if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) # include From bernd.edlinger at hotmail.de Thu Sep 5 06:39:41 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 05 Sep 2019 06:39:41 +0000 Subject: [openssl] master update Message-ID: <1567665581.178081.23418.nullmailer@dev.openssl.org> The branch master has been updated via c70e2ec33943d3bd46d3d9950f774307feda832b (commit) from 41ffd2ab09d24692c71850ccd7d5ff154196fe01 (commit) - Log ----------------------------------------------------------------- commit c70e2ec33943d3bd46d3d9950f774307feda832b Author: Bernd Edlinger Date: Mon Aug 19 17:12:22 2019 +0200 Fix error handling in x509_lu.c Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9639) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lu.c | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 3a90ce288e..c81a00e0a7 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -318,11 +318,12 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 0; } + if (!X509_OBJECT_up_ref_count(tmp)) + return 0; + ret->type = tmp->type; ret->data.ptr = tmp->data.ptr; - X509_OBJECT_up_ref_count(ret); - return 1; } @@ -343,7 +344,11 @@ static int x509_store_add(X509_STORE *store, void *x, int crl) { obj->type = X509_LU_X509; obj->data.x509 = (X509 *)x; } - X509_OBJECT_up_ref_count(obj); + if (!X509_OBJECT_up_ref_count(obj)) { + obj->type = X509_LU_NONE; + X509_OBJECT_free(obj); + return 0; + } X509_STORE_lock(store); if (X509_OBJECT_retrieve_match(store->objs, obj)) { @@ -568,7 +573,11 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < cnt; i++, idx++) { obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.x509; - X509_up_ref(x); + if (!X509_up_ref(x)) { + X509_STORE_unlock(store); + sk_X509_pop_free(sk, X509_free); + return NULL; + } if (!sk_X509_push(sk, x)) { X509_STORE_unlock(store); X509_free(x); @@ -609,7 +618,11 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < cnt; i++, idx++) { obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.crl; - X509_CRL_up_ref(x); + if (!X509_CRL_up_ref(x)) { + X509_STORE_unlock(store); + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; + } if (!sk_X509_CRL_push(sk, x)) { X509_STORE_unlock(store); X509_CRL_free(x); @@ -681,9 +694,12 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) if (ctx->check_issued(ctx, x, obj->data.x509)) { if (x509_check_cert_time(ctx, obj->data.x509, -1)) { *issuer = obj->data.x509; - X509_up_ref(*issuer); + if (!X509_up_ref(*issuer)) { + *issuer = NULL; + ok = -1; + } X509_OBJECT_free(obj); - return 1; + return ok; } } X509_OBJECT_free(obj); @@ -720,9 +736,11 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } } } + if (*issuer && !X509_up_ref(*issuer)) { + *issuer = NULL; + ret = -1; + } X509_STORE_unlock(store); - if (*issuer) - X509_up_ref(*issuer); return ret; } From bernd.edlinger at hotmail.de Thu Sep 5 06:40:39 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 05 Sep 2019 06:40:39 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567665639.988745.24352.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5d16346679d72a4770ec01508ead7f61cf7cbf34 (commit) from ce1ab24163e451b21de91d49ed8e8c45ccfbcae0 (commit) - Log ----------------------------------------------------------------- commit 5d16346679d72a4770ec01508ead7f61cf7cbf34 Author: Bernd Edlinger Date: Mon Aug 19 17:12:22 2019 +0200 Fix error handling in x509_lu.c Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9639) (cherry picked from commit c70e2ec33943d3bd46d3d9950f774307feda832b) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lu.c | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 8c7e5e3039..b7d2e66574 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -318,11 +318,12 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 0; } + if (!X509_OBJECT_up_ref_count(tmp)) + return 0; + ret->type = tmp->type; ret->data.ptr = tmp->data.ptr; - X509_OBJECT_up_ref_count(ret); - return 1; } @@ -343,7 +344,11 @@ static int x509_store_add(X509_STORE *store, void *x, int crl) { obj->type = X509_LU_X509; obj->data.x509 = (X509 *)x; } - X509_OBJECT_up_ref_count(obj); + if (!X509_OBJECT_up_ref_count(obj)) { + obj->type = X509_LU_NONE; + X509_OBJECT_free(obj); + return 0; + } X509_STORE_lock(store); if (X509_OBJECT_retrieve_match(store->objs, obj)) { @@ -568,7 +573,11 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < cnt; i++, idx++) { obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.x509; - X509_up_ref(x); + if (!X509_up_ref(x)) { + X509_STORE_unlock(store); + sk_X509_pop_free(sk, X509_free); + return NULL; + } if (!sk_X509_push(sk, x)) { X509_STORE_unlock(store); X509_free(x); @@ -609,7 +618,11 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < cnt; i++, idx++) { obj = sk_X509_OBJECT_value(store->objs, idx); x = obj->data.crl; - X509_CRL_up_ref(x); + if (!X509_CRL_up_ref(x)) { + X509_STORE_unlock(store); + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; + } if (!sk_X509_CRL_push(sk, x)) { X509_STORE_unlock(store); X509_CRL_free(x); @@ -681,9 +694,12 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) if (ctx->check_issued(ctx, x, obj->data.x509)) { if (x509_check_cert_time(ctx, obj->data.x509, -1)) { *issuer = obj->data.x509; - X509_up_ref(*issuer); + if (!X509_up_ref(*issuer)) { + *issuer = NULL; + ok = -1; + } X509_OBJECT_free(obj); - return 1; + return ok; } } X509_OBJECT_free(obj); @@ -720,9 +736,11 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } } } + if (*issuer && !X509_up_ref(*issuer)) { + *issuer = NULL; + ret = -1; + } X509_STORE_unlock(store); - if (*issuer) - X509_up_ref(*issuer); return ret; } From builds at travis-ci.org Thu Sep 5 06:44:23 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 06:44:23 +0000 Subject: Failed: openssl/openssl#27882 (OpenSSL_1_1_1-stable - aa24cc0) In-Reply-To: Message-ID: <5d70aec760162_43fb94efa40c813808a@66bac86c-c1c4-40cd-b596-b6f578c9e1a9.mail> Build Update for openssl/openssl ------------------------------------- Build: #27882 Status: Failed Duration: 16 mins and 39 secs Commit: aa24cc0 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Remove ifndef FIPS_MODE from rand_unix.c This will never be the case for 1.1.1 so removed. Fixes: comment 1 of #9757 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9762) View the changeset: https://github.com/openssl/openssl/compare/fb6a82c498b8...aa24cc01957f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581059152?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 5 06:59:21 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 06:59:21 +0000 Subject: Still Failing: openssl/openssl#27883 (master - 41ffd2a) In-Reply-To: Message-ID: <5d70b24975aef_43fcb929e4a88134759@31fde9fa-3266-4081-bb4a-1614523e6ed1.mail> Build Update for openssl/openssl ------------------------------------- Build: #27883 Status: Still Failing Duration: 26 mins and 12 secs Commit: 41ffd2a (master) Author: Bernd Edlinger Message: Cleanup includes in rand_unix.c Fixes #9757 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9761) View the changeset: https://github.com/openssl/openssl/compare/1c3ace689803...41ffd2ab09d2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581060876?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 5 07:06:50 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 07:06:50 +0000 Subject: Failed: openssl/openssl#27884 (OpenSSL_1_1_1-stable - ce1ab24) In-Reply-To: Message-ID: <5d70b409e5c21_43fb94fc3f2b0141641@66bac86c-c1c4-40cd-b596-b6f578c9e1a9.mail> Build Update for openssl/openssl ------------------------------------- Build: #27884 Status: Failed Duration: 21 mins and 51 secs Commit: ce1ab24 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Cleanup includes in rand_unix.c Fixes #9757 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9761) (cherry picked from commit 41ffd2ab09d24692c71850ccd7d5ff154196fe01) View the changeset: https://github.com/openssl/openssl/compare/aa24cc01957f...ce1ab24163e4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581061386?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 5 07:21:49 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 07:21:49 +0000 Subject: Still Failing: openssl/openssl#27885 (master - c70e2ec) In-Reply-To: Message-ID: <5d70b78a54b74_43ff1785457287609e@14437e77-ab3e-4b27-afa1-6a1125050fc0.mail> Build Update for openssl/openssl ------------------------------------- Build: #27885 Status: Still Failing Duration: 25 mins and 22 secs Commit: c70e2ec (master) Author: Bernd Edlinger Message: Fix error handling in x509_lu.c Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9639) View the changeset: https://github.com/openssl/openssl/compare/41ffd2ab09d2...c70e2ec33943 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581063072?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 5 07:29:58 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 07:29:58 +0000 Subject: Failed: openssl/openssl#27886 (OpenSSL_1_1_1-stable - 5d16346) In-Reply-To: Message-ID: <5d70b975f0f12_43f8fa8bbb01c2111e@e86196f1-8977-4f92-be7e-61e16cd71ede.mail> Build Update for openssl/openssl ------------------------------------- Build: #27886 Status: Failed Duration: 21 mins and 53 secs Commit: 5d16346 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix error handling in x509_lu.c Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9639) (cherry picked from commit c70e2ec33943d3bd46d3d9950f774307feda832b) View the changeset: https://github.com/openssl/openssl/compare/ce1ab24163e4...5d16346679d7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581063355?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Thu Sep 5 08:57:20 2019 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Thu, 05 Sep 2019 08:57:20 +0000 Subject: [openssl] master update Message-ID: <1567673840.154425.7311.nullmailer@dev.openssl.org> The branch master has been updated via 46c428d73633bc68377a3a425f22313584999365 (commit) from c70e2ec33943d3bd46d3d9950f774307feda832b (commit) - Log ----------------------------------------------------------------- commit 46c428d73633bc68377a3a425f22313584999365 Author: Rich Salz Date: Sun Aug 18 09:04:17 2019 -0400 Make failed messages easier to find Now that we use travis_terminate, we can make the status messages simpler to find, and we don't need the "OK" output. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9707) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 56 +++++++++++++++++++++----------------------------------- 1 file changed, 21 insertions(+), 35 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3cc293ea52..6f97a6bebb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -165,33 +165,24 @@ script: - if [ -n "$DESTDIR" ]; then cd _build; fi - - if $make update; then - echo -e '+\057 MAKE UPDATE OK'; - else - echo -e '+\057 MAKE UPDATE FAILED'; + - if ! $make update; then + echo -e '\052\052 FAILED -- MAKE UPDATE'; travis_terminate 1; fi - - git diff --exit-code - - if [ -n "$CHECKDOCS" ]; then - if $make doc-nits; then - echo -e '+\057\057 MAKE DOC-NITS OK'; - else - echo -e '+\057\057 MAKE DOC-NITS FAILED'; - travis_terminate 1; - fi; + - if ! git diff --exit-code; then + echo -e '\052\052 FAILED -- UPDATED FILES NOT COMMITED'; + travis_terminate 1; fi - - if [ -n "$GENERATE" ]; then - if $make build_all_generated; then - echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED OK'; - else - echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED FAILED'; - travis_terminate 1; - fi; + - if test -n "$CHECKDOCS" && ! $make doc-nits; then + echo -e '\052\052 FAILED -- MAKE DOC-NITS'; + travis_terminate 1; fi - - if $make2; then - echo -e '+\057\057\057\057 MAKE OK'; - else - echo -e '+\057\057\057\057 MAKE FAILED'; + - if test -n "$GENERATE" && ! $make build_all_generated; then + echo -e '\052\052 FAILED -- MAKE BUILD_ALL_GENERATED'; + travis_terminate 1; + fi + - if ! $make2; then + echo -e '\052\052 FAILED -- MAKE'; travis_terminate 1; fi; - if [ -z "$BUILDONLY" ]; then @@ -204,32 +195,27 @@ script: if [ -e krb5/src ]; then sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh; fi; - if HARNESS_VERBOSE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then - echo -e '+\057\057\057\057\057 MAKE TEST OK'; - else - echo -e '+\057\057\057\057\057 MAKE TEST FAILED'; + if ! HARNESS_VERBOSE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then + echo -e '\052\052 FAILED -- MAKE TEST'; travis_terminate 1; fi; else - if $make build_tests >~/build.log 2>&1; then - echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS OK'; - else - echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS FAILED'; + if ! $make build_tests >~/build.log 2>&1; then + echo -e '\052\052 FAILED -- MAKE BUILD_TESTS'; cat ~/build.log travis_terminate 1; fi; fi - if [ -n "$DESTDIR" ]; then mkdir "$top/$DESTDIR"; - if $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then - echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK'; - else - echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED'; + if ! $make install DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then + echo -e '\052\052 FAILED -- MAKE INSTALL'; cat ~/install.log; travis_terminate 1; fi; fi - cd $top + - echo -e '\052\052 DONE' after_success: - if [ -n "$COVERALLS" ]; then From matt at openssl.org Thu Sep 5 09:21:19 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Sep 2019 09:21:19 +0000 Subject: [openssl] master update Message-ID: <1567675279.981893.11932.nullmailer@dev.openssl.org> The branch master has been updated via 6b4152f1896e07ed94dc82663846ae9d38d4ca42 (commit) via b783beeadf6b80bc431e6f3230b5d5585c87ef87 (commit) from 46c428d73633bc68377a3a425f22313584999365 (commit) - Log ----------------------------------------------------------------- commit 6b4152f1896e07ed94dc82663846ae9d38d4ca42 Author: Billy Brumley Date: Mon Sep 2 15:03:26 2019 +0300 [test] computing ECC cofactors: regression test Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9827) commit b783beeadf6b80bc431e6f3230b5d5585c87ef87 Author: Billy Brumley Date: Mon Sep 2 15:02:30 2019 +0300 [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it The cofactor argument to EC_GROUP_set_generator is optional, and SCA mitigations for ECC currently use it. So the library currently falls back to very old SCA-vulnerable code if the cofactor is not present. This PR allows EC_GROUP_set_generator to compute the cofactor for all curves of cryptographic interest. Steering scalar multiplication to more SCA-robust code. This issue affects persisted private keys in explicit parameter form, where the (optional) cofactor field is zero or absent. It also affects curves not built-in to the library, but constructed programatically with explicit parameters, then calling EC_GROUP_set_generator with a nonsensical value (NULL, zero). The very old scalar multiplication code is known to be vulnerable to local uarch attacks, outside of the OpenSSL threat model. New results suggest the code path is also vulnerable to traditional wall clock timing attacks. CVE-2019-1547 Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9827) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_lib.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++----- test/ectest.c | 89 +++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 182 insertions(+), 12 deletions(-) diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index d30504de65..bc52e63443 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -274,6 +274,67 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth) static int ec_precompute_mont_data(EC_GROUP *); +/*- + * Try computing cofactor from the generator order (n) and field cardinality (q). + * This works for all curves of cryptographic interest. + * + * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q) + * h_min = (q + 1 - 2*sqrt(q))/n + * h_max = (q + 1 + 2*sqrt(q))/n + * h_max - h_min = 4*sqrt(q)/n + * So if n > 4*sqrt(q) holds, there is only one possible value for h: + * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil + * + * Otherwise, zero cofactor and return success. + */ +static int ec_guess_cofactor(EC_GROUP *group) { + int ret = 0; + BN_CTX *ctx = NULL; + BIGNUM *q = NULL; + + /*- + * If the cofactor is too large, we cannot guess it. + * The RHS of below is a strict overestimate of lg(4 * sqrt(q)) + */ + if (BN_num_bits(group->order) <= (BN_num_bits(group->field) + 1) / 2 + 3) { + /* default to 0 */ + BN_zero(group->cofactor); + /* return success */ + return 1; + } + + if ((ctx = BN_CTX_new_ex(group->libctx)) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; + + /* set q = 2**m for binary fields; q = p otherwise */ + if (group->meth->field_type == NID_X9_62_characteristic_two_field) { + BN_zero(q); + if (!BN_set_bit(q, BN_num_bits(group->field) - 1)) + goto err; + } else { + if (!BN_copy(q, group->field)) + goto err; + } + + /* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor */ + if (!BN_rshift1(group->cofactor, group->order) /* n/2 */ + || !BN_add(group->cofactor, group->cofactor, q) /* q + n/2 */ + /* q + 1 + n/2 */ + || !BN_add(group->cofactor, group->cofactor, BN_value_one()) + /* (q + 1 + n/2)/n */ + || !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx)) + goto err; + ret = 1; + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { @@ -282,6 +343,34 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, return 0; } + /* require group->field >= 1 */ + if (group->field == NULL || BN_is_zero(group->field) + || BN_is_negative(group->field)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD); + return 0; + } + + /*- + * - require order >= 1 + * - enforce upper bound due to Hasse thm: order can be no more than one bit + * longer than field cardinality + */ + if (order == NULL || BN_is_zero(order) || BN_is_negative(order) + || BN_num_bits(order) > BN_num_bits(group->field) + 1) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_GROUP_ORDER); + return 0; + } + + /*- + * Unfortunately the cofactor is an optional field in many standards. + * Internally, the lib uses 0 cofactor as a marker for "unknown cofactor". + * So accept cofactor == NULL or cofactor >= 0. + */ + if (cofactor != NULL && BN_is_negative(cofactor)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_UNKNOWN_COFACTOR); + return 0; + } + if (group->generator == NULL) { group->generator = EC_POINT_new(group); if (group->generator == NULL) @@ -290,20 +379,18 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, if (!EC_POINT_copy(group->generator, generator)) return 0; - if (order != NULL) { - if (!BN_copy(group->order, order)) - return 0; - } else { - BN_zero(group->order); - } + if (!BN_copy(group->order, order)) + return 0; - /* The cofactor is an optional field, so it should be able to be NULL. */ - if (cofactor != NULL) { + /* Either take the provided positive cofactor, or try to compute it */ + if (cofactor != NULL && !BN_is_zero(cofactor)) { if (!BN_copy(group->cofactor, cofactor)) return 0; - } else { + } else if (!ec_guess_cofactor(group)) { BN_zero(group->cofactor); + return 0; } + /* * Some groups have an order with * factors of two, which makes the Montgomery setup fail. diff --git a/test/ectest.c b/test/ectest.c index cfe6d869eb..2cbbd4e340 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1679,9 +1679,8 @@ static int check_named_curve_test(int id) group_cofactor)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) /* The order is not an optional field, so this should fail */ - || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, NULL, - group_cofactor)) - || !TEST_int_le(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) + || TEST_true(EC_GROUP_set_generator(gtest, group_gen, NULL, + group_cofactor)) || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, other_cofactor)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) @@ -1856,6 +1855,89 @@ err: return r; } +/*- + * For named curves, test that: + * - the lib correctly computes the cofactor if passed a NULL or zero cofactor + * - a nonsensical cofactor throws an error (negative test) + * - nonsensical orders throw errors (negative tests) + */ +static int cardinality_test(int n) +{ + int ret = 0; + int nid = curves[n].nid; + BN_CTX *ctx = NULL; + EC_GROUP *g1 = NULL, *g2 = NULL; + EC_POINT *g2_gen = NULL; + BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL, + *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL; + + TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(g2 = EC_GROUP_new(EC_GROUP_method_of(g1)))) { + EC_GROUP_free(g1); + EC_GROUP_free(g2); + BN_CTX_free(ctx); + return 0; + } + + BN_CTX_start(ctx); + g1_p = BN_CTX_get(ctx); + g1_a = BN_CTX_get(ctx); + g1_b = BN_CTX_get(ctx); + g1_x = BN_CTX_get(ctx); + g1_y = BN_CTX_get(ctx); + g1_order = BN_CTX_get(ctx); + g1_cf = BN_CTX_get(ctx); + + if (!TEST_ptr(g2_cf = BN_CTX_get(ctx)) + /* pull out the explicit curve parameters */ + || !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(g1, + EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx)) + || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) + || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) + /* construct g2 manually with g1 parameters */ + || !TEST_true(EC_GROUP_set_curve(g2, g1_p, g1_a, g1_b, ctx)) + || !TEST_ptr(g2_gen = EC_POINT_new(g2)) + || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx)) + /* pass NULL cofactor: lib should compute it */ + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* pass zero cofactor: lib should compute it */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* negative test for invalid cofactor */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + /* negative test for NULL order */ + || TEST_true(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL)) + /* negative test for zero order */ + || !TEST_true(BN_set_word(g1_order, 0)) + || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for negative order */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for too large order */ + || !TEST_true(BN_lshift(g1_order, g1_p, 2)) + || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) + goto err; + ret = 1; + err: + EC_POINT_free(g2_gen); + EC_GROUP_free(g1); + EC_GROUP_free(g2); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + static int check_ec_key_field_public_range_test(int id) { int ret = 0, type = 0; @@ -1921,6 +2003,7 @@ int setup_tests(void) return 0; ADD_TEST(parameter_test); + ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); # ifndef OPENSSL_NO_EC2M ADD_TEST(char2_field_tests); From builds at travis-ci.org Thu Sep 5 09:17:28 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 09:17:28 +0000 Subject: Still Failing: openssl/openssl#27890 (master - 46c428d) In-Reply-To: Message-ID: <5d70d2a89a691_43fe10ab7149014441f@a3becb4c-4d71-436f-9818-a68cefaf0780.mail> Build Update for openssl/openssl ------------------------------------- Build: #27890 Status: Still Failing Duration: 19 mins and 24 secs Commit: 46c428d (master) Author: Rich Salz Message: Make failed messages easier to find Now that we use travis_terminate, we can make the status messages simpler to find, and we don't need the "OK" output. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9707) View the changeset: https://github.com/openssl/openssl/compare/c70e2ec33943...46c428d73633 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581108443?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Thu Sep 5 09:47:43 2019 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 05 Sep 2019 09:47:43 +0000 Subject: [openssl] master update Message-ID: <1567676863.361202.16138.nullmailer@dev.openssl.org> The branch master has been updated via 0220fc9921f0aa3aea43e6b672b8f89b3eb0261a (commit) via 8bbc7f2211bacd201b8f2b219aad067c17b8c2ec (commit) from 6b4152f1896e07ed94dc82663846ae9d38d4ca42 (commit) - Log ----------------------------------------------------------------- commit 0220fc9921f0aa3aea43e6b672b8f89b3eb0261a Author: Dmitry Belyavskiy Date: Thu Sep 5 08:31:38 2019 +0300 Disallow change EVP_CIPHER properties once set Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9764) commit 8bbc7f2211bacd201b8f2b219aad067c17b8c2ec Author: Dmitry Belyavskiy Date: Wed Sep 4 22:49:09 2019 +0300 Disallow change EVP_MD properties once set Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9764) ----------------------------------------------------------------------- Summary of changes: crypto/evp/cmeth_lib.c | 27 +++++++++++++++++++++++++++ crypto/evp/evp_lib.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 34e85f6366..4d823f0f5e 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -54,18 +54,27 @@ void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) { + if (cipher->iv_len != 0) + return 0; + cipher->iv_len = iv_len; return 1; } int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) { + if (cipher->flags != 0) + return 0; + cipher->flags = flags; return 1; } int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) { + if (cipher->ctx_size != 0) + return 0; + cipher->ctx_size = ctx_size; return 1; } @@ -76,6 +85,9 @@ int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, const unsigned char *iv, int enc)) { + if (cipher->init != NULL) + return 0; + cipher->init = init; return 1; } @@ -86,6 +98,9 @@ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, const unsigned char *in, size_t inl)) { + if (cipher->do_cipher != NULL) + return 0; + cipher->do_cipher = do_cipher; return 1; } @@ -93,6 +108,9 @@ int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, int (*cleanup) (EVP_CIPHER_CTX *)) { + if (cipher->cleanup != NULL) + return 0; + cipher->cleanup = cleanup; return 1; } @@ -101,6 +119,9 @@ int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *)) { + if (cipher->set_asn1_parameters != NULL) + return 0; + cipher->set_asn1_parameters = set_asn1_parameters; return 1; } @@ -109,6 +130,9 @@ int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *)) { + if (cipher->get_asn1_parameters != NULL) + return 0; + cipher->get_asn1_parameters = get_asn1_parameters; return 1; } @@ -117,6 +141,9 @@ int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr)) { + if (cipher->ctrl != NULL) + return 0; + cipher->ctrl = ctrl; return 1; } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index acb90f222b..9c3edb3322 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -574,26 +574,41 @@ void EVP_MD_meth_free(EVP_MD *md) } int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) { + if (md->block_size != 0) + return 0; + md->block_size = blocksize; return 1; } int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize) { + if (md->md_size != 0) + return 0; + md->md_size = resultsize; return 1; } int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) { + if (md->ctx_size != 0) + return 0; + md->ctx_size = datasize; return 1; } int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) { + if (md->flags != 0) + return 0; + md->flags = flags; return 1; } int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) { + if (md->init != NULL) + return 0; + md->init = init; return 1; } @@ -601,29 +616,44 @@ int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)) { + if (md->update != NULL) + return 0; + md->update = update; return 1; } int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, unsigned char *md)) { + if (md->final != NULL) + return 0; + md->final = final; return 1; } int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)) { + if (md->copy != NULL) + return 0; + md->copy = copy; return 1; } int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)) { + if (md->cleanup != NULL) + return 0; + md->cleanup = cleanup; return 1; } int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)) { + if (md->md_ctrl != NULL) + return 0; + md->md_ctrl = ctrl; return 1; } From builds at travis-ci.org Thu Sep 5 09:42:24 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 09:42:24 +0000 Subject: Errored: openssl/openssl#27891 (master - 6b4152f) In-Reply-To: Message-ID: <5d70d87fc087f_43fa45e733e98205815@f63c505f-14e7-4432-87e7-0cce7afc1f73.mail> Build Update for openssl/openssl ------------------------------------- Build: #27891 Status: Errored Duration: 20 mins and 24 secs Commit: 6b4152f (master) Author: Billy Brumley Message: [test] computing ECC cofactors: regression test Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9827) View the changeset: https://github.com/openssl/openssl/compare/46c428d73633...6b4152f1896e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581117303?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 5 10:07:27 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 10:07:27 +0000 Subject: Failed: openssl/openssl#27892 (master - 0220fc9) In-Reply-To: Message-ID: <5d70de5ee3d3f_43ff1775362d89889c@14437e77-ab3e-4b27-afa1-6a1125050fc0.mail> Build Update for openssl/openssl ------------------------------------- Build: #27892 Status: Failed Duration: 19 mins and 5 secs Commit: 0220fc9 (master) Author: Dmitry Belyavskiy Message: Disallow change EVP_CIPHER properties once set Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9764) View the changeset: https://github.com/openssl/openssl/compare/6b4152f1896e...0220fc9921f0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581127094?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From beldmit at gmail.com Thu Sep 5 13:32:34 2019 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 05 Sep 2019 13:32:34 +0000 Subject: [openssl] master update Message-ID: <1567690354.383088.9988.nullmailer@dev.openssl.org> The branch master has been updated via 464ac47f81c07d5630026d3ce1251da00c469e00 (commit) from 0220fc9921f0aa3aea43e6b672b8f89b3eb0261a (commit) - Log ----------------------------------------------------------------- commit 464ac47f81c07d5630026d3ce1251da00c469e00 Author: Dmitry Belyavskiy Date: Thu Sep 5 15:50:58 2019 +0300 Reverting check to correct Fixes #9773. Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9776) ----------------------------------------------------------------------- Summary of changes: crypto/evp/cmeth_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index 4d823f0f5e..ba61c52564 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -38,7 +38,7 @@ EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) return NULL; if ((to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, - cipher->key_len)) == NULL) { + cipher->key_len)) != NULL) { CRYPTO_RWLOCK *lock = to->lock; memcpy(to, cipher, sizeof(*to)); From builds at travis-ci.org Thu Sep 5 14:00:25 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 14:00:25 +0000 Subject: Still Failing: openssl/openssl#27898 (master - 464ac47) In-Reply-To: Message-ID: <5d7114f8bd0c3_43f8fa5a7e31438991d@e86196f1-8977-4f92-be7e-61e16cd71ede.mail> Build Update for openssl/openssl ------------------------------------- Build: #27898 Status: Still Failing Duration: 22 mins and 18 secs Commit: 464ac47 (master) Author: Dmitry Belyavskiy Message: Reverting check to correct Fixes #9773. Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9776) View the changeset: https://github.com/openssl/openssl/compare/0220fc9921f0...464ac47f81c0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581210190?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Sep 5 19:50:18 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 05 Sep 2019 19:50:18 +0000 Subject: [openssl] master update Message-ID: <1567713018.688248.13142.nullmailer@dev.openssl.org> The branch master has been updated via 7e8c3381937354cf171ceaf4c69315e9a45d4858 (commit) from 464ac47f81c07d5630026d3ce1251da00c469e00 (commit) - Log ----------------------------------------------------------------- commit 7e8c3381937354cf171ceaf4c69315e9a45d4858 Author: Viktor Dukhovni Date: Sun Dec 9 17:10:29 2018 -0500 Undeprecate OpenSSL_version_num and OPENSSL_VERSION_NUMBER The OpenSSL_version_num() function returns at runtime the OPENSSL_VERSION_NUMBER of the compiled OpenSSL library. This is a used and useful interface, and should not (at least yet) be deprecated, we just introduced the new versioning schema, it seems too early to deprecate the old. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7853) ----------------------------------------------------------------------- Summary of changes: crypto/cversion.c | 2 -- include/openssl/crypto.h | 2 +- include/openssl/opensslv.h | 22 +++++++++------------- util/libcrypto.num | 2 +- 4 files changed, 11 insertions(+), 17 deletions(-) diff --git a/crypto/cversion.c b/crypto/cversion.c index 2a0dcf9445..c81f56f42b 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -11,12 +11,10 @@ #include "buildinf.h" -#if !OPENSSL_API_3 unsigned long OpenSSL_version_num(void) { return OPENSSL_VERSION_NUMBER; } -#endif unsigned int OPENSSL_version_major(void) { diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 05580ad93c..da62eef1b1 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -158,7 +158,7 @@ int OPENSSL_hexchar2int(unsigned char c); # define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) -DEPRECATEDIN_3(unsigned long OpenSSL_version_num(void)) +unsigned long OpenSSL_version_num(void); const char *OpenSSL_version(int type); # define OPENSSL_VERSION 0 # define OPENSSL_CFLAGS 1 diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index c1d4b6f9b6..6a62b495b2 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -121,21 +121,17 @@ const char *OPENSSL_version_build_metadata(void); /* * SECTION 4: BACKWARD COMPATIBILITY */ -# include - -# if !OPENSSL_API_4 /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ -# ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0L -# else -# define _OPENSSL_VERSION_PRE_RELEASE 0xfL -# endif -# define OPENSSL_VERSION_NUMBER \ - ( (OPENSSL_VERSION_MAJOR<<28) \ - |(OPENSSL_VERSION_MINOR<<20) \ - |(OPENSSL_VERSION_PATCH<<4) \ - |_OPENSSL_VERSION_PRE_RELEASE ) +# ifdef OPENSSL_VERSION_PRE_RELEASE +# define _OPENSSL_VERSION_PRE_RELEASE 0x0 +# else +# define _OPENSSL_VERSION_PRE_RELEASE 0xf # endif +# define OPENSSL_VERSION_NUMBER \ + ( (OPENSSL_VERSION_MAJOR<<28) \ + |(OPENSSL_VERSION_MINOR<<20) \ + |(OPENSSL_VERSION_PATCH<<4) \ + |_OPENSSL_VERSION_PRE_RELEASE ) # ifdef __cplusplus } diff --git a/util/libcrypto.num b/util/libcrypto.num index 9f7b0fd7c6..e6567aefe2 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -3150,7 +3150,7 @@ CMS_RecipientInfo_get0_pkey_ctx 3215 3_0_0 EXIST::FUNCTION:CMS OCSP_REQINFO_free 3216 3_0_0 EXIST::FUNCTION:OCSP AUTHORITY_KEYID_new 3217 3_0_0 EXIST::FUNCTION: i2d_DIST_POINT_NAME 3218 3_0_0 EXIST::FUNCTION: -OpenSSL_version_num 3219 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 +OpenSSL_version_num 3219 3_0_0 EXIST::FUNCTION: OCSP_CERTID_free 3220 3_0_0 EXIST::FUNCTION:OCSP BIO_hex_string 3221 3_0_0 EXIST::FUNCTION: X509_REQ_sign_ctx 3222 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Thu Sep 5 20:15:11 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 05 Sep 2019 20:15:11 +0000 Subject: Still Failing: openssl/openssl#27908 (master - 7e8c338) In-Reply-To: Message-ID: <5d716ccf7ec3f_43fc6d734584011488c@7e70ebe6-0ccd-4f27-8c82-e60f3acb76bc.mail> Build Update for openssl/openssl ------------------------------------- Build: #27908 Status: Still Failing Duration: 24 mins and 7 secs Commit: 7e8c338 (master) Author: Viktor Dukhovni Message: Undeprecate OpenSSL_version_num and OPENSSL_VERSION_NUMBER The OpenSSL_version_num() function returns at runtime the OPENSSL_VERSION_NUMBER of the compiled OpenSSL library. This is a used and useful interface, and should not (at least yet) be deprecated, we just introduced the new versioning schema, it seems too early to deprecate the old. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7853) View the changeset: https://github.com/openssl/openssl/compare/464ac47f81c0...7e8c33819373 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581376116?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Sep 6 03:50:08 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Sep 2019 03:50:08 +0000 Subject: Build failed: openssl master.27339 Message-ID: <20190906035008.1.2356117D13AF9AC2@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Sep 6 04:15:55 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Sep 2019 04:15:55 +0000 Subject: Build completed: openssl master.27340 Message-ID: <20190906041555.1.8D04EAA1995F73AE@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Sep 6 06:37:33 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Sep 2019 06:37:33 +0000 Subject: Build failed: openssl master.27341 Message-ID: <20190906063733.1.D7378BB6DBFEE5C0@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Sep 6 07:20:16 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Sep 2019 07:20:16 +0000 Subject: Build completed: openssl master.27342 Message-ID: <20190906072016.1.0DADDB612A0879F4@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Sep 6 09:16:33 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Sep 2019 09:16:33 +0000 Subject: [openssl] master update Message-ID: <1567761393.839270.11505.nullmailer@dev.openssl.org> The branch master has been updated via dc5bcb88d819de55eb37460c122e02fec91c6d86 (commit) via debb64a0ca43969eb3f043aa8895a4faa7f12b6e (commit) from 7e8c3381937354cf171ceaf4c69315e9a45d4858 (commit) - Log ----------------------------------------------------------------- commit dc5bcb88d819de55eb37460c122e02fec91c6d86 Author: Matt Caswell Date: Thu Sep 5 16:21:56 2019 +0100 Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9780) commit debb64a0ca43969eb3f043aa8895a4faa7f12b6e Author: Matt Caswell Date: Thu Sep 5 16:43:57 2019 +0100 Don't send a status_request extension in a CertificateRequest message If a TLSv1.3 server configured to respond to the status_request extension also attempted to send a CertificateRequest then it was incorrectly inserting a non zero length status_request extension into that message. The TLSv1.3 RFC does allow that extension in that message but it must always be zero length. In fact we should not be sending the extension at all in that message because we don't support it. Fixes #9767 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9780) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_srvr.c | 4 + test/recipes/70-test_sslmessages.t | 25 +++++- test/recipes/70-test_tls13kexmodes.t | 36 ++++++++- test/recipes/70-test_tls13messages.t | 89 +++++++++++++++++----- ...ncryptedExtensions.pm => CertificateRequest.pm} | 45 +++++------ util/perl/TLSProxy/Message.pm | 14 ++++ util/perl/TLSProxy/Proxy.pm | 1 + util/perl/checkhandshake.pm | 18 +++-- 8 files changed, 181 insertions(+), 51 deletions(-) copy util/perl/TLSProxy/{EncryptedExtensions.pm => CertificateRequest.pm} (65%) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index e16722cbeb..1c023fc6c4 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1491,6 +1491,10 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { + /* We don't currently support this extension inside a CertificateRequest */ + if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) + return EXT_RETURN_NOT_SENT; + if (!s->ext.status_expected) return EXT_RETURN_NOT_SENT; diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index 6fb1f8557e..9f8c3226e6 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -95,58 +95,81 @@ my $proxy = TLSProxy::Proxy->new( @extensions = ( [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], (disabled("ec") ? () : [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS]), (disabled("ec") ? () : [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS]), (disabled("tls1_2") ? () : [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS]), [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + TLSProxy::Message::CLIENT, checkhandshake::RENEGOTIATE_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN, + TLSProxy::Message::CLIENT, checkhandshake::NPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP, + TLSProxy::Message::CLIENT, checkhandshake::SRP_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::SERVER, checkhandshake::SESSION_TICKET_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::SERVER, checkhandshake::SERVER_NAME_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::SERVER, checkhandshake::STATUS_REQUEST_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::SERVER, checkhandshake::ALPN_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::SERVER, checkhandshake::SCT_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN, + TLSProxy::Message::SERVER, checkhandshake::NPN_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::SERVER, checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION], - [0,0,0] + [0,0,0,0] ); #Test 1: Check we get all the right messages for a default handshake diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 069d6149dd..ad10eddeb7 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -65,78 +65,112 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); @extensions = ( [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + TLSProxy::Message::CLIENT, checkhandshake::PSK_KEX_MODES_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::SERVER, checkhandshake::KEY_SHARE_HRR_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + TLSProxy::Message::CLIENT, checkhandshake::PSK_KEX_MODES_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::SERVER, checkhandshake::KEY_SHARE_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::SERVER, checkhandshake::PSK_SRV_EXTENSION], [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::SERVER, checkhandshake::STATUS_REQUEST_SRV_EXTENSION], - [0,0,0] + [0,0,0,0] ); use constant { diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index a3fc35e438..02afbdc4ff 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -65,92 +65,136 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); @extensions = ( [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, + TLSProxy::Message::CLIENT, checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::SERVER, checkhandshake::KEY_SHARE_HRR_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, + TLSProxy::Message::CLIENT, checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::SERVER, checkhandshake::PSK_SRV_EXTENSION], [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::SERVER, checkhandshake::SERVER_NAME_SRV_EXTENSION], [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::SERVER, checkhandshake::ALPN_SRV_EXTENSION], [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::SERVER, checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION], + [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::SERVER, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::SERVER, checkhandshake::STATUS_REQUEST_SRV_EXTENSION], [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::SERVER, checkhandshake::SCT_SRV_EXTENSION], - [0,0,0] + [0,0,0,0] ); my $proxy = TLSProxy::Proxy->new( @@ -166,7 +210,7 @@ $proxy->serverconnects(2); $proxy->clientflags("-sess_out ".$session); $proxy->sessionfile($session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 16; +plan tests => 17; checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "Default handshake test"); @@ -182,7 +226,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, "Resumption handshake test"); SKIP: { - skip "No OCSP support in this OpenSSL build", 3 + skip "No OCSP support in this OpenSSL build", 4 if disabled("ct") || disabled("ec") || disabled("ocsp"); #Test 3: A status_request handshake (client request only) $proxy->clear(); @@ -213,9 +257,23 @@ SKIP: { | checkhandshake::STATUS_REQUEST_CLI_EXTENSION | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, "status_request handshake test"); + + #Test 6: A status_request handshake (client and server) with client auth + $proxy->clear(); + $proxy->clientflags("-status -enable_pha -cert " + .srctop_file("apps", "server.pem")); + $proxy->serverflags("-Verify 5 -status_file " + .srctop_file("test", "recipes", "ocsp-response.der")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION + | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, + "status_request handshake with client auth test"); } -#Test 6: A client auth handshake +#Test 7: A client auth handshake $proxy->clear(); $proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem")); $proxy->serverflags("-Verify 5"); @@ -225,7 +283,7 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, "Client auth handshake test"); -#Test 7: Server name handshake (no client request) +#Test 8: Server name handshake (no client request) $proxy->clear(); $proxy->clientflags("-noservername"); $proxy->start(); @@ -234,7 +292,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (client)"); -#Test 8: Server name handshake (server support only) +#Test 9: Server name handshake (server support only) $proxy->clear(); $proxy->clientflags("-noservername"); $proxy->serverflags("-servername testhost"); @@ -244,7 +302,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (server)"); -#Test 9: Server name handshake (client and server) +#Test 10: Server name handshake (client and server) $proxy->clear(); $proxy->clientflags("-servername testhost"); $proxy->serverflags("-servername testhost"); @@ -254,7 +312,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | checkhandshake::SERVER_NAME_SRV_EXTENSION, "Server name handshake test"); -#Test 10: ALPN handshake (client request only) +#Test 11: ALPN handshake (client request only) $proxy->clear(); $proxy->clientflags("-alpn test"); $proxy->start(); @@ -263,7 +321,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | checkhandshake::ALPN_CLI_EXTENSION, "ALPN handshake test (client)"); -#Test 11: ALPN handshake (server support only) +#Test 12: ALPN handshake (server support only) $proxy->clear(); $proxy->serverflags("-alpn test"); $proxy->start(); @@ -271,7 +329,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "ALPN handshake test (server)"); -#Test 12: ALPN handshake (client and server) +#Test 13: ALPN handshake (client and server) $proxy->clear(); $proxy->clientflags("-alpn test"); $proxy->serverflags("-alpn test"); @@ -286,7 +344,7 @@ SKIP: { skip "No CT, EC or OCSP support in this OpenSSL build", 1 if disabled("ct") || disabled("ec") || disabled("ocsp"); - #Test 13: SCT handshake (client request only) + #Test 14: SCT handshake (client request only) $proxy->clear(); #Note: -ct also sends status_request $proxy->clientflags("-ct"); @@ -303,10 +361,7 @@ SKIP: { "SCT handshake test"); } - - - -#Test 14: HRR Handshake +#Test 15: HRR Handshake $proxy->clear(); $proxy->serverflags("-curves P-256"); $proxy->start(); @@ -315,7 +370,7 @@ checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, | checkhandshake::KEY_SHARE_HRR_EXTENSION, "HRR handshake test"); -#Test 15: Resumption handshake with HRR +#Test 16: Resumption handshake with HRR $proxy->clear(); $proxy->clientflags("-sess_in ".$session); $proxy->serverflags("-curves P-256"); @@ -327,7 +382,7 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, | checkhandshake::PSK_SRV_EXTENSION), "Resumption handshake with HRR test"); -#Test 16: Acceptable but non preferred key_share +#Test 17: Acceptable but non preferred key_share $proxy->clear(); $proxy->clientflags("-curves P-256"); $proxy->start(); diff --git a/util/perl/TLSProxy/EncryptedExtensions.pm b/util/perl/TLSProxy/CertificateRequest.pm similarity index 65% copy from util/perl/TLSProxy/EncryptedExtensions.pm copy to util/perl/TLSProxy/CertificateRequest.pm index 4fd445b41e..193bea168a 100644 --- a/util/perl/TLSProxy/EncryptedExtensions.pm +++ b/util/perl/TLSProxy/CertificateRequest.pm @@ -7,7 +7,7 @@ use strict; -package TLSProxy::EncryptedExtensions; +package TLSProxy::CertificateRequest; use vars '@ISA'; push @ISA, 'TLSProxy::Message'; @@ -23,7 +23,7 @@ sub new my $self = $class->SUPER::new( $server, - TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, + TLSProxy::Message::MT_CERTIFICATE_REQUEST, $data, $records, $startoffset, @@ -37,36 +37,31 @@ sub new sub parse { my $self = shift; + my $ptr = 1; - my $extensions_len = unpack('n', $self->data); - if (!defined $extensions_len) { - $extensions_len = 0; - } - - my $extension_data; - if ($extensions_len != 0) { - $extension_data = substr($self->data, 2); + if (TLSProxy::Proxy->is_tls13()) { + my $request_ctx_len = unpack('C', $self->data); + my $request_ctx = substr($self->data, $ptr, $request_ctx_len); + $ptr += $request_ctx_len; + my $extensions_len = unpack('n', substr($self->data, $ptr)); + $ptr += 2; + my $extension_data = substr($self->data, $ptr); if (length($extension_data) != $extensions_len) { die "Invalid extension length\n"; } - } else { - if (length($self->data) != 2) { - die "Invalid extension length\n"; + my %extensions = (); + while (length($extension_data) >= 4) { + my ($type, $size) = unpack("nn", $extension_data); + my $extdata = substr($extension_data, 4, $size); + $extension_data = substr($extension_data, 4 + $size); + $extensions{$type} = $extdata; } - $extension_data = ""; - } - my %extensions = (); - while (length($extension_data) >= 4) { - my ($type, $size) = unpack("nn", $extension_data); - my $extdata = substr($extension_data, 4, $size); - $extension_data = substr($extension_data, 4 + $size); - $extensions{$type} = $extdata; - } - - $self->extension_data(\%extensions); + $self->extension_data(\%extensions); - print " Extensions Len:".$extensions_len."\n"; + print " Extensions Len:".$extensions_len."\n"; + } + # else parse TLSv1.2 version - we don't support that at the moment } #Reconstruct the on-the-wire message data following changes diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index bc5561c892..4780302a51 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -129,6 +129,11 @@ use constant { CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302 }; +use constant { + CLIENT => 0, + SERVER => 1 +}; + my $payload = ""; my $messlen = -1; my $mt; @@ -338,6 +343,15 @@ sub create_message [@message_frag_lens] ); $message->parse(); + } elsif ($mt == MT_CERTIFICATE_REQUEST) { + $message = TLSProxy::CertificateRequest->new( + $server, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); } elsif ($mt == MT_CERTIFICATE_VERIFY) { $message = TLSProxy::CertificateVerify->new( $server, diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index a583e636cd..f91d4a8994 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -19,6 +19,7 @@ use TLSProxy::ClientHello; use TLSProxy::ServerHello; use TLSProxy::EncryptedExtensions; use TLSProxy::Certificate; +use TLSProxy::CertificateRequest; use TLSProxy::CertificateVerify; use TLSProxy::ServerKeyExchange; use TLSProxy::NewSessionTicket; diff --git a/util/perl/checkhandshake.pm b/util/perl/checkhandshake.pm index 5e8e6d4416..a2ae24ee2a 100644 --- a/util/perl/checkhandshake.pm +++ b/util/perl/checkhandshake.pm @@ -116,7 +116,8 @@ sub checkhandshake($$$$) && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS - && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); @@ -124,7 +125,7 @@ sub checkhandshake($$$$) my $extchnum = 1; my $extshnum = 1; for (my $extloop = 0; - $extensions[$extloop][2] != 0; + $extensions[$extloop][3] != 0; $extloop++) { $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO && TLSProxy::Proxy::is_tls13(); @@ -135,6 +136,7 @@ sub checkhandshake($$$$) next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); + next if ($message->server() != $extensions[$extloop][2]); $numtests++; } $numtests++; @@ -182,7 +184,8 @@ sub checkhandshake($$$$) && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS - && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); @@ -197,7 +200,7 @@ sub checkhandshake($$$$) my $msgexts = $message->extension_data(); my $extchnum = 1; my $extshnum = 1; - for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0; + for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0; $extloop++) { #In TLSv1.3 we can have two ClientHellos if there has been a #HelloRetryRequest, and they may have different extensions. Skip @@ -211,12 +214,13 @@ sub checkhandshake($$$$) next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); - ok (($extensions[$extloop][2] & $exttype) == 0 + next if ($message->server() != $extensions[$extloop][2]); + ok (($extensions[$extloop][3] & $exttype) == 0 || defined ($msgexts->{$extensions[$extloop][1]}), "Extension presence check (Message: ".$message->mt() - ." Extension: ".($extensions[$extloop][2] & $exttype).", " + ." Extension: ".($extensions[$extloop][3] & $exttype).", " .$extloop.")"); - $extcount++ if (($extensions[$extloop][2] & $exttype) != 0); + $extcount++ if (($extensions[$extloop][3] & $exttype) != 0); } ok($extcount == keys %$msgexts, "Extensions count mismatch (" .$extcount.", ".(keys %$msgexts) From matt at openssl.org Fri Sep 6 09:16:52 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Sep 2019 09:16:52 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567761412.520507.12497.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 6f34a16ea9a4d37e11a26dd4c3694ea5b107e53f (commit) via f8affa299534532b42b09eac5457f8bbf5216941 (commit) from 5d16346679d72a4770ec01508ead7f61cf7cbf34 (commit) - Log ----------------------------------------------------------------- commit 6f34a16ea9a4d37e11a26dd4c3694ea5b107e53f Author: Matt Caswell Date: Thu Sep 5 16:21:56 2019 +0100 Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9780) (cherry picked from commit dc5bcb88d819de55eb37460c122e02fec91c6d86) commit f8affa299534532b42b09eac5457f8bbf5216941 Author: Matt Caswell Date: Thu Sep 5 16:43:57 2019 +0100 Don't send a status_request extension in a CertificateRequest message If a TLSv1.3 server configured to respond to the status_request extension also attempted to send a CertificateRequest then it was incorrectly inserting a non zero length status_request extension into that message. The TLSv1.3 RFC does allow that extension in that message but it must always be zero length. In fact we should not be sending the extension at all in that message because we don't support it. Fixes #9767 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9780) (cherry picked from commit debb64a0ca43969eb3f043aa8895a4faa7f12b6e) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_srvr.c | 4 + test/recipes/70-test_sslmessages.t | 25 +++++- test/recipes/70-test_tls13kexmodes.t | 36 ++++++++- test/recipes/70-test_tls13messages.t | 89 +++++++++++++++++----- ...ncryptedExtensions.pm => CertificateRequest.pm} | 49 ++++++------ util/perl/TLSProxy/Message.pm | 14 ++++ util/perl/TLSProxy/Proxy.pm | 1 + util/perl/checkhandshake.pm | 18 +++-- 8 files changed, 183 insertions(+), 53 deletions(-) copy util/perl/TLSProxy/{EncryptedExtensions.pm => CertificateRequest.pm} (60%) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index ff4287c584..ab5453f63e 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1487,6 +1487,10 @@ EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { + /* We don't currently support this extension inside a CertificateRequest */ + if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) + return EXT_RETURN_NOT_SENT; + if (!s->ext.status_expected) return EXT_RETURN_NOT_SENT; diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index 1e4676973a..5ee99feab8 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -95,58 +95,81 @@ my $proxy = TLSProxy::Proxy->new( @extensions = ( [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], (disabled("ec") ? () : [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS]), (disabled("ec") ? () : [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS]), (disabled("tls1_2") ? () : [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS]), [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + TLSProxy::Message::CLIENT, checkhandshake::RENEGOTIATE_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN, + TLSProxy::Message::CLIENT, checkhandshake::NPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP, + TLSProxy::Message::CLIENT, checkhandshake::SRP_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::SERVER, checkhandshake::SESSION_TICKET_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::SERVER, checkhandshake::SERVER_NAME_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::SERVER, checkhandshake::STATUS_REQUEST_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::SERVER, checkhandshake::ALPN_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::SERVER, checkhandshake::SCT_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN, + TLSProxy::Message::SERVER, checkhandshake::NPN_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::SERVER, checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION], - [0,0,0] + [0,0,0,0] ); #Test 1: Check we get all the right messages for a default handshake diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 716e260e5f..e5fcf8e271 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -62,78 +62,112 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); @extensions = ( [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + TLSProxy::Message::CLIENT, checkhandshake::PSK_KEX_MODES_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::SERVER, checkhandshake::KEY_SHARE_HRR_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + TLSProxy::Message::CLIENT, checkhandshake::PSK_KEX_MODES_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::SERVER, checkhandshake::KEY_SHARE_SRV_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::SERVER, checkhandshake::PSK_SRV_EXTENSION], [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::SERVER, checkhandshake::STATUS_REQUEST_SRV_EXTENSION], - [0,0,0] + [0,0,0,0] ); use constant { diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index be6a2db5d6..435fef57c6 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -62,92 +62,136 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); @extensions = ( [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, + TLSProxy::Message::CLIENT, checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::SERVER, checkhandshake::KEY_SHARE_HRR_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::CLIENT, checkhandshake::SERVER_NAME_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::CLIENT, checkhandshake::STATUS_REQUEST_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::CLIENT, checkhandshake::ALPN_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::CLIENT, checkhandshake::SCT_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES, + TLSProxy::Message::CLIENT, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::CLIENT, checkhandshake::PSK_CLI_EXTENSION], [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH, + TLSProxy::Message::CLIENT, checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE, + TLSProxy::Message::SERVER, checkhandshake::DEFAULT_EXTENSIONS], [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK, + TLSProxy::Message::SERVER, checkhandshake::PSK_SRV_EXTENSION], [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME, + TLSProxy::Message::SERVER, checkhandshake::SERVER_NAME_SRV_EXTENSION], [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN, + TLSProxy::Message::SERVER, checkhandshake::ALPN_SRV_EXTENSION], [TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS, + TLSProxy::Message::SERVER, checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION], + [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS, + TLSProxy::Message::SERVER, + checkhandshake::DEFAULT_EXTENSIONS], + [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST, + TLSProxy::Message::SERVER, checkhandshake::STATUS_REQUEST_SRV_EXTENSION], [TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT, + TLSProxy::Message::SERVER, checkhandshake::SCT_SRV_EXTENSION], - [0,0,0] + [0,0,0,0] ); my $proxy = TLSProxy::Proxy->new( @@ -163,7 +207,7 @@ $proxy->serverconnects(2); $proxy->clientflags("-sess_out ".$session); $proxy->sessionfile($session); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 16; +plan tests => 17; checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "Default handshake test"); @@ -179,7 +223,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE, "Resumption handshake test"); SKIP: { - skip "No OCSP support in this OpenSSL build", 3 + skip "No OCSP support in this OpenSSL build", 4 if disabled("ct") || disabled("ec") || disabled("ocsp"); #Test 3: A status_request handshake (client request only) $proxy->clear(); @@ -210,9 +254,23 @@ SKIP: { | checkhandshake::STATUS_REQUEST_CLI_EXTENSION | checkhandshake::STATUS_REQUEST_SRV_EXTENSION, "status_request handshake test"); + + #Test 6: A status_request handshake (client and server) with client auth + $proxy->clear(); + $proxy->clientflags("-status -enable_pha -cert " + .srctop_file("apps", "server.pem")); + $proxy->serverflags("-Verify 5 -status_file " + .srctop_file("test", "recipes", "ocsp-response.der")); + $proxy->start(); + checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, + checkhandshake::DEFAULT_EXTENSIONS + | checkhandshake::STATUS_REQUEST_CLI_EXTENSION + | checkhandshake::STATUS_REQUEST_SRV_EXTENSION + | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, + "status_request handshake with client auth test"); } -#Test 6: A client auth handshake +#Test 7: A client auth handshake $proxy->clear(); $proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem")); $proxy->serverflags("-Verify 5"); @@ -222,7 +280,7 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION, "Client auth handshake test"); -#Test 7: Server name handshake (no client request) +#Test 8: Server name handshake (no client request) $proxy->clear(); $proxy->clientflags("-noservername"); $proxy->start(); @@ -231,7 +289,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (client)"); -#Test 8: Server name handshake (server support only) +#Test 9: Server name handshake (server support only) $proxy->clear(); $proxy->clientflags("-noservername"); $proxy->serverflags("-servername testhost"); @@ -241,7 +299,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (server)"); -#Test 9: Server name handshake (client and server) +#Test 10: Server name handshake (client and server) $proxy->clear(); $proxy->clientflags("-servername testhost"); $proxy->serverflags("-servername testhost"); @@ -251,7 +309,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | checkhandshake::SERVER_NAME_SRV_EXTENSION, "Server name handshake test"); -#Test 10: ALPN handshake (client request only) +#Test 11: ALPN handshake (client request only) $proxy->clear(); $proxy->clientflags("-alpn test"); $proxy->start(); @@ -260,7 +318,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | checkhandshake::ALPN_CLI_EXTENSION, "ALPN handshake test (client)"); -#Test 11: ALPN handshake (server support only) +#Test 12: ALPN handshake (server support only) $proxy->clear(); $proxy->serverflags("-alpn test"); $proxy->start(); @@ -268,7 +326,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "ALPN handshake test (server)"); -#Test 12: ALPN handshake (client and server) +#Test 13: ALPN handshake (client and server) $proxy->clear(); $proxy->clientflags("-alpn test"); $proxy->serverflags("-alpn test"); @@ -283,7 +341,7 @@ SKIP: { skip "No CT, EC or OCSP support in this OpenSSL build", 1 if disabled("ct") || disabled("ec") || disabled("ocsp"); - #Test 13: SCT handshake (client request only) + #Test 14: SCT handshake (client request only) $proxy->clear(); #Note: -ct also sends status_request $proxy->clientflags("-ct"); @@ -300,10 +358,7 @@ SKIP: { "SCT handshake test"); } - - - -#Test 14: HRR Handshake +#Test 15: HRR Handshake $proxy->clear(); $proxy->serverflags("-curves P-256"); $proxy->start(); @@ -312,7 +367,7 @@ checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE, | checkhandshake::KEY_SHARE_HRR_EXTENSION, "HRR handshake test"); -#Test 15: Resumption handshake with HRR +#Test 16: Resumption handshake with HRR $proxy->clear(); $proxy->clientflags("-sess_in ".$session); $proxy->serverflags("-curves P-256"); @@ -324,7 +379,7 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE, | checkhandshake::PSK_SRV_EXTENSION), "Resumption handshake with HRR test"); -#Test 16: Acceptable but non preferred key_share +#Test 17: Acceptable but non preferred key_share $proxy->clear(); $proxy->clientflags("-curves P-256"); $proxy->start(); diff --git a/util/perl/TLSProxy/EncryptedExtensions.pm b/util/perl/TLSProxy/CertificateRequest.pm similarity index 60% copy from util/perl/TLSProxy/EncryptedExtensions.pm copy to util/perl/TLSProxy/CertificateRequest.pm index 262b720cf6..193bea168a 100644 --- a/util/perl/TLSProxy/EncryptedExtensions.pm +++ b/util/perl/TLSProxy/CertificateRequest.pm @@ -1,13 +1,13 @@ -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. # -# Licensed under the OpenSSL license (the "License"). You may not use +# Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html use strict; -package TLSProxy::EncryptedExtensions; +package TLSProxy::CertificateRequest; use vars '@ISA'; push @ISA, 'TLSProxy::Message'; @@ -23,7 +23,7 @@ sub new my $self = $class->SUPER::new( $server, - TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, + TLSProxy::Message::MT_CERTIFICATE_REQUEST, $data, $records, $startoffset, @@ -37,36 +37,31 @@ sub new sub parse { my $self = shift; + my $ptr = 1; - my $extensions_len = unpack('n', $self->data); - if (!defined $extensions_len) { - $extensions_len = 0; - } - - my $extension_data; - if ($extensions_len != 0) { - $extension_data = substr($self->data, 2); + if (TLSProxy::Proxy->is_tls13()) { + my $request_ctx_len = unpack('C', $self->data); + my $request_ctx = substr($self->data, $ptr, $request_ctx_len); + $ptr += $request_ctx_len; + my $extensions_len = unpack('n', substr($self->data, $ptr)); + $ptr += 2; + my $extension_data = substr($self->data, $ptr); if (length($extension_data) != $extensions_len) { die "Invalid extension length\n"; } - } else { - if (length($self->data) != 2) { - die "Invalid extension length\n"; + my %extensions = (); + while (length($extension_data) >= 4) { + my ($type, $size) = unpack("nn", $extension_data); + my $extdata = substr($extension_data, 4, $size); + $extension_data = substr($extension_data, 4 + $size); + $extensions{$type} = $extdata; } - $extension_data = ""; - } - my %extensions = (); - while (length($extension_data) >= 4) { - my ($type, $size) = unpack("nn", $extension_data); - my $extdata = substr($extension_data, 4, $size); - $extension_data = substr($extension_data, 4 + $size); - $extensions{$type} = $extdata; - } - - $self->extension_data(\%extensions); + $self->extension_data(\%extensions); - print " Extensions Len:".$extensions_len."\n"; + print " Extensions Len:".$extensions_len."\n"; + } + # else parse TLSv1.2 version - we don't support that at the moment } #Reconstruct the on-the-wire message data following changes diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index 5682ae3e15..10b6156074 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -129,6 +129,11 @@ use constant { CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302 }; +use constant { + CLIENT => 0, + SERVER => 1 +}; + my $payload = ""; my $messlen = -1; my $mt; @@ -338,6 +343,15 @@ sub create_message [@message_frag_lens] ); $message->parse(); + } elsif ($mt == MT_CERTIFICATE_REQUEST) { + $message = TLSProxy::CertificateRequest->new( + $server, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); } elsif ($mt == MT_CERTIFICATE_VERIFY) { $message = TLSProxy::CertificateVerify->new( $server, diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index f7bca02e58..71acaff9b4 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -19,6 +19,7 @@ use TLSProxy::ClientHello; use TLSProxy::ServerHello; use TLSProxy::EncryptedExtensions; use TLSProxy::Certificate; +use TLSProxy::CertificateRequest; use TLSProxy::CertificateVerify; use TLSProxy::ServerKeyExchange; use TLSProxy::NewSessionTicket; diff --git a/util/perl/checkhandshake.pm b/util/perl/checkhandshake.pm index c53b96d5ee..07bf6608b3 100644 --- a/util/perl/checkhandshake.pm +++ b/util/perl/checkhandshake.pm @@ -116,7 +116,8 @@ sub checkhandshake($$$$) && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS - && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); @@ -124,7 +125,7 @@ sub checkhandshake($$$$) my $extchnum = 1; my $extshnum = 1; for (my $extloop = 0; - $extensions[$extloop][2] != 0; + $extensions[$extloop][3] != 0; $extloop++) { $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO && TLSProxy::Proxy::is_tls13(); @@ -135,6 +136,7 @@ sub checkhandshake($$$$) next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); + next if ($message->server() != $extensions[$extloop][2]); $numtests++; } $numtests++; @@ -182,7 +184,8 @@ sub checkhandshake($$$$) && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS - && $message->mt() != TLSProxy::Message::MT_CERTIFICATE); + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE + && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST); next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); @@ -197,7 +200,7 @@ sub checkhandshake($$$$) my $msgexts = $message->extension_data(); my $extchnum = 1; my $extshnum = 1; - for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0; + for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0; $extloop++) { #In TLSv1.3 we can have two ClientHellos if there has been a #HelloRetryRequest, and they may have different extensions. Skip @@ -211,12 +214,13 @@ sub checkhandshake($$$$) next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO && $extshnum != $shnum; next if ($message->mt() != $extensions[$extloop][0]); - ok (($extensions[$extloop][2] & $exttype) == 0 + next if ($message->server() != $extensions[$extloop][2]); + ok (($extensions[$extloop][3] & $exttype) == 0 || defined ($msgexts->{$extensions[$extloop][1]}), "Extension presence check (Message: ".$message->mt() - ." Extension: ".($extensions[$extloop][2] & $exttype).", " + ." Extension: ".($extensions[$extloop][3] & $exttype).", " .$extloop.")"); - $extcount++ if (($extensions[$extloop][2] & $exttype) != 0); + $extcount++ if (($extensions[$extloop][3] & $exttype) != 0); } ok($extcount == keys %$msgexts, "Extensions count mismatch (" .$extcount.", ".(keys %$msgexts) From pauli at openssl.org Fri Sep 6 09:37:23 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 06 Sep 2019 09:37:23 +0000 Subject: [openssl] master update Message-ID: <1567762643.844889.16294.nullmailer@dev.openssl.org> The branch master has been updated via c7bfb138acf6103ae6fd178eb212b110bfb39c0d (commit) via ad1700c706517704e0ba2204ed317a365099cbef (commit) via d4496dc129363153f3d887ab8d2b0c01d3f93f0e (commit) via f575bd2af73e19b8f317a2a857ba6d1eb0ca0c14 (commit) via 232ac89ce20ee7fa466680d0da9e2514b23f7ca8 (commit) via 65ce7e65531942fe9d55c12496b843d3db3bb2d3 (commit) via b4dca02940ce040305a9ca95896ccb65f43ec29c (commit) via ccd7115a4158a34008975ae83c3a733ba0be9911 (commit) via 53598b22987faead115463bf8bd027cd8f794cf3 (commit) via ea643c959f626fd3860b8aa49b42fd0b96e71492 (commit) via ff756eedb3b28964ac8e7a7825198ac1b26dfb98 (commit) via b1f15129933fdc98134ef2fcafb1ecea710f5920 (commit) via df2f8af4cb3e19fe5a1ed41582d1659aa6c4ef50 (commit) via a941920514995b520e7666897347fdcdcb5bf358 (commit) via 6d1c31540fa9453e6e31d4008c3b5ed18f7532ae (commit) via 1f9eac279b9f70adc63437db84f0f986933c5792 (commit) via 185ce3d93e25effe3c8f8992339c177ea4883d4f (commit) via 9d8e1569aa2adee724497ab016c5086ccbccad33 (commit) via d6c5d7f3de5e56f467631ee2e4866cf8a523bc02 (commit) via 59cba5ac8591dba5113fb674ad001d45450e59d1 (commit) via a308acb2c2809cb9ac30e8e987b2bdfb21f096e0 (commit) via fe6ec26b204a056aee2a24b79df09a45b2308603 (commit) via 37ed62107112d95f7b7c9bf75602a6ac40883a89 (commit) via fb9e6dd6f8b1de99c880ff3b458d6bc0dec907bb (commit) via 55accfd2f11d02cf4cfdc6077216ae59f1748f6a (commit) via f05b53a36821e8d34c094e0435e1625f32ae7102 (commit) via 2f7557016c8fa9a8ad2d0ba7d7b927a189d0369e (commit) via bf5739a0263ced7c70d94fbd73e8a840dabaf077 (commit) via 492939e5ef67441e87c66de2b13c79ba03f0fc5b (commit) via e3405a4a9a5334cd636940a547a25c09ffc76009 (commit) via 7707526b8dfa8063c4537c11199c15ad7a3cab1c (commit) via b50ca330cb02cad70bfb11401c47074e8e7d8a48 (commit) via ce3b1bb481d0e079c6f06963e91c285c7cbdb4df (commit) via 5eb43d382b3eb3fb6950cc8e0dce82886e23e984 (commit) from dc5bcb88d819de55eb37460c122e02fec91c6d86 (commit) - Log ----------------------------------------------------------------- commit c7bfb138acf6103ae6fd178eb212b110bfb39c0d Author: Pauli Date: Thu Sep 5 08:11:48 2019 +1000 libcrypto.num entries for KDFs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit ad1700c706517704e0ba2204ed317a365099cbef Author: Pauli Date: Tue Sep 3 14:30:53 2019 +1000 Move OSSL_OP_KDF into its rightful place amongst the other OSSL_OP_ definitions Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit d4496dc129363153f3d887ab8d2b0c01d3f93f0e Author: Pauli Date: Tue Sep 3 14:29:46 2019 +1000 Remove reference to legacy aliases for MAC and KDF Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit f575bd2af73e19b8f317a2a857ba6d1eb0ca0c14 Author: Pauli Date: Tue Sep 3 14:28:47 2019 +1000 Clear collected_seed after freeing it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 232ac89ce20ee7fa466680d0da9e2514b23f7ca8 Author: Pauli Date: Tue Sep 3 14:26:19 2019 +1000 Lowercase command line 'N' argument since params have lower case names Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 65ce7e65531942fe9d55c12496b843d3db3bb2d3 Author: Pauli Date: Mon Sep 2 14:23:50 2019 +1000 Update KDF documentation (section 3) Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit b4dca02940ce040305a9ca95896ccb65f43ec29c Author: Pauli Date: Mon Sep 2 13:58:42 2019 +1000 Update KDF documentation (section 1) Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit ccd7115a4158a34008975ae83c3a733ba0be9911 Author: Pauli Date: Mon Sep 2 13:58:22 2019 +1000 Update KDF documentation (section 7) Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 53598b22987faead115463bf8bd027cd8f794cf3 Author: Richard Levitte Date: Fri Aug 30 16:54:47 2019 +0200 Deal with BUF_MEM_grow ambiguity BUF_MEM_grow() returns the passed length, but also zero on error. If the passed length was zero, an extra check to see if a returned zero was an error or not is needed. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9662) commit ea643c959f626fd3860b8aa49b42fd0b96e71492 Author: Richard Levitte Date: Fri Aug 30 16:34:27 2019 +0200 crypto/evp/pkey_kdf.c: further special treatment of "seed" and "info" pkey_kdf_ctrl_str() has to do the same kind of special treatment as pkey_kdf_ctrl() does. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9662) commit ff756eedb3b28964ac8e7a7825198ac1b26dfb98 Author: Richard Levitte Date: Fri Aug 30 15:36:20 2019 +0200 More KDF cleanup The EVP_KDF_ definitions are no longer needed, and neither is EVP_get_kdfbyname() test/evp_kdf_test.c tried to use a EVP_get_kdfbyname() that was rewritten to use EVP_KDF_fetch() without ever freeing the resulting KDF method. It's better to refactor the test to use EVP_KDF_fetch directly. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9662) commit b1f15129933fdc98134ef2fcafb1ecea710f5920 Author: Richard Levitte Date: Fri Aug 30 15:11:08 2019 +0200 PBKDF2 implementation: refactor to avoid memleak Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9662) commit df2f8af4cb3e19fe5a1ed41582d1659aa6c4ef50 Author: Richard Levitte Date: Fri Aug 30 14:35:43 2019 +0200 Fix memleaks in KDF implementations Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9662) commit a941920514995b520e7666897347fdcdcb5bf358 Author: Richard Levitte Date: Fri Aug 30 14:32:55 2019 +0200 crypto/evp/pkey_kdf.c: Redo parameter processing Undo the caching scheme, pass through most controls as parameters, except for SEED and INFO, where we keep supporting adding data through additional ctrl calls by collecting the data, and only passing it to the EVP_KDF before calling its derive function. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9662) commit 6d1c31540fa9453e6e31d4008c3b5ed18f7532ae Author: Richard Levitte Date: Fri Aug 30 14:32:33 2019 +0200 crypto/evp/kdf_meth.c: Add the reset function to the method Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9662) commit 1f9eac279b9f70adc63437db84f0f986933c5792 Author: Pauli Date: Thu Aug 29 15:07:55 2019 +1000 Update private.num for KDFs/PRFs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 185ce3d93e25effe3c8f8992339c177ea4883d4f Author: Pauli Date: Thu Aug 29 13:02:54 2019 +1000 ossl_provider_library_context(NULL) returns NULL. This will only be required until everything is moved to providers and a NULL provider pointer won't be possible. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 9d8e1569aa2adee724497ab016c5086ccbccad33 Author: Pauli Date: Tue Aug 27 15:48:39 2019 +1000 Params from text to allow zero length value fields Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit d6c5d7f3de5e56f467631ee2e4866cf8a523bc02 Author: Pauli Date: Tue Aug 27 15:23:09 2019 +1000 Update EVP test data for KDFs and PRFs. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 59cba5ac8591dba5113fb674ad001d45450e59d1 Author: Pauli Date: Sat Aug 24 20:14:51 2019 +1000 KDF error codes reworked Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit a308acb2c2809cb9ac30e8e987b2bdfb21f096e0 Author: Pauli Date: Sat Aug 24 19:50:46 2019 +1000 Cleanse KDF missing crypto files Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit fe6ec26b204a056aee2a24b79df09a45b2308603 Author: Pauli Date: Sat Aug 24 19:50:21 2019 +1000 Cleanse KDF error files Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 37ed62107112d95f7b7c9bf75602a6ac40883a89 Author: Pauli Date: Sat Aug 24 19:49:46 2019 +1000 Cleanse crypto/kdf directory Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit fb9e6dd6f8b1de99c880ff3b458d6bc0dec907bb Author: Pauli Date: Wed Aug 21 18:54:35 2019 +1000 KDF/PRF updates to libcrypto Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 55accfd2f11d02cf4cfdc6077216ae59f1748f6a Author: Pauli Date: Wed Aug 21 18:53:45 2019 +1000 App updates for KDF provider conversion. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit f05b53a36821e8d34c094e0435e1625f32ae7102 Author: Pauli Date: Wed Aug 21 18:53:07 2019 +1000 KDF provider conversion error updates - generated Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 2f7557016c8fa9a8ad2d0ba7d7b927a189d0369e Author: Pauli Date: Wed Aug 21 18:52:32 2019 +1000 KDF additons to names and numbers Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit bf5739a0263ced7c70d94fbd73e8a840dabaf077 Author: Pauli Date: Wed Aug 21 18:52:04 2019 +1000 Test updates in light of the KDF switchover Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 492939e5ef67441e87c66de2b13c79ba03f0fc5b Author: Pauli Date: Wed Aug 21 18:51:34 2019 +1000 Documentation updates in light of the KDF conversion Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit e3405a4a9a5334cd636940a547a25c09ffc76009 Author: Pauli Date: Wed Aug 21 13:09:10 2019 +1000 Add KDFs to providers Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 7707526b8dfa8063c4537c11199c15ad7a3cab1c Author: Pauli Date: Wed Aug 21 08:06:29 2019 +1000 Fix users of KDFs to use params not ctls Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit b50ca330cb02cad70bfb11401c47074e8e7d8a48 Author: Pauli Date: Wed Aug 21 08:04:27 2019 +1000 Remove old KDF initialisation Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit ce3b1bb481d0e079c6f06963e91c285c7cbdb4df Author: Pauli Date: Wed Aug 21 08:01:08 2019 +1000 Fix TLS/SSL PRF usages. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) commit 5eb43d382b3eb3fb6950cc8e0dce82886e23e984 Author: Pauli Date: Wed Aug 21 08:00:12 2019 +1000 Move KDFs to the provider. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) ----------------------------------------------------------------------- Summary of changes: apps/kdf.c | 49 ++- apps/list.c | 61 +++- crypto/build.info | 2 +- crypto/dh/dh_kdf.c | 32 +- crypto/ec/ec_err.c | 2 + crypto/ec/ecdh_kdf.c | 28 +- crypto/err/err.c | 1 - crypto/err/err_all.c | 2 - crypto/err/openssl.txt | 84 ++--- crypto/evp/build.info | 6 +- crypto/evp/c_allkdf.c | 27 -- crypto/evp/evp_locl.h | 4 +- crypto/evp/kdf_lib.c | 140 +++++--- crypto/evp/kdf_meth.c | 197 ++++++++++ crypto/evp/names.c | 29 -- crypto/evp/p5_crpt2.c | 26 +- crypto/evp/pbe_scrypt.c | 25 +- crypto/evp/pkey_kdf.c | 264 +++++++++++--- crypto/include/internal/evp_int.h | 37 +- crypto/init.c | 29 -- crypto/kdf/build.info | 4 - crypto/kdf/kdf_err.c | 63 ---- crypto/kdf/kdf_local.h | 22 -- crypto/kdf/kdf_util.c | 73 ---- crypto/kdf/pbkdf2.c | 324 ----------------- crypto/kdf/sshkdf.c | 292 --------------- crypto/params_from_text.c | 85 ++--- crypto/provider_core.c | 3 +- doc/man1/openssl-kdf.pod | 14 +- doc/man1/openssl-list.pod | 10 +- doc/man3/EVP_KDF.pod | 259 ++++++++++++++ doc/man3/EVP_KDF_CTX.pod | 296 --------------- doc/man7/EVP_KDF-HKDF.pod | 154 ++++++++ .../{EVP_KDF_PBKDF2.pod => EVP_KDF-PBKDF2.pod} | 47 ++- .../{EVP_KDF_SCRYPT.pod => EVP_KDF-SCRYPT.pod} | 91 +++-- doc/man7/EVP_KDF-SS.pod | 197 ++++++++++ .../{EVP_KDF_SSHKDF.pod => EVP_KDF-SSHKDF.pod} | 116 +++--- doc/man7/EVP_KDF-TLS1_PRF.pod | 113 ++++++ doc/man7/EVP_KDF-X942.pod | 122 +++++++ doc/man7/EVP_KDF-X963.pod | 111 ++++++ doc/man7/EVP_KDF_HKDF.pod | 180 ---------- doc/man7/EVP_KDF_SS.pod | 222 ------------ doc/man7/EVP_KDF_TLS1_PRF.pod | 146 -------- doc/man7/EVP_KDF_X942.pod | 150 -------- doc/man7/EVP_KDF_X963.pod | 136 ------- include/openssl/core_names.h | 25 ++ include/openssl/core_numbers.h | 30 ++ include/openssl/crypto.h | 4 +- include/openssl/ecerr.h | 10 + include/openssl/err.h | 14 +- include/openssl/evperr.h | 4 +- include/openssl/kdf.h | 73 ++-- include/openssl/kdferr.h | 107 ------ providers/common/build.info | 2 +- providers/common/include/internal/provider_algs.h | 37 +- .../common/include/internal/providercommonerr.h | 26 ++ providers/common/kdfs/build.info | 13 + {crypto/kdf => providers/common/kdfs}/hkdf.c | 351 ++++++++++-------- providers/common/kdfs/pbkdf2.c | 355 ++++++++++++++++++ {crypto/kdf => providers/common/kdfs}/sskdf.c | 395 +++++++++++---------- {crypto/kdf => providers/common/kdfs}/tls1_prf.c | 279 +++++++++------ providers/common/provider_err.c | 36 ++ providers/default/build.info | 1 + providers/default/defltprov.c | 18 + providers/default/kdfs/build.info | 3 + {crypto/kdf => providers/default/kdfs}/scrypt.c | 335 ++++++++--------- providers/default/kdfs/sshkdf.c | 297 ++++++++++++++++ {crypto/kdf => providers/default/kdfs}/x942kdf.c | 285 ++++++++------- providers/fips/fipsprov.c | 15 +- ssl/t1_enc.c | 61 ++-- ssl/tls13_enc.c | 52 ++- test/evp_kdf_test.c | 354 +++++++++++------- test/evp_test.c | 57 +-- test/recipes/20-test_kdf.t | 2 +- test/recipes/30-test_evp_data/evpkdf.txt | 26 +- util/libcrypto.num | 20 +- util/missingcrypto.txt | 1 - util/missingcrypto111.txt | 1 - util/private.num | 2 - 79 files changed, 3948 insertions(+), 3618 deletions(-) delete mode 100644 crypto/evp/c_allkdf.c create mode 100644 crypto/evp/kdf_meth.c delete mode 100644 crypto/kdf/build.info delete mode 100644 crypto/kdf/kdf_err.c delete mode 100644 crypto/kdf/kdf_local.h delete mode 100644 crypto/kdf/kdf_util.c delete mode 100644 crypto/kdf/pbkdf2.c delete mode 100644 crypto/kdf/sshkdf.c create mode 100644 doc/man3/EVP_KDF.pod delete mode 100644 doc/man3/EVP_KDF_CTX.pod create mode 100644 doc/man7/EVP_KDF-HKDF.pod rename doc/man7/{EVP_KDF_PBKDF2.pod => EVP_KDF-PBKDF2.pod} (63%) rename doc/man7/{EVP_KDF_SCRYPT.pod => EVP_KDF-SCRYPT.pod} (61%) create mode 100644 doc/man7/EVP_KDF-SS.pod rename doc/man7/{EVP_KDF_SSHKDF.pod => EVP_KDF-SSHKDF.pod} (51%) create mode 100644 doc/man7/EVP_KDF-TLS1_PRF.pod create mode 100644 doc/man7/EVP_KDF-X942.pod create mode 100644 doc/man7/EVP_KDF-X963.pod delete mode 100644 doc/man7/EVP_KDF_HKDF.pod delete mode 100644 doc/man7/EVP_KDF_SS.pod delete mode 100644 doc/man7/EVP_KDF_TLS1_PRF.pod delete mode 100644 doc/man7/EVP_KDF_X942.pod delete mode 100644 doc/man7/EVP_KDF_X963.pod delete mode 100644 include/openssl/kdferr.h create mode 100644 providers/common/kdfs/build.info rename {crypto/kdf => providers/common/kdfs}/hkdf.c (50%) create mode 100644 providers/common/kdfs/pbkdf2.c rename {crypto/kdf => providers/common/kdfs}/sskdf.c (58%) rename {crypto/kdf => providers/common/kdfs}/tls1_prf.c (57%) create mode 100644 providers/default/kdfs/build.info rename {crypto/kdf => providers/default/kdfs}/scrypt.c (56%) create mode 100644 providers/default/kdfs/sshkdf.c rename {crypto/kdf => providers/default/kdfs}/x942kdf.c (57%) diff --git a/apps/kdf.c b/apps/kdf.c index 684fd44cc0..c230430697 100644 --- a/apps/kdf.c +++ b/apps/kdf.c @@ -15,6 +15,7 @@ #include #include #include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -34,27 +35,9 @@ const OPTIONS kdf_options[] = { {NULL} }; -static int kdf_ctrl_string(EVP_KDF_CTX *ctx, const char *value) -{ - int rv; - char *stmp, *vtmp = NULL; - - stmp = OPENSSL_strdup(value); - if (stmp == NULL) - return -1; - vtmp = strchr(stmp, ':'); - if (vtmp != NULL) { - *vtmp = 0; - vtmp++; - } - rv = EVP_KDF_ctrl_str(ctx, stmp, vtmp); - OPENSSL_free(stmp); - return rv; -} - int kdf_main(int argc, char **argv) { - int ret = 1, i, id, out_bin = 0; + int ret = 1, out_bin = 0; OPTION_CHOICE o; STACK_OF(OPENSSL_STRING) *opts = NULL; char *prog, *hexout = NULL; @@ -62,6 +45,7 @@ int kdf_main(int argc, char **argv) unsigned char *dkm_bytes = NULL; size_t dkm_len = 0; BIO *out = NULL; + EVP_KDF *kdf = NULL; EVP_KDF_CTX *ctx = NULL; prog = opt_init(argc, argv, kdf_options); @@ -100,25 +84,31 @@ opthelp: goto opthelp; } - id = OBJ_sn2nid(argv[0]); - if (id == NID_undef) { + if ((kdf = EVP_KDF_fetch(NULL, argv[0], NULL)) == NULL) { BIO_printf(bio_err, "Invalid KDF name %s\n", argv[0]); goto opthelp; } - ctx = EVP_KDF_CTX_new_id(id); + ctx = EVP_KDF_CTX_new(kdf); if (ctx == NULL) goto err; if (opts != NULL) { - for (i = 0; i < sk_OPENSSL_STRING_num(opts); i++) { - char *opt = sk_OPENSSL_STRING_value(opts, i); - if (kdf_ctrl_string(ctx, opt) <= 0) { - BIO_printf(bio_err, "KDF parameter error '%s'\n", opt); - ERR_print_errors(bio_err); - goto err; - } + int ok = 1; + OSSL_PARAM *params = + app_params_new_from_opts(opts, EVP_KDF_CTX_settable_params(kdf)); + + if (params == NULL) + goto err; + + if (!EVP_KDF_CTX_set_params(ctx, params)) { + BIO_printf(bio_err, "KDF parameter error\n"); + ERR_print_errors(bio_err); + ok = 0; } + app_params_free(params); + if (!ok) + goto err; } out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT); @@ -151,6 +141,7 @@ err: ERR_print_errors(bio_err); OPENSSL_clear_free(dkm_bytes, dkm_len); sk_OPENSSL_STRING_free(opts); + EVP_KDF_free(kdf); EVP_KDF_CTX_free(ctx); BIO_free(out); OPENSSL_free(hexout); diff --git a/apps/list.c b/apps/list.c index 3e34228d1e..2b44cac71b 100644 --- a/apps/list.c +++ b/apps/list.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "apps.h" #include "app_params.h" #include "progs.h" @@ -193,6 +194,56 @@ static void list_macs(void) sk_EVP_MAC_pop_free(macs, EVP_MAC_free); } +/* + * KDFs and PRFs + */ +DEFINE_STACK_OF(EVP_KDF) +static int kdf_cmp(const EVP_KDF * const *a, const EVP_KDF * const *b) +{ + int ret = strcasecmp(EVP_KDF_name(*a), EVP_KDF_name(*b)); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_name(EVP_KDF_provider(*a)), + OSSL_PROVIDER_name(EVP_KDF_provider(*b))); + + return ret; +} + +static void collect_kdfs(EVP_KDF *kdf, void *stack) +{ + STACK_OF(EVP_KDF) *kdf_stack = stack; + + sk_EVP_KDF_push(kdf_stack, kdf); + EVP_KDF_up_ref(kdf); +} + +static void list_kdfs(void) +{ + STACK_OF(EVP_KDF) *kdfs = sk_EVP_KDF_new(kdf_cmp); + int i; + + BIO_printf(bio_out, "Provided KDFs and PDFs:\n"); + EVP_KDF_do_all_ex(NULL, collect_kdfs, kdfs); + sk_EVP_KDF_sort(kdfs); + for (i = 0; i < sk_EVP_KDF_num(kdfs); i++) { + const EVP_KDF *m = sk_EVP_KDF_value(kdfs, i); + + BIO_printf(bio_out, " %s", EVP_KDF_name(m)); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_name(EVP_KDF_provider(m))); + + if (verbose) { + print_param_types("retrievable algorithm parameters", + EVP_KDF_gettable_params(m), 4); + print_param_types("retrievable operation parameters", + EVP_KDF_CTX_gettable_params(m), 4); + print_param_types("settable operation parameters", + EVP_KDF_CTX_settable_params(m), 4); + } + } + sk_EVP_KDF_pop_free(kdfs, EVP_KDF_free); +} + static void list_missing_help(void) { const FUNCTION *fp; @@ -527,7 +578,7 @@ typedef enum HELPLIST_CHOICE { OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS, OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_ENGINES, OPT_DISABLED, - OPT_MISSING_HELP, OPT_OBJECTS + OPT_KDF_ALGORITHMS, OPT_MISSING_HELP, OPT_OBJECTS } HELPLIST_CHOICE; const OPTIONS list_options[] = { @@ -539,6 +590,8 @@ const OPTIONS list_options[] = { "List of message digest commands"}, {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-', "List of message digest algorithms"}, + {"kdf-algorithms", OPT_KDF_ALGORITHMS, '-', + "List of key derivation and pseudo random function algorithms"}, {"mac-algorithms", OPT_MAC_ALGORITHMS, '-', "List of message authentication code algorithms"}, {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"}, @@ -570,6 +623,7 @@ int list_main(int argc, char **argv) unsigned int commands:1; unsigned int digest_commands:1; unsigned int digest_algorithms:1; + unsigned int kdf_algorithms:1; unsigned int mac_algorithms:1; unsigned int cipher_commands:1; unsigned int cipher_algorithms:1; @@ -607,6 +661,9 @@ opthelp: case OPT_DIGEST_ALGORITHMS: todo.digest_algorithms = 1; break; + case OPT_KDF_ALGORITHMS: + todo.kdf_algorithms = 1; + break; case OPT_MAC_ALGORITHMS: todo.mac_algorithms = 1; break; @@ -654,6 +711,8 @@ opthelp: list_type(FT_md, one); if (todo.digest_algorithms) list_digests(); + if (todo.kdf_algorithms) + list_kdfs(); if (todo.mac_algorithms) list_macs(); if (todo.cipher_commands) diff --git a/crypto/build.info b/crypto/build.info index 96e265ff40..961bfd6f60 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -1,7 +1,7 @@ # Note that these directories are filtered in Configure. Look for %skipdir # there for further explanations. SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 conf \ - txt_db pkcs7 pkcs12 ui kdf store property \ + txt_db pkcs7 pkcs12 ui store property \ md2 md4 md5 sha mdc2 hmac ripemd whrlpool poly1305 blake2 \ siphash sm3 des aes rc2 rc4 rc5 idea aria bf cast camellia \ seed sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \ diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 03b1e4edd5..781d34a94f 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -11,10 +11,12 @@ #ifndef OPENSSL_NO_CMS # include +# include # include # include # include # include +# include int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, @@ -23,8 +25,12 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, { int ret = 0, nid; EVP_KDF_CTX *kctx = NULL; - const EVP_KDF *kdf = NULL; + EVP_KDF *kdf = NULL; const char *oid_sn; + OSSL_PARAM params[5], *p = params; + const char *mdname = EVP_MD_name(md); + const OSSL_PROVIDER *prov = EVP_MD_provider(md); + OPENSSL_CTX *provctx = ossl_provider_library_context(prov); nid = OBJ_obj2nid(key_oid); if (nid == NID_undef) @@ -33,20 +39,24 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, if (oid_sn == NULL) return 0; - kdf = EVP_get_kdfbyname(SN_x942kdf); - if (kdf == NULL) + kdf = EVP_KDF_fetch(provctx, SN_x942kdf, NULL); + if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL) goto err; - kctx = EVP_KDF_CTX_new(kdf); - ret = - kctx != NULL - && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) > 0 - && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, Z, Zlen) > 0 - && (ukm == NULL - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, ukmlen) > 0) - && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG, oid_sn) > 0 + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)mdname, strlen(mdname) + 1); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + (unsigned char *)Z, Zlen); + if (ukm != NULL) + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, + (unsigned char *)ukm, ukmlen); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, + (char *)oid_sn, strlen(oid_sn) + 1); + *p = OSSL_PARAM_construct_end(); + ret = EVP_KDF_CTX_set_params(kctx, params) > 0 && EVP_KDF_derive(kctx, out, outlen) > 0; err: EVP_KDF_CTX_free(kctx); + EVP_KDF_free(kdf); return ret; } #endif /* OPENSSL_NO_CMS */ diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index d2fee0597f..566b40f13d 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -23,6 +23,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = { "coordinates out of range"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), "curve does not support ecdh"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA), + "curve does not support ecdsa"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), "curve does not support signing"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE), diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index f556dc66a0..55e676d20a 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -8,6 +8,7 @@ */ #include +#include #include #include #include @@ -19,18 +20,27 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) { - int ret; + int ret = 0; EVP_KDF_CTX *kctx = NULL; + OSSL_PARAM params[4], *p = params; + const char *mdname = EVP_MD_name(md); + EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_x963kdf, NULL); - kctx = EVP_KDF_CTX_new(EVP_get_kdfbyname(SN_x963kdf)); - ret = - kctx != NULL - && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) > 0 - && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, Z, Zlen) > 0 - && EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, sinfo, sinfolen) > 0 - && EVP_KDF_derive(kctx, out, outlen) > 0; + if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)mdname, + strlen(mdname) + 1); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + (void *)Z, Zlen); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + (void *)sinfo, sinfolen); + *p = OSSL_PARAM_construct_end(); - EVP_KDF_CTX_free(kctx); + ret = EVP_KDF_CTX_set_params(kctx, params) > 0 + && EVP_KDF_derive(kctx, out, outlen) > 0; + EVP_KDF_CTX_free(kctx); + } + EVP_KDF_free(kdf); return ret; } diff --git a/crypto/err/err.c b/crypto/err/err.c index daa4e6e419..25ab13509c 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -64,7 +64,6 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"}, {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"}, {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"}, - {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"}, {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"}, {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"}, {ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines"}, diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 8962fe5cb2..972421f402 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -38,7 +38,6 @@ #include #include #include -#include #include #include #include "internal/propertyerr.h" @@ -103,7 +102,6 @@ int err_load_crypto_strings_int(void) ERR_load_ESS_strings() == 0 || ERR_load_ASYNC_strings() == 0 || #endif - ERR_load_KDF_strings() == 0 || ERR_load_OSSL_STORE_strings() == 0 || ERR_load_PROP_strings() == 0 || ERR_load_PROV_strings() == 0) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 9b682d5084..f74659c599 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -825,10 +825,8 @@ EVP_F_EVP_DIGESTUPDATE:231:EVP_DigestUpdate EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate -EVP_F_EVP_KDF_CTRL:224:EVP_KDF_ctrl -EVP_F_EVP_KDF_CTRL_STR:225:EVP_KDF_ctrl_str -EVP_F_EVP_KDF_CTX_NEW:240:EVP_KDF_CTX_new -EVP_F_EVP_KDF_CTX_NEW_ID:226:EVP_KDF_CTX_new_id +EVP_F_EVP_KDF_CTX_DUP:220: +EVP_F_EVP_KDF_CTX_NEW:221: EVP_F_EVP_KEYEXCH_FETCH:245:EVP_KEYEXCH_fetch EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl @@ -916,53 +914,6 @@ EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl EVP_F_S390X_AES_GCM_TLS_CIPHER:208:s390x_aes_gcm_tls_cipher EVP_F_SCRYPT_ALG:228:scrypt_alg EVP_F_UPDATE:173:update -KDF_F_HKDF_EXTRACT:112:HKDF_Extract -KDF_F_KDF_HKDF_DERIVE:113:kdf_hkdf_derive -KDF_F_KDF_HKDF_NEW:114:kdf_hkdf_new -KDF_F_KDF_HKDF_SIZE:115:kdf_hkdf_size -KDF_F_KDF_MD2CTRL:116:kdf_md2ctrl -KDF_F_KDF_PBKDF2_CTRL:140:kdf_pbkdf2_ctrl -KDF_F_KDF_PBKDF2_CTRL_STR:117:kdf_pbkdf2_ctrl_str -KDF_F_KDF_PBKDF2_DERIVE:118:kdf_pbkdf2_derive -KDF_F_KDF_PBKDF2_NEW:119:kdf_pbkdf2_new -KDF_F_KDF_SCRYPT_CTRL_STR:120:kdf_scrypt_ctrl_str -KDF_F_KDF_SCRYPT_CTRL_UINT32:121:kdf_scrypt_ctrl_uint32 -KDF_F_KDF_SCRYPT_CTRL_UINT64:122:kdf_scrypt_ctrl_uint64 -KDF_F_KDF_SCRYPT_DERIVE:123:kdf_scrypt_derive -KDF_F_KDF_SCRYPT_NEW:124:kdf_scrypt_new -KDF_F_KDF_SSHKDF_CTRL:130:kdf_sshkdf_ctrl -KDF_F_KDF_SSHKDF_CTRL_STR:131:kdf_sshkdf_ctrl_str -KDF_F_KDF_SSHKDF_DERIVE:132:kdf_sshkdf_derive -KDF_F_KDF_SSHKDF_NEW:133:kdf_sshkdf_new -KDF_F_KDF_TLS1_PRF_CTRL_STR:125:kdf_tls1_prf_ctrl_str -KDF_F_KDF_TLS1_PRF_DERIVE:126:kdf_tls1_prf_derive -KDF_F_KDF_TLS1_PRF_NEW:127:kdf_tls1_prf_new -KDF_F_PBKDF2_DERIVE:141:pbkdf2_derive -KDF_F_PBKDF2_SET_MEMBUF:128:pbkdf2_set_membuf -KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str -KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive -KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init -KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str -KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64 -KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive -KDF_F_PKEY_SCRYPT_INIT:106:pkey_scrypt_init -KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf -KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str -KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive -KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init -KDF_F_SCRYPT_SET_MEMBUF:129:scrypt_set_membuf -KDF_F_SSKDF_CTRL_STR:134:sskdf_ctrl_str -KDF_F_SSKDF_DERIVE:135:sskdf_derive -KDF_F_SSKDF_MAC2CTRL:136:sskdf_mac2ctrl -KDF_F_SSKDF_NEW:137:sskdf_new -KDF_F_SSKDF_SIZE:138:sskdf_size -KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg -KDF_F_X942KDF_CTRL:142:x942kdf_ctrl -KDF_F_X942KDF_DERIVE:143:x942kdf_derive -KDF_F_X942KDF_HASH_KDM:144:x942kdf_hash_kdm -KDF_F_X942KDF_NEW:145:x942kdf_new -KDF_F_X942KDF_SIZE:146:x942kdf_size -KDF_F_X963KDF_DERIVE:139:x963kdf_derive OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid OBJ_F_OBJ_CREATE:100:OBJ_create @@ -2522,12 +2473,13 @@ EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE:191:xts data unit is too large EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys KDF_R_BAD_ENCODING:122:bad encoding KDF_R_BAD_LENGTH:123:bad length -KDF_R_INAVLID_UKM_LEN:124:inavlid ukm len +KDF_R_BOTH_MODE_AND_MODE_INT:127:both mode and mode int KDF_R_INVALID_DIGEST:100:invalid digest KDF_R_INVALID_ITERATION_COUNT:119:invalid iteration count KDF_R_INVALID_KEY_LEN:120:invalid key len KDF_R_INVALID_MAC_TYPE:116:invalid mac type -KDF_R_INVALID_SALT_LEN:121:invalid salt len +KDF_R_INVALID_MODE:128:invalid mode +KDF_R_INVALID_MODE_INT:129:invalid mode int KDF_R_MISSING_CEK_ALG:125:missing cek alg KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count KDF_R_MISSING_KEY:104:missing key @@ -2708,26 +2660,52 @@ PROP_R_STRING_TOO_LONG:109:string too long PROP_R_TRAILING_CHARACTERS:110:trailing characters PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed PROV_R_BAD_DECRYPT:100:bad decrypt +PROV_R_BAD_ENCODING:141:bad encoding +PROV_R_BAD_LENGTH:142:bad length +PROV_R_BOTH_MODE_AND_MODE_INT:127:both mode and mode int PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed PROV_R_FAILED_TO_GENERATE_KEY:121:failed to generate key PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter +PROV_R_INAVLID_UKM_LENGTH:146:inavlid ukm length PROV_R_INVALID_AAD:108:invalid aad PROV_R_INVALID_CUSTOM_LENGTH:111:invalid custom length PROV_R_INVALID_DATA:115:invalid data +PROV_R_INVALID_DIGEST:122:invalid digest +PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count PROV_R_INVALID_IVLEN:116:invalid ivlen PROV_R_INVALID_IV_LENGTH:109:invalid iv length PROV_R_INVALID_KEYLEN:117:invalid keylen +PROV_R_INVALID_KEY_LEN:124:invalid key len PROV_R_INVALID_KEY_LENGTH:105:invalid key length +PROV_R_INVALID_MODE:125:invalid mode +PROV_R_INVALID_MODE_INT:126:invalid mode int PROV_R_INVALID_SALT_LENGTH:112:invalid salt length PROV_R_INVALID_TAG:110:invalid tag PROV_R_INVALID_TAGLEN:118:invalid taglen +PROV_R_MISSING_CEK_ALG:144:missing cek alg +PROV_R_MISSING_KEY:128:missing key +PROV_R_MISSING_MESSAGE_DIGEST:129:missing message digest +PROV_R_MISSING_PASS:130:missing pass +PROV_R_MISSING_SALT:131:missing salt +PROV_R_MISSING_SECRET:132:missing secret +PROV_R_MISSING_SEED:140:missing seed +PROV_R_MISSING_SESSION_ID:133:missing session id +PROV_R_MISSING_TYPE:134:missing type +PROV_R_MISSING_XCGHASH:135:missing xcghash +PROV_R_NOT_SUPPORTED:136:not supported PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length PROV_R_NO_KEY_SET:114:no key set PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small PROV_R_TAG_NOTSET:119:tag notset PROV_R_TAG_NOT_NEEDED:120:tag not needed +PROV_R_UNABLE_TO_LOAD_SHA1:143:unable to load sha1 +PROV_R_UNABLE_TO_LOAD_SHA256:147:unable to load sha256 +PROV_R_UNSUPPORTED_CEK_ALG:145:unsupported cek alg +PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type +PROV_R_VALUE_ERROR:138:value error PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length +PROV_R_WRONG_OUTPUT_BUFFER_SIZE:139:wrong output buffer size RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long RAND_R_ALREADY_INSTANTIATED:103:already instantiated RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 688e6fc94e..d9df71959c 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -1,6 +1,6 @@ LIBS=../../libcrypto $COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c cmeth_lib.c evp_utils.c \ - mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c + mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c SOURCE[../../libcrypto]=$COMMON\ encode.c evp_key.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ @@ -11,8 +11,8 @@ SOURCE[../../libcrypto]=$COMMON\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_allc.c c_alld.c bio_ok.c \ - evp_pkey.c kdf_lib.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ - pkey_kdf.c c_allkdf.c \ + evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ + pkey_kdf.c \ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c \ diff --git a/crypto/evp/c_allkdf.c b/crypto/evp/c_allkdf.c deleted file mode 100644 index 860c11c5ce..0000000000 --- a/crypto/evp/c_allkdf.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/evp_int.h" - -void openssl_add_all_kdfs_int(void) -{ - EVP_add_kdf(&pbkdf2_kdf_meth); -#ifndef OPENSSL_NO_SCRYPT - EVP_add_kdf(&scrypt_kdf_meth); -#endif - EVP_add_kdf(&tls1_prf_kdf_meth); - EVP_add_kdf(&hkdf_kdf_meth); - EVP_add_kdf(&sshkdf_kdf_meth); - EVP_add_kdf(&ss_kdf_meth); - EVP_add_kdf(&x963_kdf_meth); -#ifndef OPENSSL_NO_CMS - EVP_add_kdf(&x942_kdf_meth); -#endif -} diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 87f54bdc5f..750e593b66 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -61,8 +61,8 @@ struct evp_mac_ctx_st { } /* EVP_MAC_CTX */; struct evp_kdf_ctx_st { - const EVP_KDF *meth; /* Method structure */ - EVP_KDF_IMPL *impl; /* Algorithm-specific data */ + EVP_KDF *meth; /* Method structure */ + void *data; /* Algorithm-specific data */ } /* EVP_KDF_CTX */ ; struct evp_keymgmt_st { diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 6131d8ef77..aa0c5e341f 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -15,12 +15,15 @@ #include #include #include +#include +#include #include "internal/asn1_int.h" #include "internal/evp_int.h" #include "internal/numbers.h" +#include "internal/provider.h" #include "evp_locl.h" -EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf) +EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf) { EVP_KDF_CTX *ctx = NULL; @@ -28,8 +31,12 @@ EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf) return NULL; ctx = OPENSSL_zalloc(sizeof(EVP_KDF_CTX)); - if (ctx == NULL || (ctx->impl = kdf->new()) == NULL) { + if (ctx == NULL + || (ctx->data = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL + || !EVP_KDF_up_ref(kdf)) { EVPerr(EVP_F_EVP_KDF_CTX_NEW, ERR_R_MALLOC_FAILURE); + if (ctx != NULL) + kdf->freectx(ctx->data); OPENSSL_free(ctx); ctx = NULL; } else { @@ -38,30 +45,57 @@ EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf) return ctx; } -EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id) +void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) { - const EVP_KDF *kdf = EVP_get_kdfbynid(id); - - return EVP_KDF_CTX_new(kdf); + if (ctx != NULL) { + ctx->meth->freectx(ctx->data); + ctx->data = NULL; + EVP_KDF_free(ctx->meth); + OPENSSL_free(ctx); + } } -int EVP_KDF_nid(const EVP_KDF *kdf) +EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src) { - return kdf->type; + EVP_KDF_CTX *dst; + + if (src->data == NULL || src == NULL || src->meth->dupctx == NULL) + return NULL; + + dst = OPENSSL_malloc(sizeof(*dst)); + if (dst == NULL) { + EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE); + return NULL; + } + + memcpy(dst, src, sizeof(*dst)); + if (!EVP_KDF_up_ref(dst->meth)) { + EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE); + OPENSSL_free(dst); + return NULL; + } + + dst->data = src->meth->dupctx(src->data); + if (dst->data == NULL) { + EVP_KDF_CTX_free(dst); + return NULL; + } + return dst; } -const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx) +const char *EVP_KDF_name(const EVP_KDF *kdf) { - return ctx->meth; + return kdf->name; } -void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) +const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf) { - if (ctx == NULL) - return; + return kdf->prov; +} - ctx->meth->free(ctx->impl); - OPENSSL_free(ctx); +const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx) +{ + return ctx->meth; } void EVP_KDF_reset(EVP_KDF_CTX *ctx) @@ -70,66 +104,58 @@ void EVP_KDF_reset(EVP_KDF_CTX *ctx) return; if (ctx->meth->reset != NULL) - ctx->meth->reset(ctx->impl); + ctx->meth->reset(ctx->data); } -int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...) +size_t EVP_KDF_size(EVP_KDF_CTX *ctx) { - int ret; - va_list args; - - va_start(args, cmd); - ret = EVP_KDF_vctrl(ctx, cmd, args); - va_end(args); - - if (ret == -2) - EVPerr(EVP_F_EVP_KDF_CTRL, EVP_R_COMMAND_NOT_SUPPORTED); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t s; - return ret; -} - -int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args) -{ if (ctx == NULL) return 0; - return ctx->meth->ctrl(ctx->impl, cmd, args); + *params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &s); + if (ctx->meth->get_ctx_params != NULL + && ctx->meth->get_ctx_params(ctx, params)) + return s; + if (ctx->meth->get_params != NULL + && ctx->meth->get_params(params)) + return s; + return 0; } -int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value) +int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen) { - int ret; - if (ctx == NULL) return 0; - if (ctx->meth->ctrl_str == NULL) { - EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - - ret = ctx->meth->ctrl_str(ctx->impl, type, value); - if (ret == -2) - EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); - - return ret; + return ctx->meth->derive(ctx->data, key, keylen); } -size_t EVP_KDF_size(EVP_KDF_CTX *ctx) +/* + * The {get,set}_params functions return 1 if there is no corresponding + * function in the implementation. This is the same as if there was one, + * but it didn't recognise any of the given params, i.e. nothing in the + * bag of parameters was useful. + */ +int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]) { - if (ctx == NULL) - return 0; - - if (ctx->meth->size == NULL) - return SIZE_MAX; - - return ctx->meth->size(ctx->impl); + if (kdf->get_params != NULL) + return kdf->get_params(params); + return 1; } -int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen) +int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]) { - if (ctx == NULL) - return 0; + if (ctx->meth->get_ctx_params != NULL) + return ctx->meth->get_ctx_params(ctx->data, params); + return 1; +} - return ctx->meth->derive(ctx->impl, key, keylen); +int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]) +{ + if (ctx->meth->set_ctx_params != NULL) + return ctx->meth->set_ctx_params(ctx->data, params); + return 1; } diff --git a/crypto/evp/kdf_meth.c b/crypto/evp/kdf_meth.c new file mode 100644 index 0000000000..c2db212710 --- /dev/null +++ b/crypto/evp/kdf_meth.c @@ -0,0 +1,197 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/evp_int.h" +#include "internal/provider.h" +#include "evp_locl.h" + +static int evp_kdf_up_ref(void *vkdf) +{ + EVP_KDF *kdf = (EVP_KDF *)vkdf; + int ref = 0; + + CRYPTO_UP_REF(&kdf->refcnt, &ref, kdf->lock); + return 1; +} + +static void evp_kdf_free(void *vkdf){ + EVP_KDF *kdf = (EVP_KDF *)vkdf; + int ref = 0; + + if (kdf != NULL) { + CRYPTO_DOWN_REF(&kdf->refcnt, &ref, kdf->lock); + if (ref <= 0) { + ossl_provider_free(kdf->prov); + OPENSSL_free(kdf->name); + CRYPTO_THREAD_lock_free(kdf->lock); + OPENSSL_free(kdf); + } + } +} + +static void *evp_kdf_new(void) +{ + EVP_KDF *kdf = NULL; + + if ((kdf = OPENSSL_zalloc(sizeof(*kdf))) == NULL + || (kdf->lock = CRYPTO_THREAD_lock_new()) == NULL) { + OPENSSL_free(kdf); + return NULL; + } + kdf->refcnt = 1; + return kdf; +} + +static void *evp_kdf_from_dispatch(const char *name, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov, void *method_data) +{ + EVP_KDF *kdf = NULL; + int fnkdfcnt = 0, fnctxcnt = 0; + + if ((kdf = evp_kdf_new()) == NULL + || (kdf->name = OPENSSL_strdup(name)) == NULL) { + evp_kdf_free(kdf); + EVPerr(0, ERR_R_MALLOC_FAILURE); + return NULL; + } + + for (; fns->function_id != 0; fns++) { + switch (fns->function_id) { + case OSSL_FUNC_KDF_NEWCTX: + if (kdf->newctx != NULL) + break; + kdf->newctx = OSSL_get_OP_kdf_newctx(fns); + fnctxcnt++; + break; + case OSSL_FUNC_KDF_DUPCTX: + if (kdf->dupctx != NULL) + break; + kdf->dupctx = OSSL_get_OP_kdf_dupctx(fns); + break; + case OSSL_FUNC_KDF_FREECTX: + if (kdf->freectx != NULL) + break; + kdf->freectx = OSSL_get_OP_kdf_freectx(fns); + fnctxcnt++; + break; + case OSSL_FUNC_KDF_RESET: + if (kdf->reset != NULL) + break; + kdf->reset = OSSL_get_OP_kdf_reset(fns); + break; + case OSSL_FUNC_KDF_DERIVE: + if (kdf->derive != NULL) + break; + kdf->derive = OSSL_get_OP_kdf_derive(fns); + fnkdfcnt++; + break; + case OSSL_FUNC_KDF_GETTABLE_PARAMS: + if (kdf->gettable_params != NULL) + break; + kdf->gettable_params = + OSSL_get_OP_kdf_gettable_params(fns); + break; + case OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS: + if (kdf->gettable_ctx_params != NULL) + break; + kdf->gettable_ctx_params = + OSSL_get_OP_kdf_gettable_ctx_params(fns); + break; + case OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS: + if (kdf->settable_ctx_params != NULL) + break; + kdf->settable_ctx_params = + OSSL_get_OP_kdf_settable_ctx_params(fns); + break; + case OSSL_FUNC_KDF_GET_PARAMS: + if (kdf->get_params != NULL) + break; + kdf->get_params = OSSL_get_OP_kdf_get_params(fns); + break; + case OSSL_FUNC_KDF_GET_CTX_PARAMS: + if (kdf->get_ctx_params != NULL) + break; + kdf->get_ctx_params = OSSL_get_OP_kdf_get_ctx_params(fns); + break; + case OSSL_FUNC_KDF_SET_CTX_PARAMS: + if (kdf->set_ctx_params != NULL) + break; + kdf->set_ctx_params = OSSL_get_OP_kdf_set_ctx_params(fns); + break; + } + } + if (fnkdfcnt != 1 || fnctxcnt != 2) { + /* + * In order to be a consistent set of functions we must have at least + * a derive function, and a complete set of context management + * functions. + */ + evp_kdf_free(kdf); + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); + return NULL; + } + kdf->prov = prov; + if (prov != NULL) + ossl_provider_up_ref(prov); + + return kdf; +} + +EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties) +{ + return evp_generic_fetch(libctx, OSSL_OP_KDF, algorithm, properties, + evp_kdf_from_dispatch, NULL, evp_kdf_up_ref, + evp_kdf_free); +} + +int EVP_KDF_up_ref(EVP_KDF *kdf) +{ + return evp_kdf_up_ref(kdf); +} + +void EVP_KDF_free(EVP_KDF *kdf) +{ + evp_kdf_free(kdf); +} + +const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf) +{ + if (kdf->gettable_params == NULL) + return NULL; + return kdf->gettable_params(); +} + +const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf) +{ + if (kdf->gettable_ctx_params == NULL) + return NULL; + return kdf->gettable_ctx_params(); +} + +const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf) +{ + if (kdf->settable_ctx_params == NULL) + return NULL; + return kdf->settable_ctx_params(); +} + +void EVP_KDF_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_KDF *kdf, void *arg), + void *arg) +{ + evp_generic_do_all(libctx, OSSL_OP_KDF, + (void (*)(void *, void *))fn, arg, + evp_kdf_from_dispatch, NULL, evp_kdf_free); +} diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 82db98a1f2..7c2f4f061c 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -56,23 +56,6 @@ int EVP_add_digest(const EVP_MD *md) return r; } -/* TODO(3.0) Is this needed after changing to providers? */ -int EVP_add_kdf(const EVP_KDF *k) -{ - int r; - - if (k == NULL) - return 0; - - r = OBJ_NAME_add(OBJ_nid2sn(k->type), OBJ_NAME_TYPE_KDF_METH, - (const char *)k); - if (r == 0) - return 0; - r = OBJ_NAME_add(OBJ_nid2ln(k->type), OBJ_NAME_TYPE_KDF_METH, - (const char *)k); - return r; -} - const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { const EVP_CIPHER *cp; @@ -95,18 +78,6 @@ const EVP_MD *EVP_get_digestbyname(const char *name) return cp; } -/* TODO(3.0) Is this API needed after implementing providers? */ -const EVP_KDF *EVP_get_kdfbyname(const char *name) -{ - const EVP_KDF *kdf; - - if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_KDFS, NULL)) - return NULL; - - kdf = (const EVP_KDF *)OBJ_NAME_get(name, OBJ_NAME_TYPE_KDF_METH); - return kdf; -} - void evp_cleanup_int(void) { OBJ_NAME_cleanup(OBJ_NAME_TYPE_KDF_METH); diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index a7d4cafaf9..c12d35c8ab 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "internal/evp_int.h" #include "evp_locl.h" @@ -23,8 +24,11 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const EVP_MD *digest, int keylen, unsigned char *out) { const char *empty = ""; - int rv = 1; + int rv = 1, mode = 1; + EVP_KDF *kdf; EVP_KDF_CTX *kctx; + const char *mdname = EVP_MD_name(digest); + OSSL_PARAM params[6], *p = params; /* Keep documented behaviour. */ if (pass == NULL) { @@ -36,15 +40,21 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, if (salt == NULL && saltlen == 0) salt = (unsigned char *)empty; - kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2); + kdf = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); if (kctx == NULL) return 0; - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, 1) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, - salt, (size_t)saltlen) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, iter) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, digest) != 1 + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, + (char *)pass, (size_t)passlen); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + (unsigned char *)salt, saltlen); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)mdname, strlen(mdname) + 1); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_CTX_set_params(kctx, params) != 1 || EVP_KDF_derive(kctx, out, keylen) != 1) rv = 0; diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c index c0ab238eb8..7a9f6f47a4 100644 --- a/crypto/evp/pbe_scrypt.c +++ b/crypto/evp/pbe_scrypt.c @@ -10,6 +10,7 @@ #include #include #include +#include #include "internal/numbers.h" #ifndef OPENSSL_NO_SCRYPT @@ -40,7 +41,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, { const char *empty = ""; int rv = 1; + EVP_KDF *kdf; EVP_KDF_CTX *kctx; + OSSL_PARAM params[7], *z = params; if (r > UINT32_MAX || p > UINT32_MAX) { EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE); @@ -59,17 +62,23 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; - kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); + kdf = EVP_KDF_fetch(NULL, SN_id_scrypt, NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); if (kctx == NULL) return 0; - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, - salt, (size_t)saltlen) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, N) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)r) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)p) != 1 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, maxmem) != 1 + *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, + (unsigned char *)pass, + passlen); + *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + (unsigned char *)salt, saltlen); + *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, &N); + *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_R, &r); + *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p); + *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); + *z = OSSL_PARAM_construct_end(); + if (EVP_KDF_CTX_set_params(kctx, params) != 1 || EVP_KDF_derive(kctx, key, keylen) != 1) rv = 0; diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c index f983ad2ff3..c13bb203b3 100644 --- a/crypto/evp/pkey_kdf.c +++ b/crypto/evp/pkey_kdf.c @@ -11,131 +11,251 @@ #include #include #include +#include #include +#include +#include +#include #include "internal/numbers.h" #include "internal/evp_int.h" +#define MAX_PARAM 20 + +typedef struct { + EVP_KDF_CTX *kctx; + /* + * EVP_PKEY implementations collect bits of certain data + */ + BUF_MEM *collected_seed; + BUF_MEM *collected_info; +} EVP_PKEY_KDF_CTX; + +static void pkey_kdf_free_collected(EVP_PKEY_KDF_CTX *pkctx) +{ + BUF_MEM_free(pkctx->collected_seed); + pkctx->collected_seed = NULL; + BUF_MEM_free(pkctx->collected_info); + pkctx->collected_info = NULL; +} + static int pkey_kdf_init(EVP_PKEY_CTX *ctx) { + EVP_PKEY_KDF_CTX *pkctx; EVP_KDF_CTX *kctx; + const char *kdf_name = OBJ_nid2sn(ctx->pmeth->pkey_id); + EVP_KDF *kdf; - kctx = EVP_KDF_CTX_new_id(ctx->pmeth->pkey_id); - if (kctx == NULL) + pkctx = OPENSSL_zalloc(sizeof(*pkctx)); + if (pkctx == NULL) return 0; - ctx->data = kctx; + kdf = EVP_KDF_fetch(NULL, kdf_name, NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + if (kctx == NULL) { + OPENSSL_free(pkctx); + return 0; + } + + pkctx->kctx = kctx; + ctx->data = pkctx; return 1; } static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx) { - EVP_KDF_CTX *kctx = ctx->data; + EVP_PKEY_KDF_CTX *pkctx = ctx->data; - EVP_KDF_CTX_free(kctx); + EVP_KDF_CTX_free(pkctx->kctx); + pkey_kdf_free_collected(pkctx); + OPENSSL_free(pkctx); +} + +static int collect(BUF_MEM **collector, void *data, size_t datalen) +{ + size_t i; + + if (*collector == NULL) + *collector = BUF_MEM_new(); + if (*collector == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + return 0; + } + + i = (*collector)->length; /* BUF_MEM_grow() changes it! */ + /* + * The i + datalen check is to distinguish between BUF_MEM_grow() + * signaling an error and BUF_MEM_grow() simply returning the (zero) + * length. + */ + if (!BUF_MEM_grow(*collector, i + datalen) + && i + datalen != 0) + return 0; + if (data != NULL) + memcpy((*collector)->data + i, data, datalen); + return 1; } static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - EVP_KDF_CTX *kctx = ctx->data; - uint64_t u64_value; - int cmd; - int ret; + EVP_PKEY_KDF_CTX *pkctx = ctx->data; + EVP_KDF_CTX *kctx = pkctx->kctx; + enum { T_OCTET_STRING, T_UINT64, T_DIGEST, T_INT } cmd; + const char *name, *mdname; + BUF_MEM **collector = NULL; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; switch (type) { case EVP_PKEY_CTRL_PASS: - cmd = EVP_KDF_CTRL_SET_PASS; + cmd = T_OCTET_STRING; + name = OSSL_KDF_PARAM_PASSWORD; break; case EVP_PKEY_CTRL_HKDF_SALT: case EVP_PKEY_CTRL_SCRYPT_SALT: - cmd = EVP_KDF_CTRL_SET_SALT; + cmd = T_OCTET_STRING; + name = OSSL_KDF_PARAM_SALT; break; case EVP_PKEY_CTRL_TLS_MD: case EVP_PKEY_CTRL_HKDF_MD: - cmd = EVP_KDF_CTRL_SET_MD; + cmd = T_DIGEST; + name = OSSL_KDF_PARAM_DIGEST; break; case EVP_PKEY_CTRL_TLS_SECRET: - cmd = EVP_KDF_CTRL_SET_TLS_SECRET; - ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_RESET_TLS_SEED); - if (ret < 1) - return ret; + cmd = T_OCTET_STRING; + name = OSSL_KDF_PARAM_SECRET; + /* + * Perform the semantics described in + * EVP_PKEY_CTX_add1_tls1_prf_seed(3) + */ + if (ctx->pmeth->pkey_id == NID_tls1_prf) { + BUF_MEM_free(pkctx->collected_seed); + pkctx->collected_seed = NULL; + } break; case EVP_PKEY_CTRL_TLS_SEED: - cmd = EVP_KDF_CTRL_ADD_TLS_SEED; + cmd = T_OCTET_STRING; + name = OSSL_KDF_PARAM_SEED; + collector = &pkctx->collected_seed; break; case EVP_PKEY_CTRL_HKDF_KEY: - cmd = EVP_KDF_CTRL_SET_KEY; + cmd = T_OCTET_STRING; + name = OSSL_KDF_PARAM_KEY; break; case EVP_PKEY_CTRL_HKDF_INFO: - cmd = EVP_KDF_CTRL_ADD_HKDF_INFO; + cmd = T_OCTET_STRING; + name = OSSL_KDF_PARAM_INFO; + collector = &pkctx->collected_info; break; case EVP_PKEY_CTRL_HKDF_MODE: - cmd = EVP_KDF_CTRL_SET_HKDF_MODE; + cmd = T_INT; + name = OSSL_KDF_PARAM_MODE; break; case EVP_PKEY_CTRL_SCRYPT_N: - cmd = EVP_KDF_CTRL_SET_SCRYPT_N; + cmd = T_UINT64; + name = OSSL_KDF_PARAM_SCRYPT_N; break; case EVP_PKEY_CTRL_SCRYPT_R: - cmd = EVP_KDF_CTRL_SET_SCRYPT_R; + cmd = T_UINT64; /* Range checking occurs on the provider side */ + name = OSSL_KDF_PARAM_SCRYPT_R; break; case EVP_PKEY_CTRL_SCRYPT_P: - cmd = EVP_KDF_CTRL_SET_SCRYPT_P; + cmd = T_UINT64; /* Range checking occurs on the provider side */ + name = OSSL_KDF_PARAM_SCRYPT_P; break; case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES: - cmd = EVP_KDF_CTRL_SET_MAXMEM_BYTES; + cmd = T_UINT64; + name = OSSL_KDF_PARAM_SCRYPT_MAXMEM; break; default: return -2; } - switch (cmd) { - case EVP_KDF_CTRL_SET_PASS: - case EVP_KDF_CTRL_SET_SALT: - case EVP_KDF_CTRL_SET_KEY: - case EVP_KDF_CTRL_SET_TLS_SECRET: - case EVP_KDF_CTRL_ADD_TLS_SEED: - case EVP_KDF_CTRL_ADD_HKDF_INFO: - return EVP_KDF_ctrl(kctx, cmd, (const unsigned char *)p2, (size_t)p1); - - case EVP_KDF_CTRL_SET_MD: - return EVP_KDF_ctrl(kctx, cmd, (const EVP_MD *)p2); - - case EVP_KDF_CTRL_SET_HKDF_MODE: - return EVP_KDF_ctrl(kctx, cmd, (int)p1); - - case EVP_KDF_CTRL_SET_SCRYPT_R: - case EVP_KDF_CTRL_SET_SCRYPT_P: - u64_value = *(uint64_t *)p2; - if (u64_value > UINT32_MAX) { - EVPerr(EVP_F_PKEY_KDF_CTRL, EVP_R_PARAMETER_TOO_LARGE); - return 0; + if (collector != NULL) { + switch (cmd) { + case T_OCTET_STRING: + return collect(collector, p2, p1); + default: + OPENSSL_assert("You shouldn't be here"); + break; } + return 1; + } - return EVP_KDF_ctrl(kctx, cmd, (uint32_t)u64_value); + switch (cmd) { + case T_OCTET_STRING: + params[0] = + OSSL_PARAM_construct_octet_string(name, (unsigned char *)p2, + (size_t)p1); + break; - case EVP_KDF_CTRL_SET_SCRYPT_N: - case EVP_KDF_CTRL_SET_MAXMEM_BYTES: - return EVP_KDF_ctrl(kctx, cmd, *(uint64_t *)p2); + case T_DIGEST: + mdname = EVP_MD_name((const EVP_MD *)p2); + params[0] = OSSL_PARAM_construct_utf8_string(name, (char *)mdname, + strlen(mdname) + 1); + break; - default: - return 0; + /* + * These are special because the helper macros pass a pointer to the + * stack, so a local copy is required. + */ + case T_INT: + params[0] = OSSL_PARAM_construct_int(name, &p1); + break; + + case T_UINT64: + params[0] = OSSL_PARAM_construct_uint64(name, (uint64_t *)p2); + break; } + + return EVP_KDF_CTX_set_params(kctx, params); } static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { - EVP_KDF_CTX *kctx = ctx->data; - + EVP_PKEY_KDF_CTX *pkctx = ctx->data; + EVP_KDF_CTX *kctx = pkctx->kctx; + const EVP_KDF *kdf = EVP_KDF_CTX_kdf(kctx); + BUF_MEM **collector = NULL; + const OSSL_PARAM *defs = EVP_KDF_CTX_settable_params(kdf); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + int ok = 0; + + /* Deal with ctrl name aliasing */ if (strcmp(type, "md") == 0) - return EVP_KDF_ctrl_str(kctx, "digest", value); - return EVP_KDF_ctrl_str(kctx, type, value); + type = OSSL_KDF_PARAM_DIGEST; + /* scrypt uses 'N', params uses 'n' */ + if (strcmp(type, "N") == 0) + type = OSSL_KDF_PARAM_SCRYPT_N; + + if (!OSSL_PARAM_allocate_from_text(¶ms[0], defs, type, + value, strlen(value))) + return 0; + + /* + * We do the same special casing of seed and info here as in + * pkey_kdf_ctrl() + */ + if (strcmp(params[0].key, OSSL_KDF_PARAM_SEED) == 0) + collector = &pkctx->collected_seed; + else if (strcmp(params[0].key, OSSL_KDF_PARAM_INFO) == 0) + collector = &pkctx->collected_info; + + if (collector != NULL) + ok = collect(collector, params[0].data, params[0].data_size); + else + ok = EVP_KDF_CTX_set_params(kctx, params); + OPENSSL_free(params[0].data); + return ok; } static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx) { - EVP_KDF_CTX *kctx = ctx->data; + EVP_PKEY_KDF_CTX *pkctx = ctx->data; - EVP_KDF_reset(kctx); + pkey_kdf_free_collected(pkctx); + if (pkctx->kctx != NULL) + EVP_KDF_reset(pkctx->kctx); return 1; } @@ -146,9 +266,37 @@ static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx) static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { - EVP_KDF_CTX *kctx = ctx->data; + EVP_PKEY_KDF_CTX *pkctx = ctx->data; + EVP_KDF_CTX *kctx = pkctx->kctx; size_t outlen = EVP_KDF_size(kctx); + int r; + + if (pkctx->collected_seed != NULL) { + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + pkctx->collected_seed->data, + pkctx->collected_seed->length); + + r = EVP_KDF_CTX_set_params(kctx, params); + pkey_kdf_free_collected(pkctx); + if (!r) + return 0; + } + if (pkctx->collected_info != NULL) { + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + pkctx->collected_info->data, + pkctx->collected_info->length); + r = EVP_KDF_CTX_set_params(kctx, params); + pkey_kdf_free_collected(pkctx); + if (!r) + return 0; + } if (outlen == 0 || outlen == SIZE_MAX) { /* Variable-output algorithm */ if (key == NULL) diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index b86b1d1af0..d54edc78d3 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -140,26 +140,23 @@ struct evp_mac_st { OSSL_OP_mac_set_ctx_params_fn *set_ctx_params; }; -/* - * This function is internal for now, but can be made external when needed. - * The documentation would read: - * - * EVP_add_mac() adds the MAC implementation C to the internal - * object database. - */ -int EVP_add_kdf(const EVP_KDF *kdf); - -/* struct evp_kdf_impl_st is defined by the implementation */ -typedef struct evp_kdf_impl_st EVP_KDF_IMPL; struct evp_kdf_st { - int type; - EVP_KDF_IMPL *(*new) (void); - void (*free) (EVP_KDF_IMPL *impl); - void (*reset) (EVP_KDF_IMPL *impl); - int (*ctrl) (EVP_KDF_IMPL *impl, int cmd, va_list args); - int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value); - size_t (*size) (EVP_KDF_IMPL *impl); - int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen); + OSSL_PROVIDER *prov; + char *name; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + + OSSL_OP_kdf_newctx_fn *newctx; + OSSL_OP_kdf_dupctx_fn *dupctx; + OSSL_OP_kdf_freectx_fn *freectx; + OSSL_OP_kdf_reset_fn *reset; + OSSL_OP_kdf_derive_fn *derive; + OSSL_OP_kdf_gettable_params_fn *gettable_params; + OSSL_OP_kdf_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_OP_kdf_settable_ctx_params_fn *settable_ctx_params; + OSSL_OP_kdf_get_params_fn *get_params; + OSSL_OP_kdf_get_ctx_params_fn *get_ctx_params; + OSSL_OP_kdf_set_ctx_params_fn *set_ctx_params; }; extern const EVP_KDF pbkdf2_kdf_meth; @@ -553,8 +550,6 @@ struct evp_pkey_st { void openssl_add_all_ciphers_int(void); void openssl_add_all_digests_int(void); -void openssl_add_all_macs_int(void); -void openssl_add_all_kdfs_int(void); void evp_cleanup_int(void); void evp_app_cleanup_int(void); diff --git a/crypto/init.c b/crypto/init.c index d4da7b27e3..36c6333877 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -225,26 +225,6 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests, return 1; } -static CRYPTO_ONCE add_all_kdfs = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_kdfs) -{ - /* - * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time - * pulling in all the macs during static linking - */ -#ifndef OPENSSL_NO_AUTOALGINIT - OSSL_TRACE(INIT, "openssl_add_all_kdfs_int()\n"); - openssl_add_all_kdfs_int(); -#endif - return 1; -} - -DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_kdfs, ossl_init_add_all_kdfs) -{ - /* Do nothing */ - return 1; -} - static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; static int config_inited = 0; static const OPENSSL_INIT_SETTINGS *conf_settings = NULL; @@ -537,15 +517,6 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) return 0; - if ((opts & OPENSSL_INIT_NO_ADD_ALL_KDFS) - && !RUN_ONCE_ALT(&add_all_kdfs, ossl_init_no_add_all_kdfs, - ossl_init_add_all_kdfs)) - return 0; - - if ((opts & OPENSSL_INIT_ADD_ALL_KDFS) - && !RUN_ONCE(&add_all_kdfs, ossl_init_add_all_kdfs)) - return 0; - if ((opts & OPENSSL_INIT_ATFORK) && !openssl_init_fork_handlers()) return 0; diff --git a/crypto/kdf/build.info b/crypto/kdf/build.info deleted file mode 100644 index 4fdaccddec..0000000000 --- a/crypto/kdf/build.info +++ /dev/null @@ -1,4 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - tls1_prf.c kdf_err.c kdf_util.c hkdf.c scrypt.c pbkdf2.c sshkdf.c \ - sskdf.c x942kdf.c diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c deleted file mode 100644 index d7d4b1e707..0000000000 --- a/crypto/kdf/kdf_err.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA KDF_str_reasons[] = { - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_BAD_ENCODING), "bad encoding"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_BAD_LENGTH), "bad length"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INAVLID_UKM_LEN), "inavlid ukm len"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_ITERATION_COUNT), - "invalid iteration count"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_KEY_LEN), "invalid key len"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_MAC_TYPE), "invalid mac type"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_SALT_LEN), "invalid salt len"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_CEK_ALG), "missing cek alg"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT), - "missing iteration count"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST), - "missing message digest"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PASS), "missing pass"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SESSION_ID), "missing session id"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_TYPE), "missing type"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_XCGHASH), "missing xcghash"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_NOT_SUPPORTED), "not supported"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE), - "unknown parameter type"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNSUPPORTED_CEK_ALG), - "unsupported cek alg"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNSUPPORTED_MAC_TYPE), - "unsupported mac type"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"}, - {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_WRONG_OUTPUT_BUFFER_SIZE), - "wrong output buffer size"}, - {0, NULL} -}; - -#endif - -int ERR_load_KDF_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(KDF_str_reasons[0].error) == NULL) - ERR_load_strings_const(KDF_str_reasons); -#endif - return 1; -} diff --git a/crypto/kdf/kdf_local.h b/crypto/kdf/kdf_local.h deleted file mode 100644 index 4956dad920..0000000000 --- a/crypto/kdf/kdf_local.h +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - EVP_KDF_IMPL *impl, int cmd, ...); -int kdf_str2ctrl(EVP_KDF_IMPL *impl, - int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - int cmd, const char *str); -int kdf_hex2ctrl(EVP_KDF_IMPL *impl, - int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - int cmd, const char *hex); -int kdf_md2ctrl(EVP_KDF_IMPL *impl, - int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - int cmd, const char *md_name); - diff --git a/crypto/kdf/kdf_util.c b/crypto/kdf/kdf_util.c deleted file mode 100644 index 8eb6d26b34..0000000000 --- a/crypto/kdf/kdf_util.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/evp_int.h" -#include "internal/numbers.h" -#include "kdf_local.h" - -int call_ctrl(int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - EVP_KDF_IMPL *impl, int cmd, ...) -{ - int ret; - va_list args; - - va_start(args, cmd); - ret = ctrl(impl, cmd, args); - va_end(args); - - return ret; -} - -/* Utility functions to send a string or hex string to a ctrl */ - -int kdf_str2ctrl(EVP_KDF_IMPL *impl, - int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - int cmd, const char *str) -{ - return call_ctrl(ctrl, impl, cmd, (const unsigned char *)str, strlen(str)); -} - -int kdf_hex2ctrl(EVP_KDF_IMPL *impl, - int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - int cmd, const char *hex) -{ - unsigned char *bin; - long binlen; - int ret = -1; - - bin = OPENSSL_hexstr2buf(hex, &binlen); - if (bin == NULL) - return 0; - - if (binlen <= INT_MAX) - ret = call_ctrl(ctrl, impl, cmd, bin, (size_t)binlen); - OPENSSL_free(bin); - return ret; -} - -/* Pass a message digest to a ctrl */ -int kdf_md2ctrl(EVP_KDF_IMPL *impl, - int (*ctrl)(EVP_KDF_IMPL *impl, int cmd, va_list args), - int cmd, const char *md_name) -{ - const EVP_MD *md; - - if (md_name == NULL || (md = EVP_get_digestbyname(md_name)) == NULL) { - KDFerr(KDF_F_KDF_MD2CTRL, KDF_R_INVALID_DIGEST); - return 0; - } - return call_ctrl(ctrl, impl, cmd, md); -} - diff --git a/crypto/kdf/pbkdf2.c b/crypto/kdf/pbkdf2.c deleted file mode 100644 index d41689773c..0000000000 --- a/crypto/kdf/pbkdf2.c +++ /dev/null @@ -1,324 +0,0 @@ -/* - * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/evp_int.h" -#include "kdf_local.h" - -/* Constants specified in SP800-132 */ -#define KDF_PBKDF2_MIN_KEY_LEN_BITS 112 -#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF -#define KDF_PBKDF2_MIN_ITERATIONS 1000 -#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) -/* - * For backwards compatibility reasons, - * Extra checks are done by default in fips mode only. - */ -#ifdef FIPS_MODE -# define KDF_PBKDF2_DEFAULT_CHECKS 1 -#else -# define KDF_PBKDF2_DEFAULT_CHECKS 0 -#endif /* FIPS_MODE */ - -static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl); -static void kdf_pbkdf2_init(EVP_KDF_IMPL *impl); -static int pbkdf2_derive(const char *pass, size_t passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, unsigned char *key, - size_t keylen, int extra_checks); - -struct evp_kdf_impl_st { - unsigned char *pass; - size_t pass_len; - unsigned char *salt; - size_t salt_len; - int iter; - const EVP_MD *md; - int lower_bound_checks; -}; - -static EVP_KDF_IMPL *kdf_pbkdf2_new(void) -{ - EVP_KDF_IMPL *impl; - - impl = OPENSSL_zalloc(sizeof(*impl)); - if (impl == NULL) { - KDFerr(KDF_F_KDF_PBKDF2_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - kdf_pbkdf2_init(impl); - return impl; -} - -static void kdf_pbkdf2_free(EVP_KDF_IMPL *impl) -{ - kdf_pbkdf2_reset(impl); - OPENSSL_free(impl); -} - -static void kdf_pbkdf2_reset(EVP_KDF_IMPL *impl) -{ - OPENSSL_free(impl->salt); - OPENSSL_clear_free(impl->pass, impl->pass_len); - memset(impl, 0, sizeof(*impl)); - kdf_pbkdf2_init(impl); -} - -static void kdf_pbkdf2_init(EVP_KDF_IMPL *impl) -{ - impl->iter = PKCS5_DEFAULT_ITER; - impl->md = EVP_sha1(); - impl->lower_bound_checks = KDF_PBKDF2_DEFAULT_CHECKS; -} - -static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen, - const unsigned char *new_buffer, - size_t new_buflen) -{ - if (new_buffer == NULL) - return 1; - - OPENSSL_clear_free(*buffer, *buflen); - - if (new_buflen > 0) { - *buffer = OPENSSL_memdup(new_buffer, new_buflen); - } else { - *buffer = OPENSSL_malloc(1); - } - if (*buffer == NULL) { - KDFerr(KDF_F_PBKDF2_SET_MEMBUF, ERR_R_MALLOC_FAILURE); - return 0; - } - - *buflen = new_buflen; - return 1; -} - -static int kdf_pbkdf2_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) -{ - int iter, pkcs5, min_iter; - const unsigned char *p; - size_t len; - const EVP_MD *md; - - switch (cmd) { - case EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE: - pkcs5 = va_arg(args, int); - impl->lower_bound_checks = (pkcs5 == 0) ? 1 : 0; - return 1; - case EVP_KDF_CTRL_SET_PASS: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - return pbkdf2_set_membuf(&impl->pass, &impl->pass_len, p, len); - - case EVP_KDF_CTRL_SET_SALT: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (impl->lower_bound_checks != 0 && len < KDF_PBKDF2_MIN_SALT_LEN) { - KDFerr(KDF_F_KDF_PBKDF2_CTRL, KDF_R_INVALID_SALT_LEN); - return 0; - } - return pbkdf2_set_membuf(&impl->salt, &impl->salt_len, p, len); - - case EVP_KDF_CTRL_SET_ITER: - iter = va_arg(args, int); - min_iter = impl->lower_bound_checks != 0 ? KDF_PBKDF2_MIN_ITERATIONS : 1; - if (iter < min_iter) { - KDFerr(KDF_F_KDF_PBKDF2_CTRL, KDF_R_INVALID_ITERATION_COUNT); - return 0; - } - impl->iter = iter; - return 1; - - case EVP_KDF_CTRL_SET_MD: - md = va_arg(args, const EVP_MD *); - if (md == NULL) { - KDFerr(KDF_F_KDF_PBKDF2_CTRL, KDF_R_VALUE_MISSING); - return 0; - } - - impl->md = md; - return 1; - - default: - return -2; - } -} - -static int kdf_pbkdf2_ctrl_str(EVP_KDF_IMPL *impl, const char *type, - const char *value) -{ - if (value == NULL) { - KDFerr(KDF_F_KDF_PBKDF2_CTRL_STR, KDF_R_VALUE_MISSING); - return 0; - } - - if (strcmp(type, "pass") == 0) - return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_PASS, - value); - - if (strcmp(type, "hexpass") == 0) - return kdf_hex2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_PASS, - value); - - if (strcmp(type, "salt") == 0) - return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_SALT, - value); - - if (strcmp(type, "hexsalt") == 0) - return kdf_hex2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_SALT, - value); - - if (strcmp(type, "iter") == 0) - return call_ctrl(kdf_pbkdf2_ctrl, impl, EVP_KDF_CTRL_SET_ITER, - atoi(value)); - - if (strcmp(type, "digest") == 0) - return kdf_md2ctrl(impl, kdf_pbkdf2_ctrl, EVP_KDF_CTRL_SET_MD, value); - - if (strcmp(type, "pkcs5") == 0) - return kdf_str2ctrl(impl, kdf_pbkdf2_ctrl, - EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, value); - return -2; -} - -static int kdf_pbkdf2_derive(EVP_KDF_IMPL *impl, unsigned char *key, - size_t keylen) -{ - if (impl->pass == NULL) { - KDFerr(KDF_F_KDF_PBKDF2_DERIVE, KDF_R_MISSING_PASS); - return 0; - } - - if (impl->salt == NULL) { - KDFerr(KDF_F_KDF_PBKDF2_DERIVE, KDF_R_MISSING_SALT); - return 0; - } - - return pbkdf2_derive((char *)impl->pass, impl->pass_len, - impl->salt, impl->salt_len, impl->iter, - impl->md, key, keylen, impl->lower_bound_checks); -} - -const EVP_KDF pbkdf2_kdf_meth = { - EVP_KDF_PBKDF2, - kdf_pbkdf2_new, - kdf_pbkdf2_free, - kdf_pbkdf2_reset, - kdf_pbkdf2_ctrl, - kdf_pbkdf2_ctrl_str, - NULL, - kdf_pbkdf2_derive -}; - -/* - * This is an implementation of PKCS#5 v2.0 password based encryption key - * derivation function PBKDF2. SHA1 version verified against test vectors - * posted by Peter Gutmann to the PKCS-TNG mailing list. - * - * The constraints specified by SP800-132 have been added i.e. - * - Check the range of the key length. - * - Minimum iteration count of 1000. - * - Randomly-generated portion of the salt shall be at least 128 bits. - */ -static int pbkdf2_derive(const char *pass, size_t passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, unsigned char *key, - size_t keylen, int lower_bound_checks) -{ - int ret = 0; - unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; - int cplen, j, k, tkeylen, mdlen; - unsigned long i = 1; - HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; - - mdlen = EVP_MD_size(digest); - if (mdlen <= 0) - return 0; - - /* - * This check should always be done because keylen / mdlen >= (2^32 - 1) - * results in an overflow of the loop counter 'i'. - */ - if ((keylen / mdlen) >= KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO) { - KDFerr(KDF_F_PBKDF2_DERIVE, KDF_R_INVALID_KEY_LEN); - return 0; - } - - if (lower_bound_checks) { - if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) { - KDFerr(KDF_F_PBKDF2_DERIVE, KDF_R_INVALID_KEY_LEN); - return 0; - } - if (saltlen < KDF_PBKDF2_MIN_SALT_LEN) { - KDFerr(KDF_F_PBKDF2_DERIVE, KDF_R_INVALID_SALT_LEN); - return 0; - } - if (iter < KDF_PBKDF2_MIN_ITERATIONS) { - KDFerr(KDF_F_PBKDF2_DERIVE, KDF_R_INVALID_ITERATION_COUNT); - return 0; - } - } - - hctx_tpl = HMAC_CTX_new(); - if (hctx_tpl == NULL) - return 0; - p = key; - tkeylen = keylen; - if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) - goto err; - hctx = HMAC_CTX_new(); - if (hctx == NULL) - goto err; - while (tkeylen) { - if (tkeylen > mdlen) - cplen = mdlen; - else - cplen = tkeylen; - /* - * We are unlikely to ever use more than 256 blocks (5120 bits!) but - * just in case... - */ - itmp[0] = (unsigned char)((i >> 24) & 0xff); - itmp[1] = (unsigned char)((i >> 16) & 0xff); - itmp[2] = (unsigned char)((i >> 8) & 0xff); - itmp[3] = (unsigned char)(i & 0xff); - if (!HMAC_CTX_copy(hctx, hctx_tpl)) - goto err; - if (!HMAC_Update(hctx, salt, saltlen) - || !HMAC_Update(hctx, itmp, 4) - || !HMAC_Final(hctx, digtmp, NULL)) - goto err; - memcpy(p, digtmp, cplen); - for (j = 1; j < iter; j++) { - if (!HMAC_CTX_copy(hctx, hctx_tpl)) - goto err; - if (!HMAC_Update(hctx, digtmp, mdlen) - || !HMAC_Final(hctx, digtmp, NULL)) - goto err; - for (k = 0; k < cplen; k++) - p[k] ^= digtmp[k]; - } - tkeylen -= cplen; - i++; - p += cplen; - } - ret = 1; - -err: - HMAC_CTX_free(hctx); - HMAC_CTX_free(hctx_tpl); - return ret; -} diff --git a/crypto/kdf/sshkdf.c b/crypto/kdf/sshkdf.c deleted file mode 100644 index 4701c9cad1..0000000000 --- a/crypto/kdf/sshkdf.c +++ /dev/null @@ -1,292 +0,0 @@ -/* - * Copyright 2018-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/numbers.h" -#include "internal/evp_int.h" -#include "kdf_local.h" - -/* See RFC 4253, Section 7.2 */ - -static void kdf_sshkdf_reset(EVP_KDF_IMPL *impl); -static int SSHKDF(const EVP_MD *evp_md, - const unsigned char *key, size_t key_len, - const unsigned char *xcghash, size_t xcghash_len, - const unsigned char *session_id, size_t session_id_len, - char type, unsigned char *okey, size_t okey_len); - -struct evp_kdf_impl_st { - const EVP_MD *md; - unsigned char *key; /* K */ - size_t key_len; - unsigned char *xcghash; /* H */ - size_t xcghash_len; - char type; /* X */ - unsigned char *session_id; - size_t session_id_len; -}; - -static EVP_KDF_IMPL *kdf_sshkdf_new(void) -{ - EVP_KDF_IMPL *impl; - - if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) - KDFerr(KDF_F_KDF_SSHKDF_NEW, ERR_R_MALLOC_FAILURE); - return impl; -} - -static void kdf_sshkdf_free(EVP_KDF_IMPL *impl) -{ - kdf_sshkdf_reset(impl); - OPENSSL_free(impl); -} - -static void kdf_sshkdf_reset(EVP_KDF_IMPL *impl) -{ - OPENSSL_clear_free(impl->key, impl->key_len); - OPENSSL_clear_free(impl->xcghash, impl->xcghash_len); - OPENSSL_clear_free(impl->session_id, impl->session_id_len); - memset(impl, 0, sizeof(*impl)); -} - -static int kdf_sshkdf_parse_buffer_arg(unsigned char **dst, size_t *dst_len, - va_list args) -{ - const unsigned char *p; - size_t len; - - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - OPENSSL_clear_free(*dst, *dst_len); - *dst = OPENSSL_memdup(p, len); - if (*dst == NULL) - return 0; - - *dst_len = len; - return 1; -} - -static int kdf_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) -{ - int t; - - switch (cmd) { - case EVP_KDF_CTRL_SET_MD: - impl->md = va_arg(args, const EVP_MD *); - if (impl->md == NULL) - return 0; - - return 1; - - case EVP_KDF_CTRL_SET_KEY: - return kdf_sshkdf_parse_buffer_arg(&impl->key, - &impl->key_len, args); - - case EVP_KDF_CTRL_SET_SSHKDF_XCGHASH: - return kdf_sshkdf_parse_buffer_arg(&impl->xcghash, - &impl->xcghash_len, args); - - case EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID: - return kdf_sshkdf_parse_buffer_arg(&impl->session_id, - &impl->session_id_len, args); - - case EVP_KDF_CTRL_SET_SSHKDF_TYPE: - t = va_arg(args, int); - if (t < 65 || t > 70) { - KDFerr(KDF_F_KDF_SSHKDF_CTRL, KDF_R_VALUE_ERROR); - return 0; - } - - impl->type = (char)t; - return 1; - - default: - return -2; - - } -} - -static int kdf_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, - const char *value) -{ - if (value == NULL) { - KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_MISSING); - return 0; - } - - if (strcmp(type, "digest") == 0) - return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); - /* alias, for historical reasons */ - if (strcmp(type, "md") == 0) - return kdf_md2ctrl(impl, kdf_sshkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); - - if (strcmp(type, "key") == 0) - return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, - EVP_KDF_CTRL_SET_KEY, value); - - if (strcmp(type, "hexkey") == 0) - return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, - EVP_KDF_CTRL_SET_KEY, value); - - if (strcmp(type, "xcghash") == 0) - return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, - EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, value); - - if (strcmp(type, "hexxcghash") == 0) - return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, - EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, value); - - if (strcmp(type, "session_id") == 0) - return kdf_str2ctrl(impl, kdf_sshkdf_ctrl, - EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value); - - if (strcmp(type, "hexsession_id") == 0) - return kdf_hex2ctrl(impl, kdf_sshkdf_ctrl, - EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value); - - if (strcmp(type, "type") == 0) { - if (strlen(value) != 1) { - KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_VALUE_ERROR); - return 0; - } - - return call_ctrl(kdf_sshkdf_ctrl, impl, EVP_KDF_CTRL_SET_SSHKDF_TYPE, - (int)value[0]); - } - - KDFerr(KDF_F_KDF_SSHKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); - return -2; -} - -static size_t kdf_sshkdf_size(EVP_KDF_IMPL *impl) -{ - return SIZE_MAX; -} - -static int kdf_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, - size_t keylen) -{ - if (impl->md == NULL) { - KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); - return 0; - } - if (impl->key == NULL) { - KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_KEY); - return 0; - } - if (impl->xcghash == NULL) { - KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_XCGHASH); - return 0; - } - if (impl->session_id == NULL) { - KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_SESSION_ID); - return 0; - } - if (impl->type == 0) { - KDFerr(KDF_F_KDF_SSHKDF_DERIVE, KDF_R_MISSING_TYPE); - return 0; - } - return SSHKDF(impl->md, impl->key, impl->key_len, - impl->xcghash, impl->xcghash_len, - impl->session_id, impl->session_id_len, - impl->type, key, keylen); -} - -const EVP_KDF sshkdf_kdf_meth = { - EVP_KDF_SSHKDF, - kdf_sshkdf_new, - kdf_sshkdf_free, - kdf_sshkdf_reset, - kdf_sshkdf_ctrl, - kdf_sshkdf_ctrl_str, - kdf_sshkdf_size, - kdf_sshkdf_derive, -}; - -static int SSHKDF(const EVP_MD *evp_md, - const unsigned char *key, size_t key_len, - const unsigned char *xcghash, size_t xcghash_len, - const unsigned char *session_id, size_t session_id_len, - char type, unsigned char *okey, size_t okey_len) -{ - EVP_MD_CTX *md = NULL; - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int dsize = 0; - size_t cursize = 0; - int ret = 0; - - md = EVP_MD_CTX_new(); - if (md == NULL) - return 0; - - if (!EVP_DigestInit_ex(md, evp_md, NULL)) - goto out; - - if (!EVP_DigestUpdate(md, key, key_len)) - goto out; - - if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) - goto out; - - if (!EVP_DigestUpdate(md, &type, 1)) - goto out; - - if (!EVP_DigestUpdate(md, session_id, session_id_len)) - goto out; - - if (!EVP_DigestFinal_ex(md, digest, &dsize)) - goto out; - - if (okey_len < dsize) { - memcpy(okey, digest, okey_len); - ret = 1; - goto out; - } - - memcpy(okey, digest, dsize); - - for (cursize = dsize; cursize < okey_len; cursize += dsize) { - - if (!EVP_DigestInit_ex(md, evp_md, NULL)) - goto out; - - if (!EVP_DigestUpdate(md, key, key_len)) - goto out; - - if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) - goto out; - - if (!EVP_DigestUpdate(md, okey, cursize)) - goto out; - - if (!EVP_DigestFinal_ex(md, digest, &dsize)) - goto out; - - if (okey_len < cursize + dsize) { - memcpy(okey + cursize, digest, okey_len - cursize); - ret = 1; - goto out; - } - - memcpy(okey + cursize, digest, dsize); - } - - ret = 1; - -out: - EVP_MD_CTX_free(md); - OPENSSL_cleanse(digest, EVP_MAX_MD_SIZE); - return ret; -} - diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c index 72770ddc53..053b93d2c3 100644 --- a/crypto/params_from_text.c +++ b/crypto/params_from_text.c @@ -107,48 +107,49 @@ static int construct_from_text(OSSL_PARAM *to, const OSSL_PARAM *paramdef, if (buf == NULL) return 0; - switch (paramdef->data_type) { - case OSSL_PARAM_INTEGER: - case OSSL_PARAM_UNSIGNED_INTEGER: - /* - { - if ((new_value = OPENSSL_malloc(new_value_n)) == NULL) { - BN_free(a); - break; + if (buf_n > 0) { + switch (paramdef->data_type) { + case OSSL_PARAM_INTEGER: + case OSSL_PARAM_UNSIGNED_INTEGER: + /* + { + if ((new_value = OPENSSL_malloc(new_value_n)) == NULL) { + BN_free(a); + break; + } + */ + + BN_bn2nativepad(tmpbn, buf, buf_n); + + /* + * 2s complement negate, part two. + * + * Because we did the first part on the BIGNUM itself, we can just + * invert all the bytes here and be done with it. + */ + if (paramdef->data_type == OSSL_PARAM_INTEGER + && BN_is_negative(tmpbn)) { + unsigned char *cp; + size_t i = buf_n; + + for (cp = buf; i-- > 0; cp++) + *cp ^= 0xFF; } - */ - - BN_bn2nativepad(tmpbn, buf, buf_n); - - /* - * 2s complement negate, part two. - * - * Because we did the first part on the BIGNUM itself, we can just - * invert all the bytes here and be done with it. - */ - if (paramdef->data_type == OSSL_PARAM_INTEGER - && BN_is_negative(tmpbn)) { - unsigned char *cp; - size_t i = buf_n; - - for (cp = buf; i-- > 0; cp++) - *cp ^= 0xFF; - } - break; - case OSSL_PARAM_UTF8_STRING: - strncpy(buf, value, buf_n); - break; - case OSSL_PARAM_OCTET_STRING: - if (ishex) { - size_t l = 0; - - if (!OPENSSL_hexstr2buf_ex(buf, buf_n, &l, value)) - return 0; - } else { - memcpy(buf, value, buf_n); - + break; + case OSSL_PARAM_UTF8_STRING: + strncpy(buf, value, buf_n); + break; + case OSSL_PARAM_OCTET_STRING: + if (ishex) { + size_t l = 0; + + if (!OPENSSL_hexstr2buf_ex(buf, buf_n, &l, value)) + return 0; + } else { + memcpy(buf, value, buf_n); + } + break; } - break; } *to = *paramdef; @@ -209,7 +210,7 @@ int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, ¶mdef, &ishex, &buf_n, &tmpbn)) return 0; - if ((buf = OPENSSL_malloc(buf_n)) == NULL) { + if ((buf = OPENSSL_zalloc(buf_n > 0 ? buf_n : 1)) == NULL) { CRYPTOerr(0, ERR_R_MALLOC_FAILURE); return 0; } @@ -217,5 +218,7 @@ int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, ok = construct_from_text(to, paramdef, value, value_n, ishex, buf, buf_n, tmpbn); BN_free(tmpbn); + if (!ok) + OPENSSL_free(buf); return ok; } diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 541a1e169b..356327f375 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -709,7 +709,8 @@ const char *ossl_provider_module_path(const OSSL_PROVIDER *prov) OPENSSL_CTX *ossl_provider_library_context(const OSSL_PROVIDER *prov) { - return prov->libctx; + /* TODO(3.0) just: return prov->libctx; */ + return prov != NULL ? prov->libctx : NULL; } /* Wrappers around calls to the provider */ diff --git a/doc/man1/openssl-kdf.pod b/doc/man1/openssl-kdf.pod index e85157104e..a2b0f25d25 100644 --- a/doc/man1/openssl-kdf.pod +++ b/doc/man1/openssl-kdf.pod @@ -144,13 +144,13 @@ used when building OpenSSL. L, L -L, -L -L -L -L -L -L +L, +L +L +L +L +L +L =head1 HISTORY diff --git a/doc/man1/openssl-list.pod b/doc/man1/openssl-list.pod index a098f26605..3a3c5ab4a9 100644 --- a/doc/man1/openssl-list.pod +++ b/doc/man1/openssl-list.pod @@ -13,6 +13,7 @@ B [B<-commands>] [B<-digest-commands>] [B<-digest-algorithms>] +[B<-kdf-algorithms>] [B<-mac-algorithms>] [B<-cipher-commands>] [B<-cipher-algorithms>] @@ -64,11 +65,13 @@ B. In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. +=item B<-kdf-algorithms> + +Display a list of key derivation function algorithms. + =item B<-mac-algorithms> Display a list of message authentication code algorithms. -If a line is of the form C bar> then B is an alias for the -official algorithm name, B. =item B<-cipher-commands> @@ -93,8 +96,7 @@ a block of multiple lines, all but the first are indented. =item B<-public-key-methods> -Display a list of public key method OIDs: this also includes public key methods -without an associated ASN.1 method, for example, KDF algorithms. +Display a list of public key method OIDs. =item B<-engines> diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod new file mode 100644 index 0000000000..fc09d5fad8 --- /dev/null +++ b/doc/man3/EVP_KDF.pod @@ -0,0 +1,259 @@ +=pod + +=head1 NAME + +EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_provider, EVP_KDF_up_ref, +EVP_KDF_name, +EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_kdf, +EVP_KDF_reset, EVP_KDF_size, EVP_KDF_derive, EVP_KDF_CTX_dup, +EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_ex, +EVP_KDF_get_params, EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params, +EVP_KDF_gettable_params - EVP KDF routines + +=head1 SYNOPSIS + + #include + + typedef struct evp_kdf_st EVP_KDF; + typedef struct evp_kdf_ctx_st EVP_KDF_CTX; + + EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); + const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); + void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); + EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); + void EVP_KDF_reset(EVP_KDF_CTX *ctx); + size_t EVP_KDF_size(EVP_KDF_CTX *ctx); + int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); + const char *EVP_KDF_name(const EVP_KDF *kdf); + int EVP_KDF_up_ref(EVP_KDF *kdf); + void EVP_KDF_free(EVP_KDF *kdf); + EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); + void EVP_KDF_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_KDF *kdf, void *arg), + void *arg); + int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); + int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); + int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); + const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); + const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf); + const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf); + const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); + +=head1 DESCRIPTION + +The EVP KDF routines are a high level interface to Key Derivation Function +algorithms and should be used instead of algorithm-specific functions. + +After creating a B for the required algorithm using +EVP_KDF_CTX_new(), inputs to the algorithm are supplied +using calls to EVP_KDF_CTX_set_params() before +calling EVP_KDF_derive() to derive the key. + +=head2 Types + +B is a type that holds the implementation of a KDF. + +B is a context type that holds the algorithm inputs. + +=head2 Algorithm implementation fetching + +EVP_KDF_fetch() fetches an implementation of a KDF I, given +a library context I and a set of I. +See L for further information. + +The returned value must eventually be freed with +L. + +EVP_KDF_up_ref() increments the reference count of an already fetched +KDF. + +EVP_KDF_free() frees a fetched algorithm. +NULL is a valid parameter, for which this function is a no-op. + +=head2 Context manipulation functions + +EVP_KDF_CTX_new() creates a new context for the KDF implementation I. + +EVP_KDF_CTX_free() frees up the context C. If I is NULL, nothing +is done. + +EVP_KDF_CTX_kdf() returns the B associated with the context +I. + +=head2 Computing functions + +EVP_KDF_reset() resets the context to the default state as if the context +had just been created. + +EVP_KDF_derive() derives C bytes of key material and places it in the +I buffer. If the algorithm produces a fixed amount of output then an +error will occur unless the C parameter is equal to that output size, +as returned by EVP_KDF_size(). + +EVP_KDF_get_params() retrieves details about the implementation +I. +The set of parameters given with I determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. + +EVP_KDF_CTX_get_params() retrieves chosen parameters, given the +context I and its underlying context. +The set of parameters given with I determine exactly what +parameters should be retrieved. +Note that a parameter that is unknown in the underlying context is +simply ignored. + +EVP_KDF_CTX_set_params() passes chosen parameters to the underlying +context, given a context I. +The set of parameters given with I determine exactly what +parameters are passed down. +Note that a parameter that is unknown in the underlying context is +simply ignored. +Also, what happens when a needed parameter isn't passed down is +defined by the implementation. + +EVP_KDF_gettable_params(), EVP_KDF_CTX_gettable_params() and +EVP_KDF_CTX_settable_params() get a constant B array that +decribes the retrievable and settable parameters, i.e. parameters that +can be used with EVP_KDF_get_params(), EVP_KDF_CTX_get_params() +and EVP_KDF_CTX_set_params(), respectively. +See L for the use of B as parameter descriptor. + +=head2 Information functions + +EVP_KDF_size() returns the output size if the algorithm produces a fixed amount +of output and B otherwise. If an error occurs then 0 is returned. +For some algorithms an error may result if input parameters necessary to +calculate a fixed output size have not yet been supplied. + +EVP_KDF_name() returns the name of the given KDF implementation. + +EVP_KDF_provider() returns the provider that holds the implementation +of the given I. + +EVP_KDF_do_all_ex() traverses all KDF implemented by all activated +providers in the given library context I, and for each of the +implementations, calls the given function I with the implementation method +and the given I as argument. + +=head1 PARAMETER NAMES + +The standard parameter names are: + +=over 4 + +=item B ("pass") + +Some KDF implementations require a password. +For those KDF implementations that support it, this parameter sets the password. + +=item B ("salt") + +Some KDF implementations can take a salt. +For those KDF implementations that support it, this parameter sets the salt. + +The default value, if any, is implementation dependent. + +=item B ("iter") + +Some KDF implementations require an iteration count. +For those KDF implementations that support it, this parameter sets the +iteration count. + +The default value, if any, is implementation dependent. + +=item B ("properties") + +Some KDF implementations use other cryptographic algorithms, this parameter +sets what property query will be used to fetch the implementation. + +=item B ("mac") + +Some KDF implementations use a MAC as an underlying computation +algorithm, this parameter sets what the MAC algorithm should be. + +=item B ("digest") + +For MAC implementations that use a message digest as an underlying computation +algorithm, this parameter sets what the digest algorithm should be. + +=item B ("key") + +Some KDF implementations require a key. +For those KDF implementations that support it, this octet string parameter +sets the key. + +=item B ("maclen") + +Used by implementations that use a MAC with a variable output size (KMAC). +For those KDF implementations that support it, this parameter +sets the MAC output size. + +The default value, if any, is implementation dependent. + +=item B ("macmaxmem_byteslen") + +Memory-hard password-based KDF algorithms, such as scrypt, use an amount of +memory that depends on the load factors provided as input. +For those KDF implementations that support it, this uint64_t parameter sets +an upper limit on the amount of memory that may be consumed while performing +a key derivation. +If this memory usage limit is exceeded because the load factors are chosen +too high, the key derivation will fail. + +The default value is implementation dependent. + +=back + +=head1 RETURN VALUES + +EVP_MAC_fetch() returns a pointer to a newly fetched B, or +NULL if allocation failed. + +EVP_KDF_name() returns the name for the given I, if it has been +added to the object database. + +EVP_KDF_provider() returns a pointer to the provider for the KDF, or +NULL on error. + +EVP_MAC_up_ref() returns 1 on success, 0 on error. + +EVP_KDF_CTX_new() returns either the newly allocated +C structure or C if an error occurred. + +EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value. + +EVP_KDF_size() returns the output size. C is returned to indicate +that the algorithm produces a variable amount of output; 0 to indicate failure. + +The remaining functions return 1 for success and 0 or a negative value for +failure. In particular, a return value of -2 indicates the operation is not +supported by the KDF algorithm. + +=head1 SEE ALSO + +L +L +L +L +L +L +L +L + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/EVP_KDF_CTX.pod b/doc/man3/EVP_KDF_CTX.pod deleted file mode 100644 index 1ae79bc1bd..0000000000 --- a/doc/man3/EVP_KDF_CTX.pod +++ /dev/null @@ -1,296 +0,0 @@ -=pod - -=head1 NAME - -EVP_KDF, EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_new_id, EVP_KDF_CTX_free, -EVP_KDF_CTX_kdf, EVP_KDF_reset, EVP_KDF_ctrl, EVP_KDF_vctrl, EVP_KDF_ctrl_str, -EVP_KDF_size, EVP_KDF_derive, EVP_KDF_nid, EVP_KDF_name, -EVP_get_kdfbyname, EVP_get_kdfbynid, EVP_get_kdfbyobj - EVP KDF routines - -=head1 SYNOPSIS - - #include - - typedef struct evp_kdf_st EVP_KDF; - typedef struct evp_kdf_ctx_st EVP_KDF_CTX; - - EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); - EVP_KDF_CTX *EVP_KDF_CTX_new_id(int nid); - const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); - void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); - void EVP_KDF_reset(EVP_KDF_CTX *ctx); - int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...); - int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args); - int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value); - size_t EVP_KDF_size(EVP_KDF_CTX *ctx); - int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); - int EVP_KDF_nid(const EVP_KDF *kdf); - const char *EVP_KDF_name(const EVP_KDF *kdf); - const EVP_KDF *EVP_get_kdfbyname(const char *name); - const EVP_KDF *EVP_get_kdfbynid(int nid); - const EVP_KDF *EVP_get_kdfbyobj(const ASN1_OBJECT *o); - -=head1 DESCRIPTION - -The EVP KDF routines are a high level interface to Key Derivation Function -algorithms and should be used instead of algorithm-specific functions. - -After creating a C for the required algorithm using either -EVP_KDF_CTX_new() or EVP_KDF_CTX_new_id(), inputs to the algorithm are supplied -using calls to EVP_KDF_ctrl(), EVP_KDF_vctrl() or EVP_KDF_ctrl_str() before -calling EVP_KDF_derive() to derive the key. - -=head2 Types - -B is a type that holds the implementation of a KDF. - -B is a context type that holds the algorithm inputs. - -=head2 Context manipulation functions - -EVP_KDF_CTX_new() creates a new context for the KDF type C. - -EVP_KDF_CTX_new_id() creates a new context for the numerical KDF identity C. - -EVP_KDF_CTX_free() frees up the context C. If C is C, nothing -is done. - -EVP_KDF_CTX_kdf() returns the B associated with the context -C. - -=head2 Computing functions - -EVP_KDF_reset() resets the context to the default state as if the context -had just been created. - -EVP_KDF_ctrl() is used to provide inputs to the KDF algorithm prior to -EVP_KDF_derive() being called. The inputs that may be provided will vary -depending on the KDF algorithm or its implementation. This functions takes -variable arguments, the exact expected arguments depend on C. -See L below for a description of standard controls. - -EVP_KDF_vctrl() is the variant of EVP_KDF_ctrl() that takes a C -argument instead of variadic arguments. - -EVP_KDF_ctrl_str() allows an application to send an algorithm specific control -operation to a context C in string form. This is intended to be used for -options specified on the command line or in text files. - -EVP_KDF_derive() derives C bytes of key material and places it in the -C buffer. If the algorithm produces a fixed amount of output then an -error will occur unless the C parameter is equal to that output size, -as returned by EVP_KDF_size(). - -=head2 Information functions - -EVP_KDF_size() returns the output size if the algorithm produces a fixed amount -of output and C otherwise. If an error occurs then 0 is returned. -For some algorithms an error may result if input parameters necessary to -calculate a fixed output size have not yet been supplied. - -EVP_KDF_nid() returns the numeric identity of the given KDF implementation. - -EVP_KDF_name() returns the name of the given KDF implementation. - -=head2 Object database functions - -EVP_get_kdfbyname() fetches a KDF implementation from the object -database by name. - -EVP_get_kdfbynid() fetches a KDF implementation from the object -database by numeric identity. - -EVP_get_kdfbyobj() fetches a KDF implementation from the object -database by ASN.1 OBJECT (i.e. an encoded OID). - -=head1 CONTROLS - -The standard controls are: - -=over 4 - -=item B - -This control expects two arguments: C, C - -Some KDF implementations require a password. For those KDF implementations -that support it, this control sets the password. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "pass" - -The value string is used as is. - -=item "hexpass" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects two arguments: C, C - -Some KDF implementations can take a salt. For those KDF implementations that -support it, this control sets the salt. - -The default value, if any, is implementation dependent. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "salt" - -The value string is used as is. - -=item "hexsalt" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects one argument: C - -Some KDF implementations require an iteration count. For those KDF implementations that support it, this control sets the iteration count. - -The default value, if any, is implementation dependent. - -EVP_KDF_ctrl_str() type string: "iter" - -The value string is expected to be a decimal number. - -=item B - -This control expects one argument: C - -Some KDF implementations use a MAC as an underlying computation -algorithm, this control sets what the MAC algorithm should be. - -EVP_KDF_ctrl_str() type string: "mac" - -The value string is expected to be the name of a MAC. - -=item B - -This control expects one argument: C - -For MAC implementations that use a message digest as an underlying computation -algorithm, this control sets what the digest algorithm should be. - -EVP_KDF_ctrl_str() type string: "digest" - -The value string is expected to be the name of a digest. - -=item B - -This control expects two arguments: C, C - -Some KDF implementations require a key. For those KDF implementations that -support it, this control sets the key. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "key" - -The value string is used as is. - -=item "hexkey" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects one argument: C - -Used by implementations that use a MAC with a variable output size (KMAC). For -those KDF implementations that support it, this control sets the MAC output size. - -The default value, if any, is implementation dependent. - -EVP_KDF_ctrl_str() type string: "outlen" - -The value string is expected to be a decimal number. - -=item B - -This control expects one argument: C - -Memory-hard password-based KDF algorithms, such as scrypt, use an amount of -memory that depends on the load factors provided as input. For those KDF -implementations that support it, this control sets an upper limit on the amount -of memory that may be consumed while performing a key derivation. If this -memory usage limit is exceeded because the load factors are chosen too high, -the key derivation will fail. - -The default value is implementation dependent. - -EVP_KDF_ctrl_str() type string: "maxmem_bytes" - -The value string is expected to be a decimal number. - -=back - -=head1 RETURN VALUES - -EVP_KDF_CTX_new() and EVP_KDF_CTX_new_id() return either the newly allocated -C structure or C if an error occurred. - -EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value. - -EVP_KDF_size() returns the output size. C is returned to indicate -that the algorithm produces a variable amount of output; 0 to indicate failure. - -EVP_KDF_nid() returns the numeric identity for the given C. - -EVP_KDF_name() returns the name for the given C, if it has been -added to the object database. - -EVP_add_kdf() returns 1 if the given C was successfully added to -the object database, otherwise 0. - -EVP_get_kdfbyname(), EVP_get_kdfbynid() and EVP_get_kdfbyobj() return -the requested KDF implementation, if it exists in the object database, -otherwise B. - -The remaining functions return 1 for success and 0 or a negative value for -failure. In particular, a return value of -2 indicates the operation is not -supported by the KDF algorithm. - -=head1 SEE ALSO - -L -L -L -L -L -L -L -L - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod new file mode 100644 index 0000000000..746e7fb972 --- /dev/null +++ b/doc/man7/EVP_KDF-HKDF.pod @@ -0,0 +1,154 @@ +=pod + +=head1 NAME + +EVP_KDF-HKDF - The HKDF EVP_KDF implementation + +=head1 DESCRIPTION + +Support for computing the B KDF through the B API. + +The EVP_KDF-HKDF algorithm implements the HKDF key derivation function. +HKDF follows the "extract-then-expand" paradigm, where the KDF logically +consists of two modules. The first stage takes the input keying material +and "extracts" from it a fixed-length pseudorandom key K. The second stage +"expands" the key K into several additional pseudorandom keys (the output +of the KDF). + +=head2 Identity + +"HKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item B ("properties") + +=item B ("digest") + +=item B ("key") + +=item B ("salt") + +These parameters work as described in L. + +=item B ("info") + +This parameter sets the info value. +The length of the context info buffer cannot exceed 1024 bytes; +this should be more than enough for any normal use of HKDF. + +=item B ("mode") or + +This parameter sets the mode for the HKDF operation. +There are three modes that are currently defined: + +=over 4 + +=item B "EXTRACT_AND_EXPAND" + +This is the default mode. Calling L on an EVP_KDF_CTX set +up for HKDF will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. + +In this mode the digest, key, salt and info values must be set before a key is +derived otherwise an error will occur. + +=item B "EXTRACT_ONLY" + +In this mode calling L will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. The C parameter must match the size of K, which can be looked +up by calling EVP_KDF_size() after setting the mode and digest. + +The digest, key and salt values must be set before a key is derived otherwise +an error will occur. + +=item B "EXPAND_ONLY" + +In this mode calling L will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. + +The digest, key and info values must be set before a key is derived otherwise +an error will occur. + +=back + +=back + +=head1 NOTES + +A context for HKDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of an HKDF expand operation is specified via the C +parameter to the L function. When using +EVP_KDF_HKDF_MODE_EXTRACT_ONLY the C parameter must equal the size of +the intermediate fixed-length pseudorandom key otherwise an error will occur. +For that mode, the fixed output size can be looked up by calling EVP_KDF_size() +after setting the mode and digest on the C. + +=head1 EXAMPLES + +This example derives 10 bytes using SHA-256 with the secret key "secret", +salt value "salt" and info value "label": + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[5], *p = params; + + kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", (size_t)5); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + "salt", (size_t)4); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + + EVP_KDF_CTX_free(kctx); + +=head1 CONFORMING TO + +RFC 5869 + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KDF_PBKDF2.pod b/doc/man7/EVP_KDF-PBKDF2.pod similarity index 63% rename from doc/man7/EVP_KDF_PBKDF2.pod rename to doc/man7/EVP_KDF-PBKDF2.pod index e914f3713c..311e0a3769 100644 --- a/doc/man7/EVP_KDF_PBKDF2.pod +++ b/doc/man7/EVP_KDF-PBKDF2.pod @@ -2,46 +2,45 @@ =head1 NAME -EVP_KDF_PBKDF2 - The PBKDF2 EVP_KDF implementation +EVP_KDF-PBKDF2 - The PBKDF2 EVP_KDF implementation =head1 DESCRIPTION Support for computing the B password-based KDF through the B API. -The EVP_KDF_PBKDF2 algorithm implements the PBKDF2 password-based key +The EVP_KDF-PBKDF2 algorithm implements the PBKDF2 password-based key derivation function, as described in SP800-132; it derives a key from a password using a salt and iteration count. -=head2 Numeric identity +=head2 Identity -B is the numeric identity for this implementation; it -can be used with the EVP_KDF_CTX_new_id() function. +"PBKDF2" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. -=head2 Supported controls +=head2 Supported parameters -The supported controls are: +The supported parameters are: =over 4 -=item B +=item B ("pass") -=item B +=item B ("salt") -=item B +=item B ("iter") -This control has a default value of 2048. +This parameter has a default value of 2048. -=item B +=item B ("properties") -These controls work as described in L. +=item B ("digest") -=item B +These parameters work as described in L. -This control expects one argument: C - -This control can be used to enable or disable SP800-132 compliance checks. +=item B ("pkcs5") +This parameter can be used to enable or disable SP800-132 compliance checks. Setting the mode to 0 enables the compliance checks. The checks performed are: @@ -59,8 +58,6 @@ The checks performed are: The default provider uses a default mode of 1 for backwards compatibility, and the fips provider uses a default mode of 0. -EVP_KDF_ctrl_str() type string: "pkcs5" - The value string is expected to be a decimal number 0 or 1. =back @@ -84,12 +81,12 @@ SP800-132 =head1 SEE ALSO -L, -L, -L, -L, -L, -L +L, +L, +L, +L, +L, +L =head1 HISTORY diff --git a/doc/man7/EVP_KDF_SCRYPT.pod b/doc/man7/EVP_KDF-SCRYPT.pod similarity index 61% rename from doc/man7/EVP_KDF_SCRYPT.pod rename to doc/man7/EVP_KDF-SCRYPT.pod index aa50164e06..ce22aaa7ca 100644 --- a/doc/man7/EVP_KDF_SCRYPT.pod +++ b/doc/man7/EVP_KDF-SCRYPT.pod @@ -2,14 +2,14 @@ =head1 NAME -EVP_KDF_SCRYPT - The scrypt EVP_KDF implementation +EVP_KDF-SCRYPT - The scrypt EVP_KDF implementation =head1 DESCRIPTION Support for computing the B password-based KDF through the B API. -The EVP_KDF_SCRYPT algorithm implements the scrypt password-based key +The EVP_KDF-SCRYPT algorithm implements the scrypt password-based key derivation function, as described in RFC 7914. It is memory-hard in the sense that it deliberately requires a significant amount of RAM for efficient computation. The intention of this is to render brute forcing of passwords on @@ -32,40 +32,32 @@ GHz), this computation takes about 3 seconds. When N, r or p are not specified, they default to 1048576, 8, and 1, respectively. The maximum amount of RAM that may be used by scrypt defaults to 1025 MiB. -=head2 Numeric identity +=head2 Identity -B is the numeric identity for this implementation; it -can be used with the EVP_KDF_CTX_new_id() function. +"ID-SCRYPT" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. -=head2 Supported controls +=head2 Supported parameters -The supported controls are: +The supported parameters are: =over 4 -=item B +=item B ("pass") -=item B +=item B ("salt") -These controls work as described in L. +These parameters work as described in L. -=item B +=item B ("n") -=item B +=item B ("r") -=item B +=item B ("p") -B expects one argument: C - -B expects one argument: C - -B expects one argument: C - -These controls configure the scrypt work factors N, r and p. - -EVP_KDF_ctrl_str() type strings: "N", "r" and "p", respectively. - -The corresponding value strings are expected to be decimal numbers. +These parameters configure the scrypt work factors N, r and p. +N is a parameter of type uint64_t. +Both r and p are parameters of type uint32_t. =back @@ -73,35 +65,36 @@ The corresponding value strings are expected to be decimal numbers. A context for scrypt can be obtained by calling: - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "ID-SCRYPT", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of an scrypt key derivation is specified via the -B parameter to the L function. +B parameter to the L function. =head1 EXAMPLES This example derives a 64-byte long test vector using scrypt with the password "password", salt "NaCl" and N = 1024, r = 8, p = 16. + EVP_KDF *kdf; EVP_KDF_CTX *kctx; unsigned char out[64]; - - kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT); - - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) { - error("EVP_KDF_CTRL_SET_PASS"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", (size_t)4) <= 0) { - error("EVP_KDF_CTRL_SET_SALT"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, (uint64_t)1024) <= 0) { - error("EVP_KDF_CTRL_SET_SCRYPT_N"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)8) <= 0) { - error("EVP_KDF_CTRL_SET_SCRYPT_R"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)16) <= 0) { - error("EVP_KDF_CTRL_SET_SCRYPT_P"); + OSSL_PARAM params[6], *p = params; + + kdf = EVP_KDF_fetch(NULL, "ID-SCRYPT", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, + "password", (size_t)8); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + "NaCl", (size_t)4); + *p++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, (uint64_t)1024); + *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8); + *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); @@ -130,12 +123,12 @@ RFC 7914 =head1 SEE ALSO -L, -L, -L, -L, -L, -L +L, +L, +L, +L, +L, +L =head1 COPYRIGHT diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod new file mode 100644 index 0000000000..be69606701 --- /dev/null +++ b/doc/man7/EVP_KDF-SS.pod @@ -0,0 +1,197 @@ +=pod + +=head1 NAME + +EVP_KDF-SS - The Single Step / One Step EVP_KDF implementation + +=head1 DESCRIPTION + +The EVP_KDF-SS algorithm implements the Single Step key derivation function (SSKDF). +SSKDF derives a key using input such as a shared secret key (that was generated +during the execution of a key establishment scheme) and fixedinfo. +SSKDF is also informally referred to as 'Concat KDF'. + +=head2 Auxiliary function + +The implementation uses a selectable auxiliary function H, which can be one of: + +=over 4 + +=item B + +=item B + +=item B + +=back + +Both the HMAC and KMAC implementations set the key using the 'salt' value. +The hash and HMAC also require the digest to be set. + +=head2 Identity + +"SSKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item B ("properties") + +=item B ("digest") + +=item B ("mac") + +=item B ("maclen") + +=item B ("salt") + +These parameters work as described in L. + +=item B ("key") + +This parameter set the shared secret that is used for key derivation. + +=item B ("info") + +This parameter sets an optional value for fixedinfo, also known as otherinfo. + +=back + +=head1 NOTES + +A context for SSKDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of an SSKDF is specified via the C +parameter to the L function. + +=head1 EXAMPLES + +This example derives 10 bytes using H(x) = SHA-256, with the secret key "secret" +and fixedinfo value "label": + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[4], *p = params; + + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", (size_t)5); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + + EVP_KDF_CTX_free(kctx); + +This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret", +fixedinfo value "label" and salt "salt": + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[6], *p = params; + + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + SN_hmac, strlen(SN_hmac)); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", (size_t)5); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + "salt", (size_t)4); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + + EVP_KDF_CTX_free(kctx); + +This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" +fixedinfo value "label", salt of "salt" and KMAC outlen of 20: + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[7], *p = params; + + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + SN_kmac128, strlen(SN_kmac128)); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", (size_t)5); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + "salt", (size_t)4); + *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + + EVP_KDF_CTX_free(kctx); + +=head1 CONFORMING TO + +NIST SP800-56Cr1. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. Copyright +(c) 2019, Oracle and/or its affiliates. All rights reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KDF_SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod similarity index 51% rename from doc/man7/EVP_KDF_SSHKDF.pod rename to doc/man7/EVP_KDF-SSHKDF.pod index 04a646c866..0ed57626ef 100644 --- a/doc/man7/EVP_KDF_SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -2,69 +2,49 @@ =head1 NAME -EVP_KDF_SSHKDF - The SSHKDF EVP_KDF implementation +EVP_KDF-SSHKDF - The SSHKDF EVP_KDF implementation =head1 DESCRIPTION Support for computing the B KDF through the B API. -The EVP_KDF_SSHKDF algorithm implements the SSHKDF key derivation function. +The EVP_KDF-SSHKDF algorithm implements the SSHKDF key derivation function. It is defined in RFC 4253, section 7.2 and is used by SSH to derive IVs, encryption keys and integrity keys. Five inputs are required to perform key derivation: The hashing function (for example SHA256), the Initial Key, the Exchange Hash, the Session ID, and the derivation key type. -=head2 Numeric identity +=head2 Identity -B is the numeric identity for this implementation; it -can be used with the EVP_KDF_CTX_new_id() function. +"SSHKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. -=head2 Supported controls +=head2 Supported parameters -The supported controls are: +The supported parameters are: =over 4 -=item B +=item B ("properties") -=item B +=item B ("digest") -These controls work as described in L. +=item B ("key") -=item B +These parameters work as described in L. -=item B +=item B ("xcghash") -These controls expect two arguments: C, C +=item B ("session_id") -They set the respective values to the first B bytes of the buffer -B. If a value is already set, the contents are replaced. +These parameters set the respective values for the KDF. +If a value is already set, the contents are replaced. -EVP_KDF_ctrl_str() takes two type strings for these controls: +=item B ("type") -=over 4 - -=item "xcghash" - -=item "session_id" - -The value string is used as is. - -=item "hexxcghash" - -=item "hexsession_id" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects one argument: C - -Sets the type for the SSHHKDF operation. There are six supported types: +This parameter sets the type for the SSHHKDF operation. +There are six supported types: =over 4 @@ -100,50 +80,54 @@ A single char of value 70 (ASCII char 'F'). =back -EVP_KDF_ctrl_str() type string: "type" - -The value is a string of length one character. The only valid values -are the numerical values of the ASCII characters: "A" (65) to "F" (70). - =back =head1 NOTES A context for SSHKDF can be obtained by calling: - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of the SSHKDF derivation is specified via the C -parameter to the L function. -Since the SSHKDF output length is variable, calling L +parameter to the L function. +Since the SSHKDF output length is variable, calling L to obtain the requisite length is not meaningful. The caller must allocate a buffer of the desired length, and pass that buffer to the -L function along with the desired length. +L function along with the desired length. =head1 EXAMPLES This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate "xcghash" and "session_id" values: + EVP_KDF *kdf; EVP_KDF_CTX *kctx; unsigned char key[1024] = "01234..."; unsigned char xcghash[32] = "012345..."; unsigned char session_id[32] = "012345..."; unsigned char out[8]; size_t outlen = sizeof(out); - kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); - - if (EVP_KDF_CTX_set_md(kctx, EVP_sha256()) <= 0) - /* Error */ - if (EVP_KDF_CTX_set1_key(kctx, key, 1024) <= 0) - /* Error */ - if (EVP_KDF_CTX_set1_sshkdf_xcghash(kctx, xcghash, 32) <= 0) - /* Error */ - if (EVP_KDF_CTX_set1_sshkdf_session_id(kctx, session_id, 32) <= 0) - /* Error */ - if (EVP_KDF_CTX_set_sshkdf_type(kctx, - EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV) <= 0) + OSSL_PARAM params[6], *p = params; + + kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + key, (size_t)1024); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, + xcghash, (size_t)32); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + session_id, (size_t)32); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE, + EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) /* Error */ + if (EVP_KDF_derive(kctx, out, &outlen) <= 0) /* Error */ @@ -154,13 +138,13 @@ RFC 4253 =head1 SEE ALSO -L, -L, -L, -L, -L, -L, -L +L, +L, +L, +L, +L, +L, +L =head1 COPYRIGHT diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod new file mode 100644 index 0000000000..a04f811792 --- /dev/null +++ b/doc/man7/EVP_KDF-TLS1_PRF.pod @@ -0,0 +1,113 @@ +=pod + +=head1 NAME + +EVP_KDF-TLS1_PRF - The TLS1 PRF EVP_KDF implementation + +=head1 DESCRIPTION + +Support for computing the B PRF through the B API. + +The EVP_KDF-TLS1_PRF algorithm implements the PRF used by TLS versions up to +and including TLS 1.2. + +=head2 Identity + +"TLS1-PRF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item B ("properties") + +=item B ("digest") + +These parameters work as described in L. + +The C parameter is used to set the message digest +associated with the TLS PRF. +EVP_md5_sha1() is treated as a special case which uses the +PRF algorithm using both B and B as used in TLS 1.0 and 1.1. + +=item B ("secret") + +This parameter sets the secret value of the TLS PRF. +Any existing secret value is replaced. + +=item B ("seed") + +This parameter sets the context seed. +The length of the context seed cannot exceed 1024 bytes; +this should be more than enough for any normal use of the TLS PRF. + +=back + +=head1 NOTES + +A context for the TLS PRF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The digest, secret value and seed must be set before a key is derived otherwise +an error will occur. + +The output length of the PRF is specified by the C parameter to the +EVP_KDF_derive() function. + +=head1 EXAMPLES + +This example derives 10 bytes using SHA-256 with the secret key "secret" +and seed value "seed": + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[4], *p = params; + + kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + "seed", (size_t)4); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + EVP_KDF_CTX_free(kctx); + +=head1 CONFORMING TO + +RFC 2246, RFC 5246 and NIST SP 800-135 r1 + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KDF-X942.pod b/doc/man7/EVP_KDF-X942.pod new file mode 100644 index 0000000000..0b02f2d403 --- /dev/null +++ b/doc/man7/EVP_KDF-X942.pod @@ -0,0 +1,122 @@ +=pod + +=head1 NAME + +EVP_KDF-X942 - The X9.42-2001 asn1 EVP_KDF implementation + +=head1 DESCRIPTION + +The EVP_KDF-X942 algorithm implements the key derivation function (X942KDF). +X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to +derive a key using input such as a shared secret key and other info. The other +info is DER encoded data that contains a 32 bit counter. + +=head2 Identity + +"X942KDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item B ("properties") + +=item B ("digest") + +These parameters work as described in L. + +=item B ("key") + +The shared secret used for key derivation. This parameter sets the secret. + +=item B ("ukm") + +This parameter is an optional random string that is provided +by the sender called "partyAInfo". +In CMS this is the user keying material. + +=item B ("cekalg") + +This parameter sets the CEK wrapping algorithm name. + +=back + +=head1 NOTES + +A context for X942KDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of an X942KDF is specified via the C +parameter to the L function. + +=head1 EXAMPLES + +This example derives 24 bytes, with the secret key "secret" and a random user +keying material: + + EVP_KDF_CTX *kctx; + EVP_KDF_CTX *kctx; + unsigned char out[192/8]; + unsignred char ukm[64]; + OSSL_PARAM params[5], *p = params; + + if (RAND_bytes(ukm, sizeof(ukm)) <= 0) + error("RAND_bytes"); + + kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); + if (kctx == NULL) + error("EVP_KDF_fetch"); + kctx = EVP_KDF_CTX_new(kdf); + if (kctx == NULL) + error("EVP_KDF_CTX_new"); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm)); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, + SN_id_smime_alg_CMS3DESwrap, + strlen(SN_id_smime_alg_CMS3DESwrap)); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) + error("EVP_KDF_set_params"); + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) + error("EVP_KDF_derive"); + + EVP_KDF_CTX_free(kctx); + +=head1 CONFORMING TO + +RFC 2631 + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod new file mode 100644 index 0000000000..537d8c5fc5 --- /dev/null +++ b/doc/man7/EVP_KDF-X963.pod @@ -0,0 +1,111 @@ +=pod + +=head1 NAME + +EVP_KDF-X963 - The X9.63-2001 EVP_KDF implementation + +=head1 DESCRIPTION + +The EVP_KDF-X963 algorithm implements the key derivation function (X963KDF). +X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to +derive a key using input such as a shared secret key and shared info. + +=head2 Identity + +"X963KDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item B ("properties") + +=item B ("digest") + +These parameters work as described in L. + +=item B ("key") + +The shared secret used for key derivation. +This parameter sets the secret. + +=item B ("info") + +This parameter specifies an optional value for shared info. + +=back + +=head1 NOTES + +X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function, +X963KDF appends the counter to the secret, whereas SSKDF prepends the counter. + +A context for X963KDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of an X963KDF is specified via the C +parameter to the L function. + +=head1 EXAMPLES + +This example derives 10 bytes, with the secret key "secret" and sharedinfo +value "label": + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[4], *p = params; + + kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", (size_t)5); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + + EVP_KDF_CTX_free(kctx); + +=head1 CONFORMING TO + +"SEC 1: Elliptic Curve Cryptography" + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/EVP_KDF_HKDF.pod b/doc/man7/EVP_KDF_HKDF.pod deleted file mode 100644 index c511c7c705..0000000000 --- a/doc/man7/EVP_KDF_HKDF.pod +++ /dev/null @@ -1,180 +0,0 @@ -=pod - -=head1 NAME - -EVP_KDF_HKDF - The HKDF EVP_KDF implementation - -=head1 DESCRIPTION - -Support for computing the B KDF through the B API. - -The EVP_KDF_HKDF algorithm implements the HKDF key derivation function. -HKDF follows the "extract-then-expand" paradigm, where the KDF logically -consists of two modules. The first stage takes the input keying material -and "extracts" from it a fixed-length pseudorandom key K. The second stage -"expands" the key K into several additional pseudorandom keys (the output -of the KDF). - -=head2 Numeric identity - -B is the numeric identity for this implementation; it -can be used with the EVP_KDF_CTX_new_id() function. - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -=item B - -=item B - -These controls work as described in L. - -=item B - -This control does not expect any arguments. - -Resets the context info buffer to zero length. - -=item B - -This control expects two arguments: C, C - -Sets the info value to the first B bytes of the buffer B. If a -value is already set, the contents of the buffer are appended to the existing -value. - -The total length of the context info buffer cannot exceed 1024 bytes; -this should be more than enough for any normal use of HKDF. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "info" - -The value string is used as is. - -=item "hexinfo" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects one argument: C - -Sets the mode for the HKDF operation. There are three modes that are currently -defined: - -=over 4 - -=item EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND - -This is the default mode. Calling L on an EVP_KDF_CTX set -up for HKDF will perform an extract followed by an expand operation in one go. -The derived key returned will be the result after the expand operation. The -intermediate fixed-length pseudorandom key K is not returned. - -In this mode the digest, key, salt and info values must be set before a key is -derived otherwise an error will occur. - -=item EVP_KDF_HKDF_MODE_EXTRACT_ONLY - -In this mode calling L will just perform the extract -operation. The value returned will be the intermediate fixed-length pseudorandom -key K. The C parameter must match the size of K, which can be looked -up by calling EVP_KDF_size() after setting the mode and digest. - -The digest, key and salt values must be set before a key is derived otherwise -an error will occur. - -=item EVP_KDF_HKDF_MODE_EXPAND_ONLY - -In this mode calling L will just perform the expand -operation. The input key should be set to the intermediate fixed-length -pseudorandom key K returned from a previous extract operation. - -The digest, key and info values must be set before a key is derived otherwise -an error will occur. - -=back - -EVP_KDF_ctrl_str() type string: "mode" - -The value string is expected to be one of: "EXTRACT_AND_EXPAND", "EXTRACT_ONLY" -or "EXPAND_ONLY". - -=back - -=head1 NOTES - -A context for HKDF can be obtained by calling: - - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF); - -The output length of an HKDF expand operation is specified via the C -parameter to the L function. When using -EVP_KDF_HKDF_MODE_EXTRACT_ONLY the C parameter must equal the size of -the intermediate fixed-length pseudorandom key otherwise an error will occur. -For that mode, the fixed output size can be looked up by calling EVP_KDF_size() -after setting the mode and digest on the C. - -=head1 EXAMPLES - -This example derives 10 bytes using SHA-256 with the secret key "secret", -salt value "salt" and info value "label": - - EVP_KDF_CTX *kctx; - unsigned char out[10]; - - kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF); - - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { - error("EVP_KDF_CTRL_SET_MD"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { - error("EVP_KDF_CTRL_SET_SALT"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { - error("EVP_KDF_CTRL_SET_KEY"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, "label", (size_t)5) <= 0) { - error("EVP_KDF_CTRL_ADD_HKDF_INFO"); - } - if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { - error("EVP_KDF_derive"); - } - - EVP_KDF_CTX_free(kctx); - -=head1 CONFORMING TO - -RFC 5869 - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_KDF_SS.pod b/doc/man7/EVP_KDF_SS.pod deleted file mode 100644 index 5c56fbd1b0..0000000000 --- a/doc/man7/EVP_KDF_SS.pod +++ /dev/null @@ -1,222 +0,0 @@ -=pod - -=head1 NAME - -EVP_KDF_SS - The Single Step / One Step EVP_KDF implementation - -=head1 DESCRIPTION - -The EVP_KDF_SS algorithm implements the Single Step key derivation function (SSKDF). -SSKDF derives a key using input such as a shared secret key (that was generated -during the execution of a key establishment scheme) and fixedinfo. -SSKDF is also informally referred to as 'Concat KDF'. - -=head2 Auxiliary function - -The implementation uses a selectable auxiliary function H, which can be one of: - -=over 4 - -=item B - -=item B - -=item B - -=back - -Both the HMAC and KMAC implementations set the key using the 'salt' value. -The hash and HMAC also require the digest to be set. - -=head2 Numeric identity - -B is the numeric identity for this implementation; it -can be used with the EVP_KDF_CTX_new_id() function. - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -=item B - -=item B - -=item B - -These controls work as described in L. - -=item B - -This control expects two arguments: C, C - -The shared secret used for key derivation. This control sets the secret. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "secret" - -The value string is used as is. - -=item "hexsecret" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects two arguments: C, C - -An optional value for fixedinfo, also known as otherinfo. This control sets the fixedinfo. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "info" - -The value string is used as is. - -=item "hexinfo" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=back - -=head1 NOTES - -A context for SSKDF can be obtained by calling: - -EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); - -The output length of an SSKDF is specified via the C -parameter to the L function. - -=head1 EXAMPLES - -This example derives 10 bytes using H(x) = SHA-256, with the secret key "secret" -and fixedinfo value "label": - - EVP_KDF_CTX *kctx; - unsigned char out[10]; - - kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); - - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { - error("EVP_KDF_CTRL_SET_MD"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { - error("EVP_KDF_CTRL_SET_KEY"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, "label", (size_t)5) <= 0) { - error("EVP_KDF_CTRL_SET_SSKDF_INFO"); - } - if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { - error("EVP_KDF_derive"); - } - - EVP_KDF_CTX_free(kctx); - -This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret", -fixedinfo value "label" and salt "salt": - - EVP_KDF_CTX *kctx; - unsigned char out[10]; - - kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); - - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, EVP_get_macbyname("HMAC")) <= 0) { - error("EVP_KDF_CTRL_SET_MAC"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { - error("EVP_KDF_CTRL_SET_MD"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { - error("EVP_KDF_CTRL_SET_KEY"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, "label", (size_t)5) <= 0) { - error("EVP_KDF_CTRL_SET_SSKDF_INFO"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { - error("EVP_KDF_CTRL_SET_SALT"); - } - if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { - error("EVP_KDF_derive"); - } - - EVP_KDF_CTX_free(kctx); - -This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" -fixedinfo value "label", salt of "salt" and KMAC outlen of 20: - - EVP_KDF_CTX *kctx; - unsigned char out[10]; - - kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS); - - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, EVP_get_macbyname("KMAC128")) <= 0) { - error("EVP_KDF_CTRL_SET_MAC"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { - error("EVP_KDF_CTRL_SET_MD"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { - error("EVP_KDF_CTRL_SET_KEY"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, "label", (size_t)5) <= 0) { - error("EVP_KDF_CTRL_SET_SSKDF_INFO"); - } - /* If not specified the salt will be set to a default value */ - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) { - error("EVP_KDF_CTRL_SET_SALT"); - } - /* If not specified the default size will be the size of the derived key */ - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE, (size_t)20) <= 0) { - error("EVP_KDF_CTRL_SET_MAC_SIZE"); - } - if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { - error("EVP_KDF_derive"); - } - - EVP_KDF_CTX_free(kctx); - - -=head1 CONFORMING TO - -NIST SP800-56Cr1. - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L, -L - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. Copyright -(c) 2019, Oracle and/or its affiliates. All rights reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_KDF_TLS1_PRF.pod b/doc/man7/EVP_KDF_TLS1_PRF.pod deleted file mode 100644 index 02331ece5e..0000000000 --- a/doc/man7/EVP_KDF_TLS1_PRF.pod +++ /dev/null @@ -1,146 +0,0 @@ -=pod - -=head1 NAME - -EVP_KDF_TLS1_PRF - The TLS1 PRF EVP_KDF implementation - -=head1 DESCRIPTION - -Support for computing the B PRF through the B API. - -The EVP_KDF_TLS1_PRF algorithm implements the PRF used by TLS versions up to -and including TLS 1.2. - -=head2 Numeric identity - -B is the numeric identity for this implementation; it -can be used with the EVP_KDF_CTX_new_id() function. - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -This control works as described in L. - -The C control is used to set the message digest associated -with the TLS PRF. EVP_md5_sha1() is treated as a special case which uses the -PRF algorithm using both B and B as used in TLS 1.0 and 1.1. - -=item B - -This control expects two arguments: C, C - -Sets the secret value of the TLS PRF to B bytes of the buffer B. -Any existing secret value is replaced. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "secret" - -The value string is used as is. - -=item "hexsecret" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control does not expect any arguments. - -Resets the context seed buffer to zero length. - -=item B - -This control expects two arguments: C, C - -Sets the seed to B bytes of B. If a seed is already set it is -appended to the existing value. - -The total length of the context seed buffer cannot exceed 1024 bytes; -this should be more than enough for any normal use of the TLS PRF. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "seed" - -The value string is used as is. - -=item "hexseed" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=back - -=head1 NOTES - -A context for the TLS PRF can be obtained by calling: - - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF, NULL); - -The digest, secret value and seed must be set before a key is derived otherwise -an error will occur. - -The output length of the PRF is specified by the C parameter to the -EVP_KDF_derive() function. - -=head1 EXAMPLES - -This example derives 10 bytes using SHA-256 with the secret key "secret" -and seed value "seed": - - EVP_KDF_CTX *kctx; - unsigned char out[10]; - - kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF); - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { - error("EVP_KDF_CTRL_SET_MD"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, - "secret", (size_t)6) <= 0) { - error("EVP_KDF_CTRL_SET_TLS_SECRET"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) { - error("EVP_KDF_CTRL_ADD_TLS_SEED"); - } - if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { - error("EVP_KDF_derive"); - } - EVP_KDF_CTX_free(kctx); - -=head1 CONFORMING TO - -RFC 2246, RFC 5246 and NIST SP 800-135 r1 - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_KDF_X942.pod b/doc/man7/EVP_KDF_X942.pod deleted file mode 100644 index 644cad8cbe..0000000000 --- a/doc/man7/EVP_KDF_X942.pod +++ /dev/null @@ -1,150 +0,0 @@ -=pod - -=head1 NAME - -EVP_KDF_X942 - The X9.42-2001 asn1 EVP_KDF implementation - -=head1 DESCRIPTION - -The EVP_KDF_X942 algorithm implements the key derivation function (X942KDF). -X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to -derive a key using input such as a shared secret key and other info. The other -info is DER encoded data that contains a 32 bit counter. - -=head2 Numeric identity - -B is the numeric identity for this implementation; it -can be used with the EVP_KDF_CTX_new_id() function. - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -This control works as described in L. - -=item B - -This control expects two arguments: C, C - -The shared secret used for key derivation. This control sets the secret. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "secret" - -The value string is used as is. - -=item "hexsecret" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects two arguments: C, C - -An optional random string that is provided by the sender called "partyAInfo". -In CMS this is the user keying material. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "ukm" - -The value string is used as is. - -=item "hexukm" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects one argument: C - -The CEK wrapping algorithm name. - -EVP_KDF_ctrl_str() type string: "cekalg" - -The value string is used as is. - -=back - -=head1 NOTES - -A context for X942KDF can be obtained by calling: - -EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942); - -The output length of an X942KDF is specified via the C -parameter to the L function. - -=head1 EXAMPLES - -This example derives 24 bytes, with the secret key "secret" and a random user -keying material: - - EVP_KDF_CTX *kctx; - unsigned char out[192/8]; - unsignred char ukm[64]; - - if (RAND_bytes(ukm, sizeof(ukm)) <= 0) - error("RAND_bytes"); - - kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942); - if (kctx == NULL) - error("EVP_KDF_CTX_new_id"); - - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) - error("EVP_KDF_CTRL_SET_MD"); - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) - error("EVP_KDF_CTRL_SET_KEY"); - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, sizeof(ukm)) <= 0) - error("EVP_KDF_CTRL_SET_UKM"); - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG, - SN_id_smime_alg_CMS3DESwrap) <= 0) - error("EVP_KDF_CTRL_SET_CEK_ALG"); - if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) - error("EVP_KDF_derive"); - - EVP_KDF_CTX_free(kctx); - -=head1 CONFORMING TO - -RFC 2631 - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L, -L - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man7/EVP_KDF_X963.pod b/doc/man7/EVP_KDF_X963.pod deleted file mode 100644 index 130c9235a9..0000000000 --- a/doc/man7/EVP_KDF_X963.pod +++ /dev/null @@ -1,136 +0,0 @@ -=pod - -=head1 NAME - -EVP_KDF_X963 - The X9.63-2001 EVP_KDF implementation - -=head1 DESCRIPTION - -The EVP_KDF_X963 algorithm implements the key derivation function (X963KDF). -X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to -derive a key using input such as a shared secret key and shared info. - -=head2 Numeric identity - -B is the numeric identity for this implementation; it -can be used with the EVP_KDF_CTX_new_id() function. - -=head2 Supported controls - -The supported controls are: - -=over 4 - -=item B - -This control works as described in L. - -=item B - -This control expects two arguments: C, C - -The shared secret used for key derivation. This control sets the secret. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "secret" - -The value string is used as is. - -=item "hexsecret" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=item B - -This control expects two arguments: C, C - -An optional value for shared info. This control sets the shared info. - -EVP_KDF_ctrl_str() takes two type strings for this control: - -=over 4 - -=item "info" - -The value string is used as is. - -=item "hexinfo" - -The value string is expected to be a hexadecimal number, which will be -decoded before being passed on as the control value. - -=back - -=back - -=head1 NOTES - -X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function, -X963KDF appends the counter to the secret, whereas SSKDF prepends the counter. - -A context for X963KDF can be obtained by calling: - -EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963); - -The output length of an X963KDF is specified via the C -parameter to the L function. - -=head1 EXAMPLES - -This example derives 10 bytes, with the secret key "secret" and sharedinfo -value "label": - - EVP_KDF_CTX *kctx; - unsigned char out[10]; - - kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963); - - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { - error("EVP_KDF_CTRL_SET_MD"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { - error("EVP_KDF_CTRL_SET_KEY"); - } - if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, "label", (size_t)5) <= 0) { - error("EVP_KDF_CTRL_SET_SHARED_INFO"); - } - if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { - error("EVP_KDF_derive"); - } - - EVP_KDF_CTX_free(kctx); - -=head1 CONFORMING TO - -"SEC 1: Elliptic Curve Cryptography" - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L, -L - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 2fe06dc272..1d8857295c 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -92,6 +92,31 @@ extern "C" { #define OSSL_MAC_NAME_KMAC128 "KMAC128" #define OSSL_MAC_NAME_KMAC256 "KMAC256" +/* KDF / PRF parameters */ +#define OSSL_KDF_PARAM_SECRET "secret" /* octet string */ +#define OSSL_KDF_PARAM_KEY "key" /* octet string */ +#define OSSL_KDF_PARAM_SALT "salt" /* octet string */ +#define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ +#define OSSL_KDF_PARAM_DIGEST "digest" /* utf8 string */ +#define OSSL_KDF_PARAM_MAC "mac" /* utf8 string */ +#define OSSL_KDF_PARAM_MAC_SIZE "maclen" /* size_t */ +#define OSSL_KDF_PARAM_PROPERTIES "properties" /* utf8 string */ +#define OSSL_KDF_PARAM_ITER "iter" /* unsigned int */ +#define OSSL_KDF_PARAM_MODE "mode" /* utf8 string or int */ +#define OSSL_KDF_PARAM_PKCS5 "pkcs5" /* int */ +#define OSSL_KDF_PARAM_UKM "ukm" /* octet string */ +#define OSSL_KDF_PARAM_CEK_ALG "cekalg" /* utf8 string */ +#define OSSL_KDF_PARAM_SCRYPT_N "n" /* uint64_t */ +#define OSSL_KDF_PARAM_SCRYPT_R "r" /* uint32_t */ +#define OSSL_KDF_PARAM_SCRYPT_P "p" /* uint32_t */ +#define OSSL_KDF_PARAM_SCRYPT_MAXMEM "maxmem_bytes" /* uint64_t */ +#define OSSL_KDF_PARAM_INFO "info" /* octet string */ +#define OSSL_KDF_PARAM_SEED "seed" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_XCGHASH "xcghash" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_SESSION_ID "session_id" /* octet string */ +#define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */ +#define OSSL_KDF_PARAM_SIZE "size" /* size_t */ + /* PKEY parameters */ /* Diffie-Hellman Parameters */ #define OSSL_PKEY_PARAM_DH_P "dh-p" diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index e39410893e..521cd8c800 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -153,6 +153,7 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, # define OSSL_OP_DIGEST 1 # define OSSL_OP_CIPHER 2 /* Symmetric Ciphers */ # define OSSL_OP_MAC 3 +# define OSSL_OP_KDF 4 # define OSSL_OP_KEYMGMT 10 # define OSSL_OP_KEYEXCH 11 /* Highest known operation number */ @@ -281,6 +282,35 @@ OSSL_CORE_MAKE_FUNC(int, OP_mac_get_ctx_params, OSSL_CORE_MAKE_FUNC(int, OP_mac_set_ctx_params, (void *mctx, const OSSL_PARAM params[])) +/* KDFs and PRFs */ + +# define OSSL_FUNC_KDF_NEWCTX 1 +# define OSSL_FUNC_KDF_DUPCTX 2 +# define OSSL_FUNC_KDF_FREECTX 3 +# define OSSL_FUNC_KDF_RESET 4 +# define OSSL_FUNC_KDF_DERIVE 5 +# define OSSL_FUNC_KDF_GETTABLE_PARAMS 6 +# define OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS 7 +# define OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS 8 +# define OSSL_FUNC_KDF_GET_PARAMS 9 +# define OSSL_FUNC_KDF_GET_CTX_PARAMS 10 +# define OSSL_FUNC_KDF_SET_CTX_PARAMS 11 + +OSSL_CORE_MAKE_FUNC(void *, OP_kdf_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_kdf_dupctx, (void *src)) +OSSL_CORE_MAKE_FUNC(void, OP_kdf_freectx, (void *kctx)) +OSSL_CORE_MAKE_FUNC(void, OP_kdf_reset, (void *kctx)) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_derive, (void *kctx, unsigned char *key, + size_t keylen)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_gettable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_kdf_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_get_params, (OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_get_ctx_params, + (void *kctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_kdf_set_ctx_params, + (void *kctx, const OSSL_PARAM params[])) + /*- * Key management * diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index da62eef1b1..60aca02849 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -408,8 +408,8 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); /* OPENSSL_INIT flag range 0x03f00000 reserved for OPENSSL_init_ssl() */ /* FREE: 0x04000000L */ /* FREE: 0x08000000L */ -# define OPENSSL_INIT_NO_ADD_ALL_KDFS 0x10000000L -# define OPENSSL_INIT_ADD_ALL_KDFS 0x20000000L +/* FREE: 0x10000000L */ +/* FREE: 0x20000000L */ /* FREE: 0x40000000L */ /* FREE: 0x80000000L */ /* Max OPENSSL_INIT flag value is 0x80000000 */ diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index 43d41d8340..95723ec94b 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -39,9 +39,14 @@ int ERR_load_EC_strings(void); # define EC_F_ECDH_SIMPLE_COMPUTE_KEY 0 # define EC_F_ECDSA_DO_SIGN_EX 0 # define EC_F_ECDSA_DO_VERIFY 0 +# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 0 +# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 0 # define EC_F_ECDSA_SIGN_EX 0 # define EC_F_ECDSA_SIGN_SETUP 0 # define EC_F_ECDSA_SIG_NEW 0 +# define EC_F_ECDSA_SIMPLE_SIGN_SETUP 0 +# define EC_F_ECDSA_SIMPLE_SIGN_SIG 0 +# define EC_F_ECDSA_SIMPLE_VERIFY_SIG 0 # define EC_F_ECDSA_VERIFY 0 # define EC_F_ECD_ITEM_VERIFY 0 # define EC_F_ECKEY_PARAM2TYPE 0 @@ -110,6 +115,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 0 # define EC_F_EC_GROUP_CHECK 0 # define EC_F_EC_GROUP_CHECK_DISCRIMINANT 0 +# define EC_F_EC_GROUP_CHECK_NAMED_CURVE 0 # define EC_F_EC_GROUP_COPY 0 # define EC_F_EC_GROUP_GET_CURVE 0 # define EC_F_EC_GROUP_GET_CURVE_GF2M 0 @@ -121,6 +127,8 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 0 # define EC_F_EC_GROUP_NEW 0 # define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 0 +# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX 0 +# define EC_F_EC_GROUP_NEW_EX 0 # define EC_F_EC_GROUP_NEW_FROM_DATA 0 # define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 0 # define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 0 @@ -134,6 +142,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_KEY_GENERATE_KEY 0 # define EC_F_EC_KEY_NEW 0 # define EC_F_EC_KEY_NEW_METHOD 0 +# define EC_F_EC_KEY_NEW_METHOD_INT 0 # define EC_F_EC_KEY_OCT2PRIV 0 # define EC_F_EC_KEY_PRINT 0 # define EC_F_EC_KEY_PRINT_FP 0 @@ -186,6 +195,7 @@ int ERR_load_EC_strings(void); # define EC_F_O2I_ECPUBLICKEY 0 # define EC_F_OLD_EC_PRIV_DECODE 0 # define EC_F_OSSL_ECDH_COMPUTE_KEY 0 +# define EC_F_OSSL_ECDSA_SIGN_SETUP 0 # define EC_F_OSSL_ECDSA_SIGN_SIG 0 # define EC_F_OSSL_ECDSA_VERIFY_SIG 0 # define EC_F_PKEY_ECD_CTRL 0 diff --git a/include/openssl/err.h b/include/openssl/err.h index 88c8f1c83d..03c3593f34 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -97,13 +97,12 @@ typedef struct err_state_st { /* # define ERR_LIB_JPAKE 49 */ # define ERR_LIB_CT 50 # define ERR_LIB_ASYNC 51 -# define ERR_LIB_KDF 52 -# define ERR_LIB_SM2 53 -# define ERR_LIB_ESS 54 -# define ERR_LIB_PROP 55 -# define ERR_LIB_CRMF 56 -# define ERR_LIB_PROV 57 -# define ERR_LIB_CMP 58 +# define ERR_LIB_SM2 52 +# define ERR_LIB_ESS 53 +# define ERR_LIB_PROP 54 +# define ERR_LIB_CRMF 55 +# define ERR_LIB_PROV 56 +# define ERR_LIB_CMP 57 # define ERR_LIB_USER 128 @@ -145,7 +144,6 @@ typedef struct err_state_st { # define HMACerr(f,r) ERR_raise(ERR_LIB_HMAC,(r)) # define CTerr(f,r) ERR_raise(ERR_LIB_CT,(r)) # define ASYNCerr(f,r) ERR_raise(ERR_LIB_ASYNC,(r)) -# define KDFerr(f,r) ERR_raise(ERR_LIB_KDF,(r)) # define SM2err(f,r) ERR_raise(ERR_LIB_SM2,(r)) # define ESSerr(f,r) ERR_raise(ERR_LIB_ESS,(r)) # define PROPerr(f,r) ERR_raise(ERR_LIB_PROP,(r)) diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 714f170bd9..64ed5a3b95 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -65,10 +65,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 0 # define EVP_F_EVP_ENCRYPTFINAL_EX 0 # define EVP_F_EVP_ENCRYPTUPDATE 0 -# define EVP_F_EVP_KDF_CTRL 0 -# define EVP_F_EVP_KDF_CTRL_STR 0 +# define EVP_F_EVP_KDF_CTX_DUP 0 # define EVP_F_EVP_KDF_CTX_NEW 0 -# define EVP_F_EVP_KDF_CTX_NEW_ID 0 # define EVP_F_EVP_KEYEXCH_FETCH 0 # define EVP_F_EVP_KEYEXCH_FROM_DISPATCH 0 # define EVP_F_EVP_MAC_CTRL 0 diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index 300cf760dc..a9ea768d1d 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -13,37 +13,37 @@ # include # include # include -# include +# include + # ifdef __cplusplus extern "C" { # endif -# define EVP_KDF_PBKDF2 NID_id_pbkdf2 -# define EVP_KDF_SCRYPT NID_id_scrypt -# define EVP_KDF_TLS1_PRF NID_tls1_prf -# define EVP_KDF_HKDF NID_hkdf -# define EVP_KDF_SSHKDF NID_sshkdf -# define EVP_KDF_SS NID_sskdf -# define EVP_KDF_X963 NID_x963kdf -# define EVP_KDF_X942 NID_x942kdf - -EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); -EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); +int EVP_KDF_up_ref(EVP_KDF *kdf); +void EVP_KDF_free(EVP_KDF *kdf); +EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); + +EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); +const char *EVP_KDF_name(const EVP_KDF *kdf); +const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); void EVP_KDF_reset(EVP_KDF_CTX *ctx); -int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...); -int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args); -int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value); size_t EVP_KDF_size(EVP_KDF_CTX *ctx); int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); +int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); +int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf); +const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf); -int EVP_KDF_nid(const EVP_KDF *kdf); -# define EVP_get_kdfbynid(a) EVP_get_kdfbyname(OBJ_nid2sn(a)) -# define EVP_get_kdfbyobj(a) EVP_get_kdfbynid(OBJ_obj2nid(a)) -# define EVP_KDF_name(o) OBJ_nid2sn(EVP_KDF_nid(o)) -const EVP_KDF *EVP_get_kdfbyname(const char *name); +void EVP_KDF_do_all_ex(OPENSSL_CTX *libctx, + void (*fn)(EVP_KDF *kdf, void *arg), + void *arg); # define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */ # define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */ @@ -52,23 +52,22 @@ const EVP_KDF *EVP_get_kdfbyname(const char *name); # define EVP_KDF_CTRL_SET_KEY 0x05 /* unsigned char *, size_t */ # define EVP_KDF_CTRL_SET_MAXMEM_BYTES 0x06 /* uint64_t */ # define EVP_KDF_CTRL_SET_TLS_SECRET 0x07 /* unsigned char *, size_t */ -# define EVP_KDF_CTRL_RESET_TLS_SEED 0x08 -# define EVP_KDF_CTRL_ADD_TLS_SEED 0x09 /* unsigned char *, size_t */ -# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x0a -# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0b /* unsigned char *, size_t */ -# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0c /* int */ -# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0d /* uint64_t */ -# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0e /* uint32_t */ -# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0f /* uint32_t */ -# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x10 /* unsigned char *, size_t */ -# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x11 /* unsigned char *, size_t */ -# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x12 /* int */ -# define EVP_KDF_CTRL_SET_MAC 0x13 /* EVP_MAC * */ -# define EVP_KDF_CTRL_SET_MAC_SIZE 0x14 /* size_t */ -# define EVP_KDF_CTRL_SET_SSKDF_INFO 0x15 /* unsigned char *, size_t */ -# define EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE 0x16 /* int */ -# define EVP_KDF_CTRL_SET_UKM 0x17 /* unsigned char *, size_t */ -# define EVP_KDF_CTRL_SET_CEK_ALG 0x18 /* char * */ +# define EVP_KDF_CTRL_ADD_TLS_SEED 0x08 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_RESET_HKDF_INFO 0x09 +# define EVP_KDF_CTRL_ADD_HKDF_INFO 0x0a /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_HKDF_MODE 0x0b /* int */ +# define EVP_KDF_CTRL_SET_SCRYPT_N 0x0c /* uint64_t */ +# define EVP_KDF_CTRL_SET_SCRYPT_R 0x0d /* uint32_t */ +# define EVP_KDF_CTRL_SET_SCRYPT_P 0x0e /* uint32_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_XCGHASH 0x0f /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID 0x10 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_SSHKDF_TYPE 0x11 /* int */ +# define EVP_KDF_CTRL_SET_MAC 0x12 /* EVP_MAC * */ +# define EVP_KDF_CTRL_SET_MAC_SIZE 0x13 /* size_t */ +# define EVP_KDF_CTRL_SET_SSKDF_INFO 0x14 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE 0x15 /* int */ +# define EVP_KDF_CTRL_SET_UKM 0x16 /* unsigned char *, size_t */ +# define EVP_KDF_CTRL_SET_CEK_ALG 0x17 /* char * */ # define EVP_KDF_CTRL_SET_SHARED_INFO EVP_KDF_CTRL_SET_SSKDF_INFO # define EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND 0 diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h deleted file mode 100644 index d28640040c..0000000000 --- a/include/openssl/kdferr.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_KDFERR_H -# define HEADER_KDFERR_H - -# include -# include - - -# ifdef __cplusplus -extern "C" -# endif -int ERR_load_KDF_strings(void); - -/* - * KDF function codes. - */ -# if !OPENSSL_API_3 -# define KDF_F_HKDF_EXTRACT 0 -# define KDF_F_KDF_HKDF_DERIVE 0 -# define KDF_F_KDF_HKDF_NEW 0 -# define KDF_F_KDF_HKDF_SIZE 0 -# define KDF_F_KDF_MD2CTRL 0 -# define KDF_F_KDF_PBKDF2_CTRL 0 -# define KDF_F_KDF_PBKDF2_CTRL_STR 0 -# define KDF_F_KDF_PBKDF2_DERIVE 0 -# define KDF_F_KDF_PBKDF2_NEW 0 -# define KDF_F_KDF_SCRYPT_CTRL_STR 0 -# define KDF_F_KDF_SCRYPT_CTRL_UINT32 0 -# define KDF_F_KDF_SCRYPT_CTRL_UINT64 0 -# define KDF_F_KDF_SCRYPT_DERIVE 0 -# define KDF_F_KDF_SCRYPT_NEW 0 -# define KDF_F_KDF_SSHKDF_CTRL 0 -# define KDF_F_KDF_SSHKDF_CTRL_STR 0 -# define KDF_F_KDF_SSHKDF_DERIVE 0 -# define KDF_F_KDF_SSHKDF_NEW 0 -# define KDF_F_KDF_TLS1_PRF_CTRL_STR 0 -# define KDF_F_KDF_TLS1_PRF_DERIVE 0 -# define KDF_F_KDF_TLS1_PRF_NEW 0 -# define KDF_F_PBKDF2_DERIVE 0 -# define KDF_F_PBKDF2_SET_MEMBUF 0 -# define KDF_F_PKEY_HKDF_CTRL_STR 0 -# define KDF_F_PKEY_HKDF_DERIVE 0 -# define KDF_F_PKEY_HKDF_INIT 0 -# define KDF_F_PKEY_SCRYPT_CTRL_STR 0 -# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 0 -# define KDF_F_PKEY_SCRYPT_DERIVE 0 -# define KDF_F_PKEY_SCRYPT_INIT 0 -# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 0 -# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 0 -# define KDF_F_PKEY_TLS1_PRF_DERIVE 0 -# define KDF_F_PKEY_TLS1_PRF_INIT 0 -# define KDF_F_SCRYPT_SET_MEMBUF 0 -# define KDF_F_SSKDF_CTRL_STR 0 -# define KDF_F_SSKDF_DERIVE 0 -# define KDF_F_SSKDF_MAC2CTRL 0 -# define KDF_F_SSKDF_NEW 0 -# define KDF_F_SSKDF_SIZE 0 -# define KDF_F_TLS1_PRF_ALG 0 -# define KDF_F_X942KDF_CTRL 0 -# define KDF_F_X942KDF_DERIVE 0 -# define KDF_F_X942KDF_HASH_KDM 0 -# define KDF_F_X942KDF_NEW 0 -# define KDF_F_X942KDF_SIZE 0 -# define KDF_F_X963KDF_DERIVE 0 -# endif - -/* - * KDF reason codes. - */ -# define KDF_R_BAD_ENCODING 122 -# define KDF_R_BAD_LENGTH 123 -# define KDF_R_INAVLID_UKM_LEN 124 -# define KDF_R_INVALID_DIGEST 100 -# define KDF_R_INVALID_ITERATION_COUNT 119 -# define KDF_R_INVALID_KEY_LEN 120 -# define KDF_R_INVALID_MAC_TYPE 116 -# define KDF_R_INVALID_SALT_LEN 121 -# define KDF_R_MISSING_CEK_ALG 125 -# define KDF_R_MISSING_ITERATION_COUNT 109 -# define KDF_R_MISSING_KEY 104 -# define KDF_R_MISSING_MESSAGE_DIGEST 105 -# define KDF_R_MISSING_PARAMETER 101 -# define KDF_R_MISSING_PASS 110 -# define KDF_R_MISSING_SALT 111 -# define KDF_R_MISSING_SECRET 107 -# define KDF_R_MISSING_SEED 106 -# define KDF_R_MISSING_SESSION_ID 113 -# define KDF_R_MISSING_TYPE 114 -# define KDF_R_MISSING_XCGHASH 115 -# define KDF_R_NOT_SUPPORTED 118 -# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 -# define KDF_R_UNSUPPORTED_CEK_ALG 126 -# define KDF_R_UNSUPPORTED_MAC_TYPE 117 -# define KDF_R_VALUE_ERROR 108 -# define KDF_R_VALUE_MISSING 102 -# define KDF_R_WRONG_OUTPUT_BUFFER_SIZE 112 - -#endif diff --git a/providers/common/build.info b/providers/common/build.info index 4c977d3f25..4d87b15e8d 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,4 +1,4 @@ -SUBDIRS=digests ciphers macs exchange keymgmt +SUBDIRS=digests ciphers macs kdfs exchange keymgmt SOURCE[../../libcrypto]=\ provider_err.c provlib.c diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index e66c0523e7..b9d257649f 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -115,17 +115,6 @@ extern const OSSL_DISPATCH camellia192ctr_functions[]; extern const OSSL_DISPATCH camellia128ctr_functions[]; #endif /* OPENSSL_NO_CAMELLIA */ -/* MACs */ -extern const OSSL_DISPATCH blake2bmac_functions[]; -extern const OSSL_DISPATCH blake2smac_functions[]; -extern const OSSL_DISPATCH cmac_functions[]; -extern const OSSL_DISPATCH gmac_functions[]; -extern const OSSL_DISPATCH hmac_functions[]; -extern const OSSL_DISPATCH kmac128_functions[]; -extern const OSSL_DISPATCH kmac256_functions[]; -extern const OSSL_DISPATCH siphash_functions[]; -extern const OSSL_DISPATCH poly1305_functions[]; - extern const OSSL_DISPATCH tdes_ede3_ecb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cbc_functions[]; @@ -144,6 +133,32 @@ extern const OSSL_DISPATCH tdes_desx_cbc_functions[]; extern const OSSL_DISPATCH tdes_wrap_cbc_functions[]; #endif /* FIPS_MODE */ +/* MACs */ +extern const OSSL_DISPATCH blake2bmac_functions[]; +extern const OSSL_DISPATCH blake2smac_functions[]; +extern const OSSL_DISPATCH cmac_functions[]; +extern const OSSL_DISPATCH gmac_functions[]; +extern const OSSL_DISPATCH hmac_functions[]; +extern const OSSL_DISPATCH kmac128_functions[]; +extern const OSSL_DISPATCH kmac256_functions[]; +extern const OSSL_DISPATCH siphash_functions[]; +extern const OSSL_DISPATCH poly1305_functions[]; + +/* KDFs / PRFs */ +extern const OSSL_DISPATCH kdf_pbkdf2_functions[]; +#ifndef OPENSSL_NO_SCRYPT +extern const OSSL_DISPATCH kdf_scrypt_functions[]; +#endif +extern const OSSL_DISPATCH kdf_tls1_prf_functions[]; +extern const OSSL_DISPATCH kdf_hkdf_functions[]; +extern const OSSL_DISPATCH kdf_sshkdf_functions[]; +extern const OSSL_DISPATCH kdf_sskdf_functions[]; +extern const OSSL_DISPATCH kdf_x963_kdf_functions[]; +#ifndef OPENSSL_NO_CMS +extern const OSSL_DISPATCH kdf_x942_kdf_functions[]; +#endif + + /* Key management */ extern const OSSL_DISPATCH dh_keymgmt_functions[]; diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h index c436495a5b..39f56b4950 100644 --- a/providers/common/include/internal/providercommonerr.h +++ b/providers/common/include/internal/providercommonerr.h @@ -51,25 +51,51 @@ int ERR_load_PROV_strings(void); */ # define PROV_R_AES_KEY_SETUP_FAILED 101 # define PROV_R_BAD_DECRYPT 100 +# define PROV_R_BAD_ENCODING 141 +# define PROV_R_BAD_LENGTH 142 +# define PROV_R_BOTH_MODE_AND_MODE_INT 127 # define PROV_R_CIPHER_OPERATION_FAILED 102 # define PROV_R_FAILED_TO_GENERATE_KEY 121 # define PROV_R_FAILED_TO_GET_PARAMETER 103 # define PROV_R_FAILED_TO_SET_PARAMETER 104 +# define PROV_R_INAVLID_UKM_LENGTH 146 # define PROV_R_INVALID_AAD 108 # define PROV_R_INVALID_CUSTOM_LENGTH 111 # define PROV_R_INVALID_DATA 115 +# define PROV_R_INVALID_DIGEST 122 +# define PROV_R_INVALID_ITERATION_COUNT 123 # define PROV_R_INVALID_IVLEN 116 # define PROV_R_INVALID_IV_LENGTH 109 # define PROV_R_INVALID_KEYLEN 117 +# define PROV_R_INVALID_KEY_LEN 124 # define PROV_R_INVALID_KEY_LENGTH 105 +# define PROV_R_INVALID_MODE 125 +# define PROV_R_INVALID_MODE_INT 126 # define PROV_R_INVALID_SALT_LENGTH 112 # define PROV_R_INVALID_TAG 110 # define PROV_R_INVALID_TAGLEN 118 +# define PROV_R_MISSING_CEK_ALG 144 +# define PROV_R_MISSING_KEY 128 +# define PROV_R_MISSING_MESSAGE_DIGEST 129 +# define PROV_R_MISSING_PASS 130 +# define PROV_R_MISSING_SALT 131 +# define PROV_R_MISSING_SECRET 132 +# define PROV_R_MISSING_SEED 140 +# define PROV_R_MISSING_SESSION_ID 133 +# define PROV_R_MISSING_TYPE 134 +# define PROV_R_MISSING_XCGHASH 135 +# define PROV_R_NOT_SUPPORTED 136 # define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 # define PROV_R_NO_KEY_SET 114 # define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 # define PROV_R_TAG_NOTSET 119 # define PROV_R_TAG_NOT_NEEDED 120 +# define PROV_R_UNABLE_TO_LOAD_SHA1 143 +# define PROV_R_UNABLE_TO_LOAD_SHA256 147 +# define PROV_R_UNSUPPORTED_CEK_ALG 145 +# define PROV_R_UNSUPPORTED_MAC_TYPE 137 +# define PROV_R_VALUE_ERROR 138 # define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 +# define PROV_R_WRONG_OUTPUT_BUFFER_SIZE 139 #endif diff --git a/providers/common/kdfs/build.info b/providers/common/kdfs/build.info new file mode 100644 index 0000000000..a881fa00b9 --- /dev/null +++ b/providers/common/kdfs/build.info @@ -0,0 +1,13 @@ +$COMMON=tls1_prf.c hkdf.c pbkdf2.c sskdf.c + +LIBS=../../../libcrypto +SOURCE[../../../libcrypto]=$COMMON +INCLUDE[../../../libcrypto]=. ../../../crypto + +IF[{- !$disabled{fips} -}] + MODULES=../../fips + SOURCE[../../fips]=$COMMON + INCLUDE[../../fips]=. ../../../crypto +ENDIF + + diff --git a/crypto/kdf/hkdf.c b/providers/common/kdfs/hkdf.c similarity index 50% rename from crypto/kdf/hkdf.c rename to providers/common/kdfs/hkdf.c index 33c74da86a..30bda90f69 100644 --- a/crypto/kdf/hkdf.c +++ b/providers/common/kdfs/hkdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,14 +13,26 @@ #include #include #include +#include #include "internal/cryptlib.h" #include "internal/numbers.h" #include "internal/evp_int.h" -#include "kdf_local.h" +#include "internal/provider_ctx.h" +#include "internal/providercommonerr.h" +#include "internal/provider_algs.h" +#include "e_os.h" #define HKDF_MAXBUF 1024 -static void kdf_hkdf_reset(EVP_KDF_IMPL *impl); +static OSSL_OP_kdf_newctx_fn kdf_hkdf_new; +static OSSL_OP_kdf_freectx_fn kdf_hkdf_free; +static OSSL_OP_kdf_reset_fn kdf_hkdf_reset; +static OSSL_OP_kdf_derive_fn kdf_hkdf_derive; +static OSSL_OP_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; +static OSSL_OP_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params; +static OSSL_OP_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; +static OSSL_OP_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params; + static int HKDF(const EVP_MD *evp_md, const unsigned char *salt, size_t salt_len, const unsigned char *key, size_t key_len, @@ -35,209 +47,236 @@ static int HKDF_Expand(const EVP_MD *evp_md, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len); -struct evp_kdf_impl_st { +typedef struct { + void *provctx; int mode; - const EVP_MD *md; + EVP_MD *md; unsigned char *salt; size_t salt_len; unsigned char *key; size_t key_len; unsigned char info[HKDF_MAXBUF]; size_t info_len; -}; +} KDF_HKDF; -static EVP_KDF_IMPL *kdf_hkdf_new(void) +static void *kdf_hkdf_new(void *provctx) { - EVP_KDF_IMPL *impl; + KDF_HKDF *ctx; - if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) - KDFerr(KDF_F_KDF_HKDF_NEW, ERR_R_MALLOC_FAILURE); - return impl; + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + else + ctx->provctx = provctx; + return ctx; } -static void kdf_hkdf_free(EVP_KDF_IMPL *impl) +static void kdf_hkdf_free(void *vctx) { - kdf_hkdf_reset(impl); - OPENSSL_free(impl); -} + KDF_HKDF *ctx = (KDF_HKDF *)vctx; -static void kdf_hkdf_reset(EVP_KDF_IMPL *impl) -{ - OPENSSL_free(impl->salt); - OPENSSL_clear_free(impl->key, impl->key_len); - OPENSSL_cleanse(impl->info, impl->info_len); - memset(impl, 0, sizeof(*impl)); + kdf_hkdf_reset(ctx); + OPENSSL_free(ctx); } -static int kdf_hkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) +static void kdf_hkdf_reset(void *vctx) { - const unsigned char *p; - size_t len; - const EVP_MD *md; - - switch (cmd) { - case EVP_KDF_CTRL_SET_MD: - md = va_arg(args, const EVP_MD *); - if (md == NULL) - return 0; - - impl->md = md; - return 1; - - case EVP_KDF_CTRL_SET_HKDF_MODE: - impl->mode = va_arg(args, int); - return 1; - - case EVP_KDF_CTRL_SET_SALT: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len == 0 || p == NULL) - return 1; - - OPENSSL_free(impl->salt); - impl->salt = OPENSSL_memdup(p, len); - if (impl->salt == NULL) - return 0; - - impl->salt_len = len; - return 1; - - case EVP_KDF_CTRL_SET_KEY: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - OPENSSL_clear_free(impl->key, impl->key_len); - impl->key = OPENSSL_memdup(p, len); - if (impl->key == NULL) - return 0; - - impl->key_len = len; - return 1; - - case EVP_KDF_CTRL_RESET_HKDF_INFO: - OPENSSL_cleanse(impl->info, impl->info_len); - impl->info_len = 0; - return 1; - - case EVP_KDF_CTRL_ADD_HKDF_INFO: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len == 0 || p == NULL) - return 1; - - if (len > (HKDF_MAXBUF - impl->info_len)) - return 0; + KDF_HKDF *ctx = (KDF_HKDF *)vctx; - memcpy(impl->info + impl->info_len, p, len); - impl->info_len += len; - return 1; - - default: - return -2; - } + EVP_MD_meth_free(ctx->md); + OPENSSL_free(ctx->salt); + OPENSSL_clear_free(ctx->key, ctx->key_len); + OPENSSL_cleanse(ctx->info, ctx->info_len); + memset(ctx, 0, sizeof(*ctx)); } -static int kdf_hkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, - const char *value) -{ - if (strcmp(type, "mode") == 0) { - int mode; - - if (strcmp(value, "EXTRACT_AND_EXPAND") == 0) - mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND; - else if (strcmp(value, "EXTRACT_ONLY") == 0) - mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; - else if (strcmp(value, "EXPAND_ONLY") == 0) - mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; - else - return 0; - - return call_ctrl(kdf_hkdf_ctrl, impl, EVP_KDF_CTRL_SET_HKDF_MODE, mode); - } - - if (strcmp(type, "digest") == 0) - return kdf_md2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_MD, value); - - if (strcmp(type, "salt") == 0) - return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_SALT, value); - - if (strcmp(type, "hexsalt") == 0) - return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_SALT, value); - - if (strcmp(type, "key") == 0) - return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_KEY, value); - - if (strcmp(type, "hexkey") == 0) - return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_SET_KEY, value); - - if (strcmp(type, "info") == 0) - return kdf_str2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_ADD_HKDF_INFO, - value); - - if (strcmp(type, "hexinfo") == 0) - return kdf_hex2ctrl(impl, kdf_hkdf_ctrl, EVP_KDF_CTRL_ADD_HKDF_INFO, - value); - - return -2; -} - -static size_t kdf_hkdf_size(EVP_KDF_IMPL *impl) +static size_t kdf_hkdf_size(KDF_HKDF *ctx) { int sz; - if (impl->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY) + if (ctx->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY) return SIZE_MAX; - if (impl->md == NULL) { - KDFerr(KDF_F_KDF_HKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST); + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - sz = EVP_MD_size(impl->md); + sz = EVP_MD_size(ctx->md); if (sz < 0) return 0; return sz; } -static int kdf_hkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, - size_t keylen) +static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen) { - if (impl->md == NULL) { - KDFerr(KDF_F_KDF_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + KDF_HKDF *ctx = (KDF_HKDF *)vctx; + + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - if (impl->key == NULL) { - KDFerr(KDF_F_KDF_HKDF_DERIVE, KDF_R_MISSING_KEY); + if (ctx->key == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; } - switch (impl->mode) { + switch (ctx->mode) { case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: - return HKDF(impl->md, impl->salt, impl->salt_len, impl->key, - impl->key_len, impl->info, impl->info_len, key, + return HKDF(ctx->md, ctx->salt, ctx->salt_len, ctx->key, + ctx->key_len, ctx->info, ctx->info_len, key, keylen); case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: - return HKDF_Extract(impl->md, impl->salt, impl->salt_len, impl->key, - impl->key_len, key, keylen); + return HKDF_Extract(ctx->md, ctx->salt, ctx->salt_len, ctx->key, + ctx->key_len, key, keylen); case EVP_KDF_HKDF_MODE_EXPAND_ONLY: - return HKDF_Expand(impl->md, impl->key, impl->key_len, impl->info, - impl->info_len, key, keylen); + return HKDF_Expand(ctx->md, ctx->key, ctx->key_len, ctx->info, + ctx->info_len, key, keylen); default: return 0; } } -const EVP_KDF hkdf_kdf_meth = { - EVP_KDF_HKDF, - kdf_hkdf_new, - kdf_hkdf_free, - kdf_hkdf_reset, - kdf_hkdf_ctrl, - kdf_hkdf_ctrl_str, - kdf_hkdf_size, - kdf_hkdf_derive +static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KDF_HKDF *ctx = vctx; + EVP_MD *md; + int n; + const char *properties = NULL; + + /* Grab search properties, this should be before the digest lookup */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) + != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + properties = p->data; + } + /* Handle aliasing of digest parameter names */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, + properties); + if (md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return 0; + } + EVP_MD_meth_free(ctx->md); + ctx->md = md; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { + if (p->data_type == OSSL_PARAM_UTF8_STRING) { + if (strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { + ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND; + } else if (strcasecmp(p->data, "EXTRACT_ONLY") == 0) { + ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; + } else if (strcasecmp(p->data, "EXPAND_ONLY") == 0) { + ctx->mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; + } else { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); + return 0; + } + } else if (OSSL_PARAM_get_int(p, &n)) { + if (n != EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND + && n != EVP_KDF_HKDF_MODE_EXTRACT_ONLY + && n != EVP_KDF_HKDF_MODE_EXPAND_ONLY) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); + return 0; + } + ctx->mode = n; + } else { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); + return 0; + } + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) { + OPENSSL_clear_free(ctx->key, ctx->key_len); + ctx->key = NULL; + if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->key, 0, + &ctx->key_len)) + return 0; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { + if (p->data_size != 0 && p->data != NULL) { + OPENSSL_free(ctx->salt); + ctx->salt = NULL; + if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->salt, 0, + &ctx->salt_len)) + return 0; + } + } + /* The info fields concatenate, so process them all */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) { + ctx->info_len = 0; + for (; p != NULL; p = OSSL_PARAM_locate_const(p + 1, + OSSL_KDF_PARAM_INFO)) { + const void *q = ctx->info + ctx->info_len; + size_t sz = 0; + + if (p->data_size != 0 + && p->data != NULL + && !OSSL_PARAM_get_octet_string(p, (void **)&q, + HKDF_MAXBUF - ctx->info_len, + &sz)) + return 0; + ctx->info_len += sz; + } + } + return 1; +} + +static const OSSL_PARAM *kdf_hkdf_settable_ctx_params(void) +{ + static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), + OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), + OSSL_PARAM_END + }; + return known_settable_ctx_params; +} + +static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + KDF_HKDF *ctx = (KDF_HKDF *)vctx; + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, kdf_hkdf_size(ctx)); + return -2; +} + +static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(void) +{ + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +} + +const OSSL_DISPATCH kdf_hkdf_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_hkdf_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))kdf_hkdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_hkdf_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))kdf_hkdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_hkdf_get_ctx_params }, + { 0, NULL } }; /* @@ -325,7 +364,7 @@ static int HKDF_Extract(const EVP_MD *evp_md, if (sz < 0) return 0; if (prk_len != (size_t)sz) { - KDFerr(KDF_F_HKDF_EXTRACT, KDF_R_WRONG_OUTPUT_BUFFER_SIZE); + ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_OUTPUT_BUFFER_SIZE); return 0; } /* calc: PRK = HMAC-Hash(salt, IKM) */ diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c new file mode 100644 index 0000000000..e60f0126f7 --- /dev/null +++ b/providers/common/kdfs/pbkdf2.c @@ -0,0 +1,355 @@ +/* + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include "internal/cryptlib.h" +#include "internal/numbers.h" +#include "internal/evp_int.h" +#include "internal/provider_ctx.h" +#include "internal/providercommonerr.h" +#include "internal/provider_algs.h" + +/* Constants specified in SP800-132 */ +#define KDF_PBKDF2_MIN_KEY_LEN_BITS 112 +#define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF +#define KDF_PBKDF2_MIN_ITERATIONS 1000 +#define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) +/* + * For backwards compatibility reasons, + * Extra checks are done by default in fips mode only. + */ +#ifdef FIPS_MODE +# define KDF_PBKDF2_DEFAULT_CHECKS 1 +#else +# define KDF_PBKDF2_DEFAULT_CHECKS 0 +#endif /* FIPS_MODE */ + +static OSSL_OP_kdf_newctx_fn kdf_pbkdf2_new; +static OSSL_OP_kdf_freectx_fn kdf_pbkdf2_free; +static OSSL_OP_kdf_reset_fn kdf_pbkdf2_reset; +static OSSL_OP_kdf_derive_fn kdf_pbkdf2_derive; +static OSSL_OP_kdf_settable_ctx_params_fn kdf_pbkdf2_settable_ctx_params; +static OSSL_OP_kdf_set_ctx_params_fn kdf_pbkdf2_set_ctx_params; + +static int pbkdf2_derive(const char *pass, size_t passlen, + const unsigned char *salt, int saltlen, uint64_t iter, + const EVP_MD *digest, unsigned char *key, + size_t keylen, int extra_checks); + +typedef struct { + void *provctx; + unsigned char *pass; + size_t pass_len; + unsigned char *salt; + size_t salt_len; + uint64_t iter; + EVP_MD *md; + int lower_bound_checks; +} KDF_PBKDF2; + +static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx); + +static void *kdf_pbkdf2_new(void *provctx) +{ + KDF_PBKDF2 *ctx; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + ctx->provctx = provctx; + kdf_pbkdf2_init(ctx); + return ctx; +} + +static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) +{ + EVP_MD_meth_free(ctx->md); + OPENSSL_free(ctx->salt); + OPENSSL_clear_free(ctx->pass, ctx->pass_len); + memset(ctx, 0, sizeof(*ctx)); +} + +static void kdf_pbkdf2_free(void *vctx) +{ + KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; + + kdf_pbkdf2_cleanup(ctx); + OPENSSL_free(ctx); +} + +static void kdf_pbkdf2_reset(void *vctx) +{ + KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; + + kdf_pbkdf2_cleanup(ctx); + kdf_pbkdf2_init(ctx); +} + +static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx) +{ + ctx->iter = PKCS5_DEFAULT_ITER; + ctx->md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), SN_sha1, + NULL); + ctx->lower_bound_checks = KDF_PBKDF2_DEFAULT_CHECKS; +} + +static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen, + const OSSL_PARAM *p) +{ + OPENSSL_clear_free(*buffer, *buflen); + if (p->data_size == 0) { + if ((*buffer = OPENSSL_malloc(1)) == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return 0; + } + } else if (p->data != NULL) { + *buffer = NULL; + if (!OSSL_PARAM_get_octet_string(p, (void **)buffer, 0, buflen)) + return 0; + } + return 1; +} + +static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, + size_t keylen) +{ + KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; + + if (ctx->pass == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_PASS); + return 0; + } + + if (ctx->salt == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SALT); + return 0; + } + + return pbkdf2_derive((char *)ctx->pass, ctx->pass_len, + ctx->salt, ctx->salt_len, ctx->iter, + ctx->md, key, keylen, ctx->lower_bound_checks); +} + +static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KDF_PBKDF2 *ctx = vctx; + EVP_MD *md; + int pkcs5; + uint64_t iter, min_iter; + const char *properties = NULL; + + /* Grab search properties, this should be before the digest lookup */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) + != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + properties = p->data; + } + /* Handle aliasing of digest parameter names */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, + properties); + if (md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return 0; + } + EVP_MD_meth_free(ctx->md); + ctx->md = md; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PKCS5)) != NULL) { + if (!OSSL_PARAM_get_int(p, &pkcs5)) + return 0; + ctx->lower_bound_checks = pkcs5 == 0; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) + if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { + if (ctx->lower_bound_checks != 0 + && p->data_size < KDF_PBKDF2_MIN_SALT_LEN) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH); + return 0; + } + if (!pbkdf2_set_membuf(&ctx->salt, &ctx->salt_len,p)) + return 0; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ITER)) != NULL) { + if (!OSSL_PARAM_get_uint64(p, &iter)) + return 0; + min_iter = ctx->lower_bound_checks != 0 ? KDF_PBKDF2_MIN_ITERATIONS : 1; + if (iter < min_iter) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_ITERATION_COUNT); + return 0; + } + ctx->iter = iter; + } + return 1; +} + +static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(void) +{ + static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PASSWORD, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), + OSSL_PARAM_uint64(OSSL_KDF_PARAM_ITER, NULL), + OSSL_PARAM_int(OSSL_KDF_PARAM_PKCS5, NULL), + OSSL_PARAM_END + }; + return known_settable_ctx_params; +} + +static int kdf_pbkdf2_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, SIZE_MAX); + return -2; +} + +static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(void) +{ + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +} + +const OSSL_DISPATCH kdf_pbkdf2_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_pbkdf2_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_pbkdf2_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_pbkdf2_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_pbkdf2_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))kdf_pbkdf2_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_pbkdf2_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))kdf_pbkdf2_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_pbkdf2_get_ctx_params }, + { 0, NULL } +}; + +/* + * This is an implementation of PKCS#5 v2.0 password based encryption key + * derivation function PBKDF2. SHA1 version verified against test vectors + * posted by Peter Gutmann to the PKCS-TNG mailing list. + * + * The constraints specified by SP800-132 have been added i.e. + * - Check the range of the key length. + * - Minimum iteration count of 1000. + * - Randomly-generated portion of the salt shall be at least 128 bits. + */ +static int pbkdf2_derive(const char *pass, size_t passlen, + const unsigned char *salt, int saltlen, uint64_t iter, + const EVP_MD *digest, unsigned char *key, + size_t keylen, int lower_bound_checks) +{ + int ret = 0; + unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; + int cplen, k, tkeylen, mdlen; + uint64_t j; + unsigned long i = 1; + HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; + + mdlen = EVP_MD_size(digest); + if (mdlen <= 0) + return 0; + + /* + * This check should always be done because keylen / mdlen >= (2^32 - 1) + * results in an overflow of the loop counter 'i'. + */ + if ((keylen / mdlen) >= KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LEN); + return 0; + } + + if (lower_bound_checks) { + if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LEN); + return 0; + } + if (saltlen < KDF_PBKDF2_MIN_SALT_LEN) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH); + return 0; + } + if (iter < KDF_PBKDF2_MIN_ITERATIONS) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_ITERATION_COUNT); + return 0; + } + } + + hctx_tpl = HMAC_CTX_new(); + if (hctx_tpl == NULL) + return 0; + p = key; + tkeylen = keylen; + if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) + goto err; + hctx = HMAC_CTX_new(); + if (hctx == NULL) + goto err; + while (tkeylen) { + if (tkeylen > mdlen) + cplen = mdlen; + else + cplen = tkeylen; + /* + * We are unlikely to ever use more than 256 blocks (5120 bits!) but + * just in case... + */ + itmp[0] = (unsigned char)((i >> 24) & 0xff); + itmp[1] = (unsigned char)((i >> 16) & 0xff); + itmp[2] = (unsigned char)((i >> 8) & 0xff); + itmp[3] = (unsigned char)(i & 0xff); + if (!HMAC_CTX_copy(hctx, hctx_tpl)) + goto err; + if (!HMAC_Update(hctx, salt, saltlen) + || !HMAC_Update(hctx, itmp, 4) + || !HMAC_Final(hctx, digtmp, NULL)) + goto err; + memcpy(p, digtmp, cplen); + for (j = 1; j < iter; j++) { + if (!HMAC_CTX_copy(hctx, hctx_tpl)) + goto err; + if (!HMAC_Update(hctx, digtmp, mdlen) + || !HMAC_Final(hctx, digtmp, NULL)) + goto err; + for (k = 0; k < cplen; k++) + p[k] ^= digtmp[k]; + } + tkeylen -= cplen; + i++; + p += cplen; + } + ret = 1; + +err: + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); + return ret; +} diff --git a/crypto/kdf/sskdf.c b/providers/common/kdfs/sskdf.c similarity index 58% rename from crypto/kdf/sskdf.c rename to providers/common/kdfs/sskdf.c index b20eff2865..b8a41fbbaa 100644 --- a/crypto/kdf/sskdf.c +++ b/providers/common/kdfs/sskdf.c @@ -43,12 +43,16 @@ #include #include #include "internal/cryptlib.h" +#include "internal/numbers.h" #include "internal/evp_int.h" -#include "kdf_local.h" +#include "internal/provider_ctx.h" +#include "internal/providercommonerr.h" +#include "internal/provider_algs.h" -struct evp_kdf_impl_st { +typedef struct { + void *provctx; EVP_MAC *mac; /* H(x) = HMAC_hash OR H(x) = KMAC */ - const EVP_MD *md; /* H(x) = hash OR when H(x) = HMAC_hash */ + EVP_MD *md; /* H(x) = hash OR when H(x) = HMAC_hash */ unsigned char *secret; size_t secret_len; unsigned char *info; @@ -56,7 +60,7 @@ struct evp_kdf_impl_st { unsigned char *salt; size_t salt_len; size_t out_len; /* optional KMAC parameter */ -}; +} KDF_SSKDF; #define SSKDF_MAX_INLEN (1<<30) #define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4) @@ -65,6 +69,16 @@ struct evp_kdf_impl_st { /* KMAC uses a Customisation string of 'KDF' */ static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 }; +static OSSL_OP_kdf_newctx_fn sskdf_new; +static OSSL_OP_kdf_freectx_fn sskdf_free; +static OSSL_OP_kdf_reset_fn sskdf_reset; +static OSSL_OP_kdf_derive_fn sskdf_derive; +static OSSL_OP_kdf_derive_fn x963kdf_derive; +static OSSL_OP_kdf_settable_ctx_params_fn sskdf_settable_ctx_params; +static OSSL_OP_kdf_set_ctx_params_fn sskdf_set_ctx_params; +static OSSL_OP_kdf_gettable_ctx_params_fn sskdf_gettable_ctx_params; +static OSSL_OP_kdf_get_ctx_params_fn sskdf_get_ctx_params; + /* * Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final * Section 4. One-Step Key Derivation using H(x) = hash(x) @@ -287,172 +301,68 @@ end: return ret; } -static EVP_KDF_IMPL *sskdf_new(void) +static void *sskdf_new(void *provctx) { - EVP_KDF_IMPL *impl; - - if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) - KDFerr(KDF_F_SSKDF_NEW, ERR_R_MALLOC_FAILURE); - return impl; -} + KDF_SSKDF *ctx; -static void sskdf_reset(EVP_KDF_IMPL *impl) -{ - OPENSSL_clear_free(impl->secret, impl->secret_len); - OPENSSL_clear_free(impl->info, impl->info_len); - OPENSSL_clear_free(impl->salt, impl->salt_len); - EVP_MAC_free(impl->mac); -#if 0 /* TODO(3.0) When we switch to fetched MDs */ - EVP_MD_meth_free(impl->md); -#endif - memset(impl, 0, sizeof(*impl)); + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + ctx->provctx = provctx; + return ctx; } -static void sskdf_free(EVP_KDF_IMPL *impl) +static void sskdf_reset(void *vctx) { - sskdf_reset(impl); - OPENSSL_free(impl); + KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + + EVP_MD_meth_free(ctx->md); + EVP_MAC_free(ctx->mac); + OPENSSL_clear_free(ctx->secret, ctx->secret_len); + OPENSSL_clear_free(ctx->info, ctx->info_len); + OPENSSL_clear_free(ctx->salt, ctx->salt_len); + memset(ctx, 0, sizeof(*ctx)); } -static int sskdf_set_buffer(va_list args, unsigned char **out, size_t *out_len) +static void sskdf_free(void *vctx) { - const unsigned char *p; - size_t len; + KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len == 0 || p == NULL) - return 1; - - OPENSSL_free(*out); - *out = OPENSSL_memdup(p, len); - if (*out == NULL) - return 0; - - *out_len = len; - return 1; + sskdf_reset(ctx); + OPENSSL_free(ctx); } -static int sskdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) +static int sskdf_set_buffer(unsigned char **out, size_t *out_len, + const OSSL_PARAM *p) { - const EVP_MD *md; - - switch (cmd) { - case EVP_KDF_CTRL_SET_KEY: - return sskdf_set_buffer(args, &impl->secret, &impl->secret_len); - - case EVP_KDF_CTRL_SET_SSKDF_INFO: - return sskdf_set_buffer(args, &impl->info, &impl->info_len); - - case EVP_KDF_CTRL_SET_MD: - md = va_arg(args, const EVP_MD *); - if (md == NULL) - return 0; - -#if 0 /* TODO(3.0) When we switch to fetched MDs */ - EVP_MD_meth_free(impl->md); -#endif - impl->md = md; + if (p->data == NULL || p->data_size == 0) return 1; - - case EVP_KDF_CTRL_SET_MAC: - { - const char *name; - EVP_MAC *mac; - - name = va_arg(args, const char *); - if (name == NULL) - return 0; - - EVP_MAC_free(impl->mac); - impl->mac = NULL; - - /* - * TODO(3.0) add support for OPENSSL_CTX and properties in KDFs - */ - mac = EVP_MAC_fetch(NULL, name, NULL); - if (mac == NULL) - return 0; - - impl->mac = mac; - return 1; - } - case EVP_KDF_CTRL_SET_SALT: - return sskdf_set_buffer(args, &impl->salt, &impl->salt_len); - - case EVP_KDF_CTRL_SET_MAC_SIZE: - impl->out_len = va_arg(args, size_t); - return 1; - - default: - return -2; - } -} - -static int sskdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, - const char *value) -{ - if (strcmp(type, "secret") == 0 || strcmp(type, "key") == 0) - return kdf_str2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_KEY, - value); - - if (strcmp(type, "hexsecret") == 0 || strcmp(type, "hexkey") == 0) - return kdf_hex2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_KEY, - value); - - if (strcmp(type, "info") == 0) - return kdf_str2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_SSKDF_INFO, - value); - - if (strcmp(type, "hexinfo") == 0) - return kdf_hex2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_SSKDF_INFO, - value); - - if (strcmp(type, "digest") == 0) - return kdf_md2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_MD, value); - - if (strcmp(type, "mac") == 0) - return kdf_str2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_MAC, value); - - if (strcmp(type, "salt") == 0) - return kdf_str2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_SALT, value); - - if (strcmp(type, "hexsalt") == 0) - return kdf_hex2ctrl(impl, sskdf_ctrl, EVP_KDF_CTRL_SET_SALT, value); - - - if (strcmp(type, "maclen") == 0) { - int val = atoi(value); - if (val < 0) { - KDFerr(KDF_F_SSKDF_CTRL_STR, KDF_R_VALUE_ERROR); - return 0; - } - return call_ctrl(sskdf_ctrl, impl, EVP_KDF_CTRL_SET_MAC_SIZE, - (size_t)val); - } - return -2; + OPENSSL_free(*out); + *out = NULL; + return OSSL_PARAM_get_octet_string(p, (void **)out, 0, out_len); } -static size_t sskdf_size(EVP_KDF_IMPL *impl) +static size_t sskdf_size(KDF_SSKDF *ctx) { int len; - if (impl->md == NULL) { - KDFerr(KDF_F_SSKDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST); + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - len = EVP_MD_size(impl->md); + len = EVP_MD_size(ctx->md); return (len <= 0) ? 0 : (size_t)len; } -static int sskdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen) +static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) { - if (impl->secret == NULL) { - KDFerr(KDF_F_SSKDF_DERIVE, KDF_R_MISSING_SECRET); + KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + + if (ctx->secret == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); return 0; } - if (impl->mac != NULL) { + if (ctx->mac != NULL) { /* H(x) = KMAC or H(x) = HMAC */ int ret; const unsigned char *custom = NULL; @@ -465,14 +375,14 @@ static int sskdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen) * Why does KMAC require a salt length that's shorter than the MD * block size? */ - macname = EVP_MAC_name(impl->mac); + macname = EVP_MAC_name(ctx->mac); if (strcmp(macname, OSSL_MAC_NAME_HMAC) == 0) { /* H(x) = HMAC(x, salt, hash) */ - if (impl->md == NULL) { - KDFerr(KDF_F_SSKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - default_salt_len = EVP_MD_block_size(impl->md); + default_salt_len = EVP_MD_block_size(ctx->md); if (default_salt_len <= 0) return 0; } else if (strcmp(macname, OSSL_MAC_NAME_KMAC128) == 0 @@ -485,74 +395,181 @@ static int sskdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen) else default_salt_len = SSKDF_KMAC256_DEFAULT_SALT_SIZE; } else { - KDFerr(KDF_F_SSKDF_DERIVE, KDF_R_UNSUPPORTED_MAC_TYPE); + ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_MAC_TYPE); return 0; } /* If no salt is set then use a default_salt of zeros */ - if (impl->salt == NULL || impl->salt_len <= 0) { - impl->salt = OPENSSL_zalloc(default_salt_len); - if (impl->salt == NULL) { - KDFerr(KDF_F_SSKDF_DERIVE, ERR_R_MALLOC_FAILURE); + if (ctx->salt == NULL || ctx->salt_len <= 0) { + ctx->salt = OPENSSL_zalloc(default_salt_len); + if (ctx->salt == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; } - impl->salt_len = default_salt_len; + ctx->salt_len = default_salt_len; } - ret = SSKDF_mac_kdm(impl->mac, impl->md, - custom, custom_len, impl->out_len, - impl->salt, impl->salt_len, - impl->secret, impl->secret_len, - impl->info, impl->info_len, key, keylen); + ret = SSKDF_mac_kdm(ctx->mac, ctx->md, + custom, custom_len, ctx->out_len, + ctx->salt, ctx->salt_len, + ctx->secret, ctx->secret_len, + ctx->info, ctx->info_len, key, keylen); return ret; } else { /* H(x) = hash */ - if (impl->md == NULL) { - KDFerr(KDF_F_SSKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - return SSKDF_hash_kdm(impl->md, impl->secret, impl->secret_len, - impl->info, impl->info_len, 0, key, keylen); + return SSKDF_hash_kdm(ctx->md, ctx->secret, ctx->secret_len, + ctx->info, ctx->info_len, 0, key, keylen); } } -static int x963kdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen) +static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen) { - if (impl->secret == NULL) { - KDFerr(KDF_F_X963KDF_DERIVE, KDF_R_MISSING_SECRET); + KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + + if (ctx->secret == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); return 0; } - if (impl->mac != NULL) { - KDFerr(KDF_F_X963KDF_DERIVE, KDF_R_NOT_SUPPORTED); + if (ctx->mac != NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED); return 0; } else { /* H(x) = hash */ - if (impl->md == NULL) { - KDFerr(KDF_F_X963KDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return 0; + } + return SSKDF_hash_kdm(ctx->md, ctx->secret, ctx->secret_len, + ctx->info, ctx->info_len, 1, key, keylen); + } +} + +static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KDF_SSKDF *ctx = vctx; + EVP_MD *md; + EVP_MAC *mac; + size_t sz; + const char *properties = NULL; + + /* Grab search properties, should be before the digest and mac lookups */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) + != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + properties = p->data; + } + /* Handle aliasing of digest parameter names */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, + properties); + if (md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); return 0; } - return SSKDF_hash_kdm(impl->md, impl->secret, impl->secret_len, - impl->info, impl->info_len, 1, key, keylen); + EVP_MD_meth_free(ctx->md); + ctx->md = md; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MAC)) != NULL) { + EVP_MAC_free(ctx->mac); + ctx->mac = NULL; + + mac = EVP_MAC_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, + properties); + if (mac == NULL) + return 0; + EVP_MAC_free(ctx->mac); + ctx->mac = mac; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL + || (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) + if (!sskdf_set_buffer(&ctx->secret, &ctx->secret_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) + if (!sskdf_set_buffer(&ctx->info, &ctx->info_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) + if (!sskdf_set_buffer(&ctx->salt, &ctx->salt_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MAC_SIZE)) + != NULL) { + if (!OSSL_PARAM_get_size_t(p, &sz) || sz == 0) + return 0; + ctx->out_len = sz; } + return 1; +} + +static const OSSL_PARAM *sskdf_settable_ctx_params(void) +{ + static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MAC, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), + OSSL_PARAM_size_t(OSSL_KDF_PARAM_MAC_SIZE, NULL), + OSSL_PARAM_END + }; + return known_settable_ctx_params; +} + +static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, sskdf_size(ctx)); + return -2; +} + +static const OSSL_PARAM *sskdf_gettable_ctx_params(void) +{ + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; } -const EVP_KDF ss_kdf_meth = { - EVP_KDF_SS, - sskdf_new, - sskdf_free, - sskdf_reset, - sskdf_ctrl, - sskdf_ctrl_str, - sskdf_size, - sskdf_derive +const OSSL_DISPATCH kdf_sskdf_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))sskdf_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))sskdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))sskdf_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))sskdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_get_ctx_params }, + { 0, NULL } }; -const EVP_KDF x963_kdf_meth = { - EVP_KDF_X963, - sskdf_new, - sskdf_free, - sskdf_reset, - sskdf_ctrl, - sskdf_ctrl_str, - sskdf_size, - x963kdf_derive +const OSSL_DISPATCH kdf_x963_kdf_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))x963kdf_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))sskdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))sskdf_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))sskdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_get_ctx_params }, + { 0, NULL } }; diff --git a/crypto/kdf/tls1_prf.c b/providers/common/kdfs/tls1_prf.c similarity index 57% rename from crypto/kdf/tls1_prf.c rename to providers/common/kdfs/tls1_prf.c index edd7f05ce0..38dbaddbf0 100644 --- a/crypto/kdf/tls1_prf.c +++ b/providers/common/kdfs/tls1_prf.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,16 +48,26 @@ #include #include #include -#include "internal/cryptlib.h" #include #include #include #include +#include "internal/cryptlib.h" +#include "internal/numbers.h" #include "internal/evp_int.h" -#include "kdf_local.h" - -static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl); -static int tls1_prf_alg(const EVP_MD *md, +#include "internal/provider_ctx.h" +#include "internal/providercommonerr.h" +#include "internal/provider_algs.h" +#include "e_os.h" + +static OSSL_OP_kdf_newctx_fn kdf_tls1_prf_new; +static OSSL_OP_kdf_freectx_fn kdf_tls1_prf_free; +static OSSL_OP_kdf_reset_fn kdf_tls1_prf_reset; +static OSSL_OP_kdf_derive_fn kdf_tls1_prf_derive; +static OSSL_OP_kdf_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params; +static OSSL_OP_kdf_set_ctx_params_fn kdf_tls1_prf_set_ctx_params; + +static int tls1_prf_alg(const EVP_MD *md, const EVP_MD *sha1, const unsigned char *sec, size_t slen, const unsigned char *seed, size_t seed_len, unsigned char *out, size_t olen); @@ -65,147 +75,184 @@ static int tls1_prf_alg(const EVP_MD *md, #define TLS1_PRF_MAXBUF 1024 /* TLS KDF kdf context structure */ - -struct evp_kdf_impl_st { +typedef struct { + void *provctx; /* Digest to use for PRF */ - const EVP_MD *md; + EVP_MD *md; + /* Second digest for the MD5/SHA-1 combined PRF */ + EVP_MD *sha1; /* Secret value to use for PRF */ unsigned char *sec; size_t seclen; /* Buffer of concatenated seed data */ unsigned char seed[TLS1_PRF_MAXBUF]; size_t seedlen; -}; +} TLS1_PRF; -static EVP_KDF_IMPL *kdf_tls1_prf_new(void) +static void *kdf_tls1_prf_new(void *provctx) { - EVP_KDF_IMPL *impl; + TLS1_PRF *ctx; - if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) - KDFerr(KDF_F_KDF_TLS1_PRF_NEW, ERR_R_MALLOC_FAILURE); - return impl; + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + ctx->provctx = provctx; + return ctx; } -static void kdf_tls1_prf_free(EVP_KDF_IMPL *impl) +static void kdf_tls1_prf_free(void *vctx) { - kdf_tls1_prf_reset(impl); - OPENSSL_free(impl); + TLS1_PRF *ctx = (TLS1_PRF *)vctx; + + kdf_tls1_prf_reset(ctx); + OPENSSL_free(ctx); } -static void kdf_tls1_prf_reset(EVP_KDF_IMPL *impl) +static void kdf_tls1_prf_reset(void *vctx) { - OPENSSL_clear_free(impl->sec, impl->seclen); - OPENSSL_cleanse(impl->seed, impl->seedlen); - memset(impl, 0, sizeof(*impl)); + TLS1_PRF *ctx = (TLS1_PRF *)vctx; + + EVP_MD_meth_free(ctx->sha1); + EVP_MD_meth_free(ctx->md); + OPENSSL_clear_free(ctx->sec, ctx->seclen); + OPENSSL_cleanse(ctx->seed, ctx->seedlen); + memset(ctx, 0, sizeof(*ctx)); } -static int kdf_tls1_prf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) +static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, + size_t keylen) { - const unsigned char *p; - size_t len; - const EVP_MD *md; - - switch (cmd) { - case EVP_KDF_CTRL_SET_MD: - md = va_arg(args, const EVP_MD *); - if (md == NULL) - return 0; + TLS1_PRF *ctx = (TLS1_PRF *)vctx; - impl->md = md; - return 1; + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return 0; + } + if (ctx->sec == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); + return 0; + } + if (ctx->seedlen == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SEED); + return 0; + } + return tls1_prf_alg(ctx->md, ctx->sha1, ctx->sec, ctx->seclen, + ctx->seed, ctx->seedlen, + key, keylen); +} - case EVP_KDF_CTRL_SET_TLS_SECRET: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - OPENSSL_clear_free(impl->sec, impl->seclen); - impl->sec = OPENSSL_memdup(p, len); - if (impl->sec == NULL) +static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + TLS1_PRF *ctx = vctx; + EVP_MD *md, *sha = NULL; + const char *properties = NULL, *name; + + /* Grab search properties, this should be before the digest lookup */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) + != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; - - impl->seclen = len; - return 1; - - case EVP_KDF_CTRL_RESET_TLS_SEED: - OPENSSL_cleanse(impl->seed, impl->seedlen); - impl->seedlen = 0; - return 1; - - case EVP_KDF_CTRL_ADD_TLS_SEED: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len == 0 || p == NULL) - return 1; - - if (len > (TLS1_PRF_MAXBUF - impl->seedlen)) + properties = p->data; + } + /* Handle aliasing of digest parameter names */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; + name = p->data; + if (strcasecmp(name, SN_md5_sha1) == 0) { + sha = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), SN_sha1, + properties); + if (sha == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOAD_SHA1); + return 0; + } + name = SN_md5; + } + md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), name, + properties); + if (md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + EVP_MD_meth_free(sha); + return 0; + } + EVP_MD_meth_free(ctx->sha1); + EVP_MD_meth_free(ctx->md); + ctx->md = md; + ctx->sha1 = sha; + } - memcpy(impl->seed + impl->seedlen, p, len); - impl->seedlen += len; - return 1; - - default: - return -2; + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) { + OPENSSL_clear_free(ctx->sec, ctx->seclen); + ctx->sec = NULL; + if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sec, 0, &ctx->seclen)) + return 0; } + /* The seed fields concatenate, so process them all */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SEED)) != NULL) { + OPENSSL_cleanse(ctx->seed, ctx->seedlen); + ctx->seedlen = 0; + + for (; p != NULL; p = OSSL_PARAM_locate_const(p + 1, + OSSL_KDF_PARAM_SEED)) { + const void *q = ctx->seed + ctx->seedlen; + size_t sz = 0; + + if (p->data_size != 0 + && p->data != NULL + && !OSSL_PARAM_get_octet_string(p, (void **)&q, + TLS1_PRF_MAXBUF - ctx->seedlen, + &sz)) + return 0; + ctx->seedlen += sz; + } + } + return 1; } -static int kdf_tls1_prf_ctrl_str(EVP_KDF_IMPL *impl, - const char *type, const char *value) +static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params(void) { - if (value == NULL) { - KDFerr(KDF_F_KDF_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING); - return 0; - } - if (strcmp(type, "digest") == 0) - return kdf_md2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_SET_MD, value); - - if (strcmp(type, "secret") == 0) - return kdf_str2ctrl(impl, kdf_tls1_prf_ctrl, - EVP_KDF_CTRL_SET_TLS_SECRET, value); - - if (strcmp(type, "hexsecret") == 0) - return kdf_hex2ctrl(impl, kdf_tls1_prf_ctrl, - EVP_KDF_CTRL_SET_TLS_SECRET, value); - - if (strcmp(type, "seed") == 0) - return kdf_str2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_ADD_TLS_SEED, - value); + static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SEED, NULL, 0), + OSSL_PARAM_END + }; + return known_settable_ctx_params; +} - if (strcmp(type, "hexseed") == 0) - return kdf_hex2ctrl(impl, kdf_tls1_prf_ctrl, EVP_KDF_CTRL_ADD_TLS_SEED, - value); +static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, SIZE_MAX); return -2; } -static int kdf_tls1_prf_derive(EVP_KDF_IMPL *impl, unsigned char *key, - size_t keylen) +static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(void) { - if (impl->md == NULL) { - KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); - return 0; - } - if (impl->sec == NULL) { - KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET); - return 0; - } - if (impl->seedlen == 0) { - KDFerr(KDF_F_KDF_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED); - return 0; - } - return tls1_prf_alg(impl->md, impl->sec, impl->seclen, - impl->seed, impl->seedlen, - key, keylen); + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; } -const EVP_KDF tls1_prf_kdf_meth = { - EVP_KDF_TLS1_PRF, - kdf_tls1_prf_new, - kdf_tls1_prf_free, - kdf_tls1_prf_reset, - kdf_tls1_prf_ctrl, - kdf_tls1_prf_ctrl_str, - NULL, - kdf_tls1_prf_derive +const OSSL_DISPATCH kdf_tls1_prf_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_tls1_prf_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_tls1_prf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_tls1_prf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_tls1_prf_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))kdf_tls1_prf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, + (void(*)(void))kdf_tls1_prf_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))kdf_tls1_prf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, + (void(*)(void))kdf_tls1_prf_get_ctx_params }, + { 0, NULL } }; /* @@ -335,12 +382,12 @@ static int tls1_prf_P_hash(const EVP_MD *md, * * PRF(secret, label, seed) = P_(secret, label + seed) */ -static int tls1_prf_alg(const EVP_MD *md, +static int tls1_prf_alg(const EVP_MD *md, const EVP_MD *sha1, const unsigned char *sec, size_t slen, const unsigned char *seed, size_t seed_len, unsigned char *out, size_t olen) { - if (EVP_MD_type(md) == NID_md5_sha1) { + if (sha1 != NULL) { /* TLS v1.0 and TLS v1.1 */ size_t i; unsigned char *tmp; @@ -348,15 +395,15 @@ static int tls1_prf_alg(const EVP_MD *md, size_t L_S1 = (slen + 1) / 2; size_t L_S2 = L_S1; - if (!tls1_prf_P_hash(EVP_md5(), sec, L_S1, + if (!tls1_prf_P_hash(md, sec, L_S1, seed, seed_len, out, olen)) return 0; if ((tmp = OPENSSL_malloc(olen)) == NULL) { - KDFerr(KDF_F_TLS1_PRF_ALG, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; } - if (!tls1_prf_P_hash(EVP_sha1(), sec + slen - L_S2, L_S2, + if (!tls1_prf_P_hash(sha1, sec + slen - L_S2, L_S2, seed, seed_len, tmp, olen)) { OPENSSL_clear_free(tmp, olen); return 0; diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index ed1d930712..b9895593b9 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -17,6 +17,10 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_ENCODING), "bad encoding"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_LENGTH), "bad length"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BOTH_MODE_AND_MODE_INT), + "both mode and mode int"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED), "cipher operation failed"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GENERATE_KEY), @@ -25,19 +29,40 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "failed to get parameter"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), "failed to set parameter"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INAVLID_UKM_LENGTH), + "inavlid ukm length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CUSTOM_LENGTH), "invalid custom length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DATA), "invalid data"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST), "invalid digest"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT), + "invalid iteration count"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IVLEN), "invalid ivlen"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEYLEN), "invalid keylen"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY_LEN), "invalid key len"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY_LENGTH), "invalid key length"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE), "invalid mode"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE_INT), "invalid mode int"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH), "invalid salt length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CEK_ALG), "missing cek alg"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_KEY), "missing key"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MESSAGE_DIGEST), + "missing message digest"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_PASS), "missing pass"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SALT), "missing salt"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SECRET), "missing secret"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SEED), "missing seed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SESSION_ID), + "missing session id"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_TYPE), "missing type"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_XCGHASH), "missing xcghash"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_SUPPORTED), "not supported"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_XOF_OR_INVALID_LENGTH), "not xof or invalid length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_KEY_SET), "no key set"}, @@ -45,8 +70,19 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "output buffer too small"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOTSET), "tag notset"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_NEEDED), "tag not needed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOAD_SHA1), + "unable to load sha1"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOAD_SHA256), + "unable to load sha256"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_CEK_ALG), + "unsupported cek alg"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNSUPPORTED_MAC_TYPE), + "unsupported mac type"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_VALUE_ERROR), "value error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_OUTPUT_BUFFER_SIZE), + "wrong output buffer size"}, {0, NULL} }; diff --git a/providers/default/build.info b/providers/default/build.info index f0a6c5c742..ca78cce0a8 100644 --- a/providers/default/build.info +++ b/providers/default/build.info @@ -1,4 +1,5 @@ SUBDIRS=digests macs ciphers +SUBDIRS=digests kdfs macs ciphers LIBS=../../libcrypto SOURCE[../../libcrypto]=\ defltprov.c diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index c481171a78..8a950482c8 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -211,6 +211,22 @@ static const OSSL_ALGORITHM deflt_macs[] = { { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM deflt_kdfs[] = { + { "HKDF", "default=yes", kdf_hkdf_functions }, + { "SSKDF", "default=yes", kdf_sskdf_functions }, + { "PBKDF2", "default=yes", kdf_pbkdf2_functions }, + { "SSHKDF", "default=yes", kdf_sshkdf_functions }, + { "X963KDF", "default=yes", kdf_x963_kdf_functions }, + { "TLS1-PRF", "default=yes", kdf_tls1_prf_functions }, +#ifndef OPENSSL_NO_CMS + { "X942KDF", "default=yes", kdf_x942_kdf_functions }, +#endif +#ifndef OPENSSL_NO_SCRYPT + { "id-scrypt", "default=yes", kdf_scrypt_functions }, +#endif + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM deflt_keyexch[] = { #ifndef OPENSSL_NO_DH { "dhKeyAgreement", "default=yes", dh_keyexch_functions }, @@ -237,6 +253,8 @@ static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, return deflt_ciphers; case OSSL_OP_MAC: return deflt_macs; + case OSSL_OP_KDF: + return deflt_kdfs; case OSSL_OP_KEYMGMT: return deflt_keymgmt; case OSSL_OP_KEYEXCH: diff --git a/providers/default/kdfs/build.info b/providers/default/kdfs/build.info new file mode 100644 index 0000000000..27047c5286 --- /dev/null +++ b/providers/default/kdfs/build.info @@ -0,0 +1,3 @@ +LIBS=../../../libcrypto +SOURCE[../../../libcrypto]=scrypt.c sshkdf.c x942kdf.c +INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/crypto/kdf/scrypt.c b/providers/default/kdfs/scrypt.c similarity index 56% rename from crypto/kdf/scrypt.c rename to providers/default/kdfs/scrypt.c index 29ceeb3ad9..abb4437d70 100644 --- a/crypto/kdf/scrypt.c +++ b/providers/default/kdfs/scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,115 +13,128 @@ #include #include #include +#include #include "internal/evp_int.h" #include "internal/numbers.h" -#include "kdf_local.h" +#include "internal/provider_algs.h" +#include "internal/provider_ctx.h" +#include "internal/providercommonerr.h" +#include "internal/provider_algs.h" #ifndef OPENSSL_NO_SCRYPT -static void kdf_scrypt_reset(EVP_KDF_IMPL *impl); -static void kdf_scrypt_init(EVP_KDF_IMPL *impl); -static int atou64(const char *nptr, uint64_t *result); +static OSSL_OP_kdf_newctx_fn kdf_scrypt_new; +static OSSL_OP_kdf_freectx_fn kdf_scrypt_free; +static OSSL_OP_kdf_reset_fn kdf_scrypt_reset; +static OSSL_OP_kdf_derive_fn kdf_scrypt_derive; +static OSSL_OP_kdf_settable_ctx_params_fn kdf_scrypt_settable_ctx_params; +static OSSL_OP_kdf_set_ctx_params_fn kdf_scrypt_set_ctx_params; + static int scrypt_alg(const char *pass, size_t passlen, const unsigned char *salt, size_t saltlen, uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen); + unsigned char *key, size_t keylen, EVP_MD *sha256); -struct evp_kdf_impl_st { +typedef struct { + void *provctx; unsigned char *pass; size_t pass_len; unsigned char *salt; size_t salt_len; uint64_t N; - uint32_t r, p; + uint64_t r, p; uint64_t maxmem_bytes; -}; - -/* Custom uint64_t parser since we do not have strtoull */ -static int atou64(const char *nptr, uint64_t *result) -{ - uint64_t value = 0; - - while (*nptr) { - unsigned int digit; - uint64_t new_value; + EVP_MD *sha256; +} KDF_SCRYPT; - if ((*nptr < '0') || (*nptr > '9')) { - return 0; - } - digit = (unsigned int)(*nptr - '0'); - new_value = (value * 10) + digit; - if ((new_value < digit) || ((new_value - digit) / 10 != value)) { - /* Overflow */ - return 0; - } - value = new_value; - nptr++; - } - *result = value; - return 1; -} +static void kdf_scrypt_init(KDF_SCRYPT *ctx); -static EVP_KDF_IMPL *kdf_scrypt_new(void) +static void *kdf_scrypt_new(void *provctx) { - EVP_KDF_IMPL *impl; + KDF_SCRYPT *ctx; - impl = OPENSSL_zalloc(sizeof(*impl)); - if (impl == NULL) { - KDFerr(KDF_F_KDF_SCRYPT_NEW, ERR_R_MALLOC_FAILURE); + ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + ctx->provctx = provctx; + ctx->sha256 = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(provctx), + "sha256", NULL); + if (ctx->sha256 == NULL) { + OPENSSL_free(ctx); + ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOAD_SHA256); return NULL; } - kdf_scrypt_init(impl); - return impl; + kdf_scrypt_init(ctx); + return ctx; } -static void kdf_scrypt_free(EVP_KDF_IMPL *impl) +static void kdf_scrypt_free(void *vctx) { - kdf_scrypt_reset(impl); - OPENSSL_free(impl); + KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; + + EVP_MD_meth_free(ctx->sha256); + kdf_scrypt_reset(ctx); + OPENSSL_free(ctx); } -static void kdf_scrypt_reset(EVP_KDF_IMPL *impl) +static void kdf_scrypt_reset(void *vctx) { - OPENSSL_free(impl->salt); - OPENSSL_clear_free(impl->pass, impl->pass_len); - memset(impl, 0, sizeof(*impl)); - kdf_scrypt_init(impl); + KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; + + OPENSSL_free(ctx->salt); + OPENSSL_clear_free(ctx->pass, ctx->pass_len); + kdf_scrypt_init(ctx); } -static void kdf_scrypt_init(EVP_KDF_IMPL *impl) +static void kdf_scrypt_init(KDF_SCRYPT *ctx) { /* Default values are the most conservative recommendation given in the * original paper of C. Percival. Derivation uses roughly 1 GiB of memory * for this parameter choice (approx. 128 * r * N * p bytes). */ - impl->N = 1 << 20; - impl->r = 8; - impl->p = 1; - impl->maxmem_bytes = 1025 * 1024 * 1024; + ctx->N = 1 << 20; + ctx->r = 8; + ctx->p = 1; + ctx->maxmem_bytes = 1025 * 1024 * 1024; } static int scrypt_set_membuf(unsigned char **buffer, size_t *buflen, - const unsigned char *new_buffer, - size_t new_buflen) + const OSSL_PARAM *p) { - if (new_buffer == NULL) - return 1; - OPENSSL_clear_free(*buffer, *buflen); + if (p->data_size == 0) { + if ((*buffer = OPENSSL_malloc(1)) == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return 0; + } + } else if (p->data != NULL) { + *buffer = NULL; + if (!OSSL_PARAM_get_octet_string(p, (void **)buffer, 0, buflen)) + return 0; + } + return 1; +} + +static int kdf_scrypt_derive(void *vctx, unsigned char *key, + size_t keylen) +{ + KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; - if (new_buflen > 0) { - *buffer = OPENSSL_memdup(new_buffer, new_buflen); - } else { - *buffer = OPENSSL_malloc(1); + if (ctx->pass == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_PASS); + return 0; } - if (*buffer == NULL) { - KDFerr(KDF_F_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE); + + if (ctx->salt == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SALT); return 0; } - *buflen = new_buflen; - return 1; + return scrypt_alg((char *)ctx->pass, ctx->pass_len, ctx->salt, + ctx->salt_len, ctx->N, ctx->r, ctx->p, + ctx->maxmem_bytes, key, keylen, ctx->sha256); } static int is_power_of_two(uint64_t value) @@ -129,152 +142,96 @@ static int is_power_of_two(uint64_t value) return (value != 0) && ((value & (value - 1)) == 0); } -static int kdf_scrypt_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) +static int kdf_scrypt_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { + const OSSL_PARAM *p; + KDF_SCRYPT *ctx = vctx; uint64_t u64_value; - uint32_t value; - const unsigned char *p; - size_t len; - - switch (cmd) { - case EVP_KDF_CTRL_SET_PASS: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - return scrypt_set_membuf(&impl->pass, &impl->pass_len, p, len); - - case EVP_KDF_CTRL_SET_SALT: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - return scrypt_set_membuf(&impl->salt, &impl->salt_len, p, len); - - case EVP_KDF_CTRL_SET_SCRYPT_N: - u64_value = va_arg(args, uint64_t); - if ((u64_value <= 1) || !is_power_of_two(u64_value)) - return 0; - impl->N = u64_value; - return 1; - - case EVP_KDF_CTRL_SET_SCRYPT_R: - value = va_arg(args, uint32_t); - if (value < 1) + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) + if (!scrypt_set_membuf(&ctx->pass, &ctx->pass_len, p)) return 0; - impl->r = value; - return 1; - - case EVP_KDF_CTRL_SET_SCRYPT_P: - value = va_arg(args, uint32_t); - if (value < 1) + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) + if (!scrypt_set_membuf(&ctx->salt, &ctx->salt_len, p)) return 0; - impl->p = value; - return 1; - - case EVP_KDF_CTRL_SET_MAXMEM_BYTES: - u64_value = va_arg(args, uint64_t); - if (u64_value < 1) + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SCRYPT_N)) + != NULL) { + if (!OSSL_PARAM_get_uint64(p, &u64_value) + || u64_value <= 1 + || !is_power_of_two(u64_value)) return 0; + ctx->N = u64_value; + } - impl->maxmem_bytes = u64_value; - return 1; - - default: - return -2; + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SCRYPT_R)) + != NULL) { + if (!OSSL_PARAM_get_uint64(p, &u64_value) || u64_value < 1) + return 0; + ctx->r = u64_value; } -} -static int kdf_scrypt_ctrl_uint32(EVP_KDF_IMPL *impl, int cmd, - const char *value) -{ - int int_value = atoi(value); + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SCRYPT_P)) + != NULL) { + if (!OSSL_PARAM_get_uint64(p, &u64_value) || u64_value < 1) + return 0; + ctx->p = u64_value; + } - if (int_value < 0 || (uint64_t)int_value > UINT32_MAX) { - KDFerr(KDF_F_KDF_SCRYPT_CTRL_UINT32, KDF_R_VALUE_ERROR); - return 0; + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SCRYPT_MAXMEM)) + != NULL) { + if (!OSSL_PARAM_get_uint64(p, &u64_value) || u64_value < 1) + return 0; + ctx->maxmem_bytes = u64_value; } - return call_ctrl(kdf_scrypt_ctrl, impl, cmd, (uint32_t)int_value); + return 1; } -static int kdf_scrypt_ctrl_uint64(EVP_KDF_IMPL *impl, int cmd, - const char *value) +static const OSSL_PARAM *kdf_scrypt_settable_ctx_params(void) { - uint64_t u64_value; - - if (!atou64(value, &u64_value)) { - KDFerr(KDF_F_KDF_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR); - return 0; - } - return call_ctrl(kdf_scrypt_ctrl, impl, cmd, u64_value); + static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PASSWORD, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), + OSSL_PARAM_uint64(OSSL_KDF_PARAM_SCRYPT_N, NULL), + OSSL_PARAM_uint32(OSSL_KDF_PARAM_SCRYPT_R, NULL), + OSSL_PARAM_uint32(OSSL_KDF_PARAM_SCRYPT_P, NULL), + OSSL_PARAM_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, NULL), + OSSL_PARAM_END + }; + return known_settable_ctx_params; } -static int kdf_scrypt_ctrl_str(EVP_KDF_IMPL *impl, const char *type, - const char *value) +static int kdf_scrypt_get_ctx_params(void *vctx, OSSL_PARAM params[]) { - if (value == NULL) { - KDFerr(KDF_F_KDF_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING); - return 0; - } - - if (strcmp(type, "pass") == 0) - return kdf_str2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_PASS, - value); - - if (strcmp(type, "hexpass") == 0) - return kdf_hex2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_PASS, - value); - - if (strcmp(type, "salt") == 0) - return kdf_str2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_SALT, - value); - - if (strcmp(type, "hexsalt") == 0) - return kdf_hex2ctrl(impl, kdf_scrypt_ctrl, EVP_KDF_CTRL_SET_SALT, - value); - - if (strcmp(type, "N") == 0) - return kdf_scrypt_ctrl_uint64(impl, EVP_KDF_CTRL_SET_SCRYPT_N, value); - - if (strcmp(type, "r") == 0) - return kdf_scrypt_ctrl_uint32(impl, EVP_KDF_CTRL_SET_SCRYPT_R, value); - - if (strcmp(type, "p") == 0) - return kdf_scrypt_ctrl_uint32(impl, EVP_KDF_CTRL_SET_SCRYPT_P, value); - - if (strcmp(type, "maxmem_bytes") == 0) - return kdf_scrypt_ctrl_uint64(impl, EVP_KDF_CTRL_SET_MAXMEM_BYTES, - value); + OSSL_PARAM *p; + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, SIZE_MAX); return -2; } -static int kdf_scrypt_derive(EVP_KDF_IMPL *impl, unsigned char *key, - size_t keylen) +static const OSSL_PARAM *kdf_scrypt_gettable_ctx_params(void) { - if (impl->pass == NULL) { - KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_PASS); - return 0; - } - - if (impl->salt == NULL) { - KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_SALT); - return 0; - } - - return scrypt_alg((char *)impl->pass, impl->pass_len, impl->salt, - impl->salt_len, impl->N, impl->r, impl->p, - impl->maxmem_bytes, key, keylen); + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; } -const EVP_KDF scrypt_kdf_meth = { - EVP_KDF_SCRYPT, - kdf_scrypt_new, - kdf_scrypt_free, - kdf_scrypt_reset, - kdf_scrypt_ctrl, - kdf_scrypt_ctrl_str, - NULL, - kdf_scrypt_derive +const OSSL_DISPATCH kdf_scrypt_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_scrypt_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_scrypt_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_scrypt_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_scrypt_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))kdf_scrypt_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_scrypt_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))kdf_scrypt_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_scrypt_get_ctx_params }, + { 0, NULL } }; #define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) @@ -400,7 +357,7 @@ static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, static int scrypt_alg(const char *pass, size_t passlen, const unsigned char *salt, size_t saltlen, uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen) + unsigned char *key, size_t keylen, EVP_MD *sha256) { int rv = 0; unsigned char *B; @@ -484,14 +441,14 @@ static int scrypt_alg(const char *pass, size_t passlen, X = (uint32_t *)(B + Blen); T = X + 32 * r; V = T + 32 * r; - if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), + if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, sha256, (int)Blen, B) == 0) goto err; for (i = 0; i < p; i++) scryptROMix(B + 128 * r * i, r, N, X, T, V); - if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(), + if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, sha256, keylen, key) == 0) goto err; rv = 1; diff --git a/providers/default/kdfs/sshkdf.c b/providers/default/kdfs/sshkdf.c new file mode 100644 index 0000000000..da59aaf861 --- /dev/null +++ b/providers/default/kdfs/sshkdf.c @@ -0,0 +1,297 @@ +/* + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include "internal/cryptlib.h" +#include "internal/numbers.h" +#include "internal/evp_int.h" +#include "internal/provider_ctx.h" +#include "internal/providercommonerr.h" +#include "internal/provider_algs.h" + +/* See RFC 4253, Section 7.2 */ +static OSSL_OP_kdf_newctx_fn kdf_sshkdf_new; +static OSSL_OP_kdf_freectx_fn kdf_sshkdf_free; +static OSSL_OP_kdf_reset_fn kdf_sshkdf_reset; +static OSSL_OP_kdf_derive_fn kdf_sshkdf_derive; +static OSSL_OP_kdf_settable_ctx_params_fn kdf_sshkdf_settable_ctx_params; +static OSSL_OP_kdf_set_ctx_params_fn kdf_sshkdf_set_ctx_params; +static OSSL_OP_kdf_gettable_ctx_params_fn kdf_sshkdf_gettable_ctx_params; +static OSSL_OP_kdf_get_ctx_params_fn kdf_sshkdf_get_ctx_params; + +static int SSHKDF(const EVP_MD *evp_md, + const unsigned char *key, size_t key_len, + const unsigned char *xcghash, size_t xcghash_len, + const unsigned char *session_id, size_t session_id_len, + char type, unsigned char *okey, size_t okey_len); + +typedef struct { + void *provctx; + EVP_MD *md; + unsigned char *key; /* K */ + size_t key_len; + unsigned char *xcghash; /* H */ + size_t xcghash_len; + char type; /* X */ + unsigned char *session_id; + size_t session_id_len; +} KDF_SSHKDF; + +static void *kdf_sshkdf_new(void *provctx) +{ + KDF_SSHKDF *ctx; + + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + ctx->provctx = provctx; + return ctx; +} + +static void kdf_sshkdf_free(void *vctx) +{ + KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; + + kdf_sshkdf_reset(ctx); + OPENSSL_free(ctx); +} + +static void kdf_sshkdf_reset(void *vctx) +{ + KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; + + EVP_MD_meth_free(ctx->md); + OPENSSL_clear_free(ctx->key, ctx->key_len); + OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len); + OPENSSL_clear_free(ctx->session_id, ctx->session_id_len); + memset(ctx, 0, sizeof(*ctx)); +} + +static int sshkdf_set_membuf(unsigned char **dst, size_t *dst_len, + const OSSL_PARAM *p) +{ + OPENSSL_clear_free(*dst, *dst_len); + *dst = NULL; + return OSSL_PARAM_get_octet_string(p, (void **)dst, 0, dst_len); +} + +static int kdf_sshkdf_derive(void *vctx, unsigned char *key, + size_t keylen) +{ + KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; + + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return 0; + } + if (ctx->key == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); + return 0; + } + if (ctx->xcghash == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_XCGHASH); + return 0; + } + if (ctx->session_id == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SESSION_ID); + return 0; + } + if (ctx->type == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE); + return 0; + } + return SSHKDF(ctx->md, ctx->key, ctx->key_len, + ctx->xcghash, ctx->xcghash_len, + ctx->session_id, ctx->session_id_len, + ctx->type, key, keylen); +} + +static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KDF_SSHKDF *ctx = vctx; + EVP_MD *md; + int t; + const char *properties = NULL; + + /* Grab search properties, this should be before the digest lookup */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) + != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + properties = p->data; + } + /* Handle aliasing of digest parameter names */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, + properties); + if (md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return 0; + } + EVP_MD_meth_free(ctx->md); + ctx->md = md; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) + if (!sshkdf_set_membuf(&ctx->key, &ctx->key_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_XCGHASH)) + != NULL) + if (!sshkdf_set_membuf(&ctx->xcghash, &ctx->xcghash_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_SESSION_ID)) + != NULL) + if (!sshkdf_set_membuf(&ctx->session_id, &ctx->session_id_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_TYPE)) + != NULL) { + if (p->data == NULL || p->data_size == 0) + return 0; + t = *(unsigned char *)p->data; + if (t < 65 || t > 70) { + ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR); + return 0; + } + ctx->type = (char)t; + } + return 1; +} + +static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(void) +{ + static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, NULL, 0), + OSSL_PARAM_END + }; + return known_settable_ctx_params; +} + +static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, SIZE_MAX); + return -2; +} + +static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(void) +{ + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +} + +const OSSL_DISPATCH kdf_sshkdf_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_sshkdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_sshkdf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_sshkdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_sshkdf_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))kdf_sshkdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_sshkdf_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))kdf_sshkdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_sshkdf_get_ctx_params }, + { 0, NULL } +}; + +static int SSHKDF(const EVP_MD *evp_md, + const unsigned char *key, size_t key_len, + const unsigned char *xcghash, size_t xcghash_len, + const unsigned char *session_id, size_t session_id_len, + char type, unsigned char *okey, size_t okey_len) +{ + EVP_MD_CTX *md = NULL; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dsize = 0; + size_t cursize = 0; + int ret = 0; + + md = EVP_MD_CTX_new(); + if (md == NULL) + return 0; + + if (!EVP_DigestInit_ex(md, evp_md, NULL)) + goto out; + + if (!EVP_DigestUpdate(md, key, key_len)) + goto out; + + if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) + goto out; + + if (!EVP_DigestUpdate(md, &type, 1)) + goto out; + + if (!EVP_DigestUpdate(md, session_id, session_id_len)) + goto out; + + if (!EVP_DigestFinal_ex(md, digest, &dsize)) + goto out; + + if (okey_len < dsize) { + memcpy(okey, digest, okey_len); + ret = 1; + goto out; + } + + memcpy(okey, digest, dsize); + + for (cursize = dsize; cursize < okey_len; cursize += dsize) { + + if (!EVP_DigestInit_ex(md, evp_md, NULL)) + goto out; + + if (!EVP_DigestUpdate(md, key, key_len)) + goto out; + + if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) + goto out; + + if (!EVP_DigestUpdate(md, okey, cursize)) + goto out; + + if (!EVP_DigestFinal_ex(md, digest, &dsize)) + goto out; + + if (okey_len < cursize + dsize) { + memcpy(okey + cursize, digest, okey_len - cursize); + ret = 1; + goto out; + } + + memcpy(okey + cursize, digest, dsize); + } + + ret = 1; + +out: + EVP_MD_CTX_free(md); + OPENSSL_cleanse(digest, EVP_MAX_MD_SIZE); + return ret; +} + diff --git a/crypto/kdf/x942kdf.c b/providers/default/kdfs/x942kdf.c similarity index 57% rename from crypto/kdf/x942kdf.c rename to providers/default/kdfs/x942kdf.c index ce9ad61035..af2b4a8db4 100644 --- a/crypto/kdf/x942kdf.c +++ b/providers/default/kdfs/x942kdf.c @@ -21,21 +21,35 @@ # include # include # include +# include # include "internal/cryptlib.h" +# include "internal/numbers.h" # include "internal/evp_int.h" -# include "kdf_local.h" +# include "internal/provider_ctx.h" +# include "internal/providercommonerr.h" +# include "internal/provider_algs.h" # define X942KDF_MAX_INLEN (1 << 30) -struct evp_kdf_impl_st { - const EVP_MD *md; +static OSSL_OP_kdf_newctx_fn x942kdf_new; +static OSSL_OP_kdf_freectx_fn x942kdf_free; +static OSSL_OP_kdf_reset_fn x942kdf_reset; +static OSSL_OP_kdf_derive_fn x942kdf_derive; +static OSSL_OP_kdf_settable_ctx_params_fn x942kdf_settable_ctx_params; +static OSSL_OP_kdf_set_ctx_params_fn x942kdf_set_ctx_params; +static OSSL_OP_kdf_gettable_ctx_params_fn x942kdf_gettable_ctx_params; +static OSSL_OP_kdf_get_ctx_params_fn x942kdf_get_ctx_params; + +typedef struct { + void *provctx; + EVP_MD *md; unsigned char *secret; size_t secret_len; int cek_nid; unsigned char *ukm; size_t ukm_len; size_t dkm_len; -}; +} KDF_X942; /* A table of allowed wrapping algorithms and the associated output lengths */ static const struct { @@ -177,7 +191,7 @@ static int x942kdf_hash_kdm(const EVP_MD *kdf_md, if (z_len > X942KDF_MAX_INLEN || other_len > X942KDF_MAX_INLEN || derived_key_len > X942KDF_MAX_INLEN || derived_key_len == 0) { - KDFerr(KDF_F_X942KDF_HASH_KDM, KDF_R_BAD_LENGTH); + ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); return 0; } @@ -227,181 +241,200 @@ end: return ret; } -static EVP_KDF_IMPL *x942kdf_new(void) +static void *x942kdf_new(void *provctx) { - EVP_KDF_IMPL *impl; + KDF_X942 *ctx; - if ((impl = OPENSSL_zalloc(sizeof(*impl))) == NULL) - KDFerr(KDF_F_X942KDF_NEW, ERR_R_MALLOC_FAILURE); - return impl; + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + ctx->provctx = provctx; + return ctx; } -static void x942kdf_reset(EVP_KDF_IMPL *impl) +static void x942kdf_reset(void *vctx) { - OPENSSL_clear_free(impl->secret, impl->secret_len); - OPENSSL_clear_free(impl->ukm, impl->ukm_len); - memset(impl, 0, sizeof(*impl)); -} + KDF_X942 *ctx = (KDF_X942 *)vctx; -static void x942kdf_free(EVP_KDF_IMPL *impl) -{ - x942kdf_reset(impl); - OPENSSL_free(impl); + EVP_MD_meth_free(ctx->md); + OPENSSL_clear_free(ctx->secret, ctx->secret_len); + OPENSSL_clear_free(ctx->ukm, ctx->ukm_len); + memset(ctx, 0, sizeof(*ctx)); } -static int x942kdf_set_buffer(va_list args, unsigned char **out, size_t *out_len) +static void x942kdf_free(void *vctx) { - const unsigned char *p; - size_t len; - - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len == 0 || p == NULL) - return 1; - - OPENSSL_free(*out); - *out = OPENSSL_memdup(p, len); - if (*out == NULL) - return 0; + KDF_X942 *ctx = (KDF_X942 *)vctx; - *out_len = len; - return 1; + x942kdf_reset(ctx); + OPENSSL_free(ctx); } -static int x942kdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) +static int x942kdf_set_buffer(unsigned char **out, size_t *out_len, + const OSSL_PARAM *p) { - const EVP_MD *md; - char *alg_str = NULL; - size_t i; - - switch (cmd) { - case EVP_KDF_CTRL_SET_MD: - md = va_arg(args, const EVP_MD *); - if (md == NULL) - return 0; - - impl->md = md; + if (p->data_size == 0 || p->data == NULL) return 1; - case EVP_KDF_CTRL_SET_KEY: - return x942kdf_set_buffer(args, &impl->secret, &impl->secret_len); - - case EVP_KDF_CTRL_SET_UKM: - return x942kdf_set_buffer(args, &impl->ukm, &impl->ukm_len); - - case EVP_KDF_CTRL_SET_CEK_ALG: - alg_str = va_arg(args, char *); - if (alg_str == NULL) - return 0; - impl->cek_nid = OBJ_sn2nid(alg_str); - for (i = 0; i < (size_t)OSSL_NELEM(kek_algs); ++i) { - if (kek_algs[i].nid == impl->cek_nid) { - impl->dkm_len = kek_algs[i].keklen; - return 1; - } - } - KDFerr(KDF_F_X942KDF_CTRL, KDF_R_UNSUPPORTED_CEK_ALG); - return 0; - - default: - return -2; - } -} - -static int x942kdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, - const char *value) -{ - if (strcmp(type, "digest") == 0) - return kdf_md2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_MD, value); - - if (strcmp(type, "secret") == 0 || strcmp(type, "key") == 0) - return kdf_str2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_KEY, - value); - - if (strcmp(type, "hexsecret") == 0 || strcmp(type, "hexkey") == 0) - return kdf_hex2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_KEY, - value); - - if (strcmp(type, "ukm") == 0) - return kdf_str2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_UKM, - value); - - if (strcmp(type, "hexukm") == 0) - return kdf_hex2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_UKM, - value); - - if (strcmp(type, "cekalg") == 0) - return kdf_str2ctrl(impl, x942kdf_ctrl, EVP_KDF_CTRL_SET_CEK_ALG, - value); - - return -2; + OPENSSL_free(*out); + *out = NULL; + return OSSL_PARAM_get_octet_string(p, (void **)out, 0, out_len); } -static size_t x942kdf_size(EVP_KDF_IMPL *impl) +static size_t x942kdf_size(KDF_X942 *ctx) { int len; - if (impl->md == NULL) { - KDFerr(KDF_F_X942KDF_SIZE, KDF_R_MISSING_MESSAGE_DIGEST); + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - len = EVP_MD_size(impl->md); + len = EVP_MD_size(ctx->md); return (len <= 0) ? 0 : (size_t)len; } -static int x942kdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen) +static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen) { + KDF_X942 *ctx = (KDF_X942 *)vctx; int ret = 0; unsigned char *ctr; unsigned char *der = NULL; size_t der_len = 0; - if (impl->secret == NULL) { - KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_MISSING_SECRET); + if (ctx->secret == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); return 0; } - if (impl->md == NULL) { - KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + if (ctx->md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - if (impl->cek_nid == NID_undef) { - KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_MISSING_CEK_ALG); + if (ctx->cek_nid == NID_undef) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CEK_ALG); return 0; } - if (impl->ukm != NULL && impl->ukm_len >= X942KDF_MAX_INLEN) { + if (ctx->ukm != NULL && ctx->ukm_len >= X942KDF_MAX_INLEN) { /* * Note the ukm length MUST be 512 bits. * For backwards compatibility the old check is being done. */ - KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_INAVLID_UKM_LEN); + ERR_raise(ERR_LIB_PROV, PROV_R_INAVLID_UKM_LENGTH); return 0; } - if (keylen != impl->dkm_len) { - KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_MISSING_CEK_ALG); + if (keylen != ctx->dkm_len) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CEK_ALG); return 0; } /* generate the otherinfo der */ - if (!x942_encode_otherinfo(impl->cek_nid, impl->dkm_len, - impl->ukm, impl->ukm_len, + if (!x942_encode_otherinfo(ctx->cek_nid, ctx->dkm_len, + ctx->ukm, ctx->ukm_len, &der, &der_len, &ctr)) { - KDFerr(KDF_F_X942KDF_DERIVE, KDF_R_BAD_ENCODING); + ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING); return 0; } - ret = x942kdf_hash_kdm(impl->md, impl->secret, impl->secret_len, + ret = x942kdf_hash_kdm(ctx->md, ctx->secret, ctx->secret_len, der, der_len, ctr, key, keylen); OPENSSL_free(der); return ret; } -const EVP_KDF x942_kdf_meth = { - EVP_KDF_X942, - x942kdf_new, - x942kdf_free, - x942kdf_reset, - x942kdf_ctrl, - x942kdf_ctrl_str, - x942kdf_size, - x942kdf_derive +static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + KDF_X942 *ctx = vctx; + EVP_MD *md; + const char *properties = NULL; + size_t i; + + /* Grab search properties, this should be before the digest lookup */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) + != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + properties = p->data; + } + /* Handle aliasing of digest parameter names */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, + properties); + if (md == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + return 0; + } + EVP_MD_meth_free(ctx->md); + ctx->md = md; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL + || (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) + if (!x942kdf_set_buffer(&ctx->secret, &ctx->secret_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_UKM)) != NULL) + if (!x942kdf_set_buffer(&ctx->ukm, &ctx->ukm_len, p)) + return 0; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + ctx->cek_nid = OBJ_sn2nid(p->data); + for (i = 0; i < OSSL_NELEM(kek_algs); i++) + if (kek_algs[i].nid == ctx->cek_nid) + goto cek_found; + ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_CEK_ALG); + return 0; +cek_found: + ctx->dkm_len = kek_algs[i].keklen; + } + return 1; +} + +static const OSSL_PARAM *x942kdf_settable_ctx_params(void) +{ + static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_UKM, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CEK_ALG, NULL, 0), + OSSL_PARAM_END + }; + return known_settable_ctx_params; +} + +static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + KDF_X942 *ctx = (KDF_X942 *)vctx; + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, x942kdf_size(ctx)); + return -2; +} + +static const OSSL_PARAM *x942kdf_gettable_ctx_params(void) +{ + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +} + +const OSSL_DISPATCH kdf_x942_kdf_functions[] = { + { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))x942kdf_new }, + { OSSL_FUNC_KDF_FREECTX, (void(*)(void))x942kdf_free }, + { OSSL_FUNC_KDF_RESET, (void(*)(void))x942kdf_reset }, + { OSSL_FUNC_KDF_DERIVE, (void(*)(void))x942kdf_derive }, + { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, + (void(*)(void))x942kdf_settable_ctx_params }, + { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))x942kdf_set_ctx_params }, + { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, + (void(*)(void))x942kdf_gettable_ctx_params }, + { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))x942kdf_get_ctx_params }, + { 0, NULL } }; #endif /* OPENSSL_NO_CMS */ diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 000bf73672..59cd4080f4 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -15,6 +15,7 @@ #include #include #include +#include /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ #include @@ -121,6 +122,7 @@ static int dummy_evp_call(void *provctx) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); + EVP_KDF *kdf = EVP_KDF_fetch(libctx, "pbkdf2", NULL); char msg[] = "Hello World!"; const unsigned char exptd[] = { 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, @@ -138,7 +140,7 @@ static int dummy_evp_call(void *provctx) EC_KEY *key = NULL; #endif - if (ctx == NULL || sha256 == NULL || drbg == NULL) + if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL) goto err; if (!EVP_DigestInit_ex(ctx, sha256, NULL)) @@ -185,6 +187,7 @@ static int dummy_evp_call(void *provctx) BN_CTX_end(bnctx); BN_CTX_free(bnctx); + EVP_KDF_free(kdf); EVP_MD_CTX_free(ctx); EVP_MD_free(sha256); @@ -342,6 +345,14 @@ static const OSSL_ALGORITHM fips_macs[] = { { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM fips_kdfs[] = { + { "HKDF", "fips=yes", kdf_hkdf_functions }, + { "SSKDF", "fips=yes", kdf_sskdf_functions }, + { "PBKDF2", "fips=yes", kdf_pbkdf2_functions }, + { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions }, + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, int operation_id, int *no_cache) @@ -354,6 +365,8 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, return fips_ciphers; case OSSL_OP_MAC: return fips_macs; + case OSSL_OP_KDF: + return fips_kdfs; } return NULL; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 31290a409a..4419d3f10b 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -18,6 +18,7 @@ #include #include #include +#include #include /* seed1 through seed5 are concatenated */ @@ -31,8 +32,10 @@ static int tls1_PRF(SSL *s, unsigned char *out, size_t olen, int fatal) { const EVP_MD *md = ssl_prf_md(s); + EVP_KDF *kdf; EVP_KDF_CTX *kctx = NULL; - int ret = 0; + OSSL_PARAM params[8], *p = params; + const char *mdname = EVP_MD_name(md); if (md == NULL) { /* Should never happen */ @@ -43,35 +46,43 @@ static int tls1_PRF(SSL *s, SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); return 0; } - kctx = EVP_KDF_CTX_new_id(EVP_PKEY_TLS1_PRF); - if (kctx == NULL - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, - sec, (size_t)slen) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, - seed1, (size_t)seed1_len) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, - seed2, (size_t)seed2_len) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, - seed3, (size_t)seed3_len) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, - seed4, (size_t)seed4_len) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, - seed5, (size_t)seed5_len) <= 0 - || EVP_KDF_derive(kctx, out, olen) <= 0) { - if (fatal) - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF, - ERR_R_INTERNAL_ERROR); - else - SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); + kdf = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL); + if (kdf == NULL) + goto err; + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + if (kctx == NULL) goto err; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)mdname, strlen(mdname) + 1); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, + (unsigned char *)sec, + (size_t)slen); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + (void *)seed1, (size_t)seed1_len); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + (void *)seed2, (size_t)seed2_len); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + (void *)seed3, (size_t)seed3_len); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + (void *)seed4, (size_t)seed4_len); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + (void *)seed5, (size_t)seed5_len); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_CTX_set_params(kctx, params) + && EVP_KDF_derive(kctx, out, olen)) { + EVP_KDF_CTX_free(kctx); + return 1; } - ret = 1; - err: + if (fatal) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF, + ERR_R_INTERNAL_ERROR); + else + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); EVP_KDF_CTX_free(kctx); - return ret; + return 0; } static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index a238d6e1c6..f7c472d1fb 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -12,6 +12,7 @@ #include "internal/cryptlib.h" #include #include +#include #define TLS13_MAX_LABEL_LEN 249 @@ -35,7 +36,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, #else static const unsigned char label_prefix[] = "tls13 "; #endif - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_PKEY_HKDF); + EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_hkdf, NULL); + EVP_KDF_CTX *kctx; + OSSL_PARAM params[5], *p = params; + int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; + const char *mdname = EVP_MD_name(md); int ret; size_t hkdflabellen; size_t hashlen; @@ -49,6 +54,8 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, + 1 + EVP_MAX_MD_SIZE]; WPACKET pkt; + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); if (kctx == NULL) return 0; @@ -88,12 +95,16 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, return 0; } - ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_HKDF_MODE, - EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, secret, hashlen) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, - hkdflabel, hkdflabellen) <= 0 + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)mdname, strlen(mdname) + 1); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + (unsigned char *)secret, hashlen); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + hkdflabel, hkdflabellen); + *p++ = OSSL_PARAM_construct_end(); + + ret = EVP_KDF_CTX_set_params(kctx, params) <= 0 || EVP_KDF_derive(kctx, out, outlen) <= 0; EVP_KDF_CTX_free(kctx); @@ -171,7 +182,11 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, size_t mdlen, prevsecretlen; int mdleni; int ret; - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_PKEY_HKDF); + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + OSSL_PARAM params[5], *p = params; + int mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY; + const char *mdname = EVP_MD_name(md); #ifdef CHARSET_EBCDIC static const char derived_secret_label[] = { 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00 }; #else @@ -179,6 +194,9 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, #endif unsigned char preextractsec[EVP_MAX_MD_SIZE]; + kdf = EVP_KDF_fetch(NULL, SN_hkdf, NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); if (kctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, ERR_R_INTERNAL_ERROR); @@ -232,12 +250,18 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, prevsecretlen = mdlen; } - ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_HKDF_MODE, - EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, md) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, insecret, insecretlen) <= 0 - || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, - prevsecret, prevsecretlen) <= 0 + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)mdname, strlen(mdname) + 1); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + (unsigned char *)insecret, + insecretlen); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + (unsigned char *)prevsecret, + prevsecretlen); + *p++ = OSSL_PARAM_construct_end(); + + ret = EVP_KDF_CTX_set_params(kctx, params) <= 0 || EVP_KDF_derive(kctx, outsecret, mdlen) <= 0; if (ret != 0) diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 1a131a7995..abc4dccd46 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -18,27 +18,39 @@ #include #include "testutil.h" +static EVP_KDF_CTX *get_kdfbyname(const char *name) +{ + EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + + EVP_KDF_free(kdf); + return kctx; +} + static int test_kdf_tls1_prf(void) { int ret; EVP_KDF_CTX *kctx = NULL; - const EVP_KDF *kdf; unsigned char out[16]; + OSSL_PARAM params[4], *p = params; static const unsigned char expected[sizeof(out)] = { 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc }; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"sha256", sizeof("sha256")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, + (unsigned char *)"secret", + (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, + (unsigned char *)"seed", + (size_t)4); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kdf = EVP_get_kdfbyname(SN_tls1_prf)) - && TEST_ptr(kctx = EVP_KDF_CTX_new(kdf)) - && TEST_ptr_eq(EVP_KDF_CTX_kdf(kctx), kdf) - && TEST_str_eq(EVP_KDF_name(kdf), SN_tls1_prf) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, - "secret", (size_t)6), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", - (size_t)4), 0) + TEST_ptr(kctx = get_kdfbyname(SN_tls1_prf)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -51,19 +63,24 @@ static int test_kdf_hkdf(void) int ret; EVP_KDF_CTX *kctx; unsigned char out[10]; + OSSL_PARAM params[5], *p = params; static const unsigned char expected[sizeof(out)] = { 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 }; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"sha256", sizeof("sha256")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + (unsigned char *)"salt", 4); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + (unsigned char *)"secret", 6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + (unsigned char *)"label", 5); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", - (size_t)4), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", - (size_t)6), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, "label", - (size_t)5), 0) + TEST_ptr(kctx = get_kdfbyname(SN_hkdf)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -73,10 +90,13 @@ static int test_kdf_hkdf(void) static int test_kdf_pbkdf2(void) { - int ret; + int ret = 0; EVP_KDF_CTX *kctx; unsigned char out[25]; size_t len = 0; + unsigned int iterations = 4096; + int mode = 0; + OSSL_PARAM params[6], *p = params; const unsigned char expected[sizeof(out)] = { 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, @@ -87,46 +107,55 @@ static int test_kdf_pbkdf2(void) if (sizeof(len) > 32) len = SIZE_MAX; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, - "passwordPASSWORDpassword", - (size_t)24), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, - "saltSALTsaltSALTsaltSALTsaltSALTsalt", - (size_t)36), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 4096), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), - 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, - 0), 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)) - /* A key length that is too small should fail */ - && TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0) - /* A key length that is too large should fail */ - && (len == 0 || TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0)) + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, + (unsigned char *) + "passwordPASSWORDpassword", 24); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + (unsigned char *) + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + 36); + *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &iterations); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"sha256", 7); + *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); + *p = OSSL_PARAM_construct_end(); + + if (!TEST_ptr(kctx = get_kdfbyname(LN_id_pbkdf2)) + || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)) + || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + /* A key length that is too small should fail */ + || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0) + /* A key length that is too large should fail */ + || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0))) + goto err; +#if 0 +/* TODO */ /* Salt length less than 128 bits should fail */ - && TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, + || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "123456781234567", (size_t)15), 0) /* A small iteration count should fail */ - && TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, + || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0) + || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, 1), 0) /* Small salts will pass if the "pkcs5" mode is enabled */ - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, + || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "123456781234567", (size_t)15), 0) /* A small iteration count will pass if "pkcs5" mode is enabled */ - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0) + || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0) /* * If the "pkcs5" mode is disabled then the small salt and iter will * fail when the derive gets called. */ - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, + || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, 0), 0) - && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0); - + || TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0); +#endif + ret = 1; +err: EVP_KDF_CTX_free(kctx); return ret; } @@ -136,7 +165,9 @@ static int test_kdf_scrypt(void) { int ret; EVP_KDF_CTX *kctx; + OSSL_PARAM params[7], *p = params; unsigned char out[64]; + unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16; static const unsigned char expected[sizeof(out)] = { 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, @@ -148,24 +179,23 @@ static int test_kdf_scrypt(void) 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 }; + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, + (char *)"password", 8); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + (char *)"NaCl", 4); + *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu); + *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru); + *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu); + *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", - (size_t)8), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", - (size_t)4), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, - (uint64_t)1024), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, - (uint32_t)8), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, - (uint32_t)16), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, - (uint64_t)16), 0) - /* failure test */ - && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, - (uint64_t)(10 * 1024 * 1024)), 0) + TEST_ptr(kctx = get_kdfbyname(SN_id_scrypt)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + /* failure test *//* + && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/ + && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -177,15 +207,16 @@ static int test_kdf_scrypt(void) static int test_kdf_ss_hash(void) { int ret; - EVP_KDF_CTX *kctx = NULL; + EVP_KDF_CTX *kctx; + OSSL_PARAM params[4], *p = params; unsigned char out[14]; - static const unsigned char z[] = { + static unsigned char z[] = { 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e, 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62, 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4, 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9 }; - static const unsigned char other[] = { + static unsigned char other[] = { 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e, 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde, 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e, @@ -195,12 +226,16 @@ static int test_kdf_ss_hash(void) 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8 }; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"sha224", sizeof("sha224")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, + sizeof(other)); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, - sizeof(other)), 0) + TEST_ptr(kctx = get_kdfbyname(SN_sskdf)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -211,14 +246,15 @@ static int test_kdf_ss_hash(void) static int test_kdf_x963(void) { int ret; - EVP_KDF_CTX *kctx = NULL; + EVP_KDF_CTX *kctx; + OSSL_PARAM params[4], *p = params; unsigned char out[1024 / 8]; /* * Test data from https://csrc.nist.gov/CSRC/media/Projects/ * Cryptographic-Algorithm-Validation-Program/documents/components/ * 800-135testvectors/ansx963_2001.zip */ - static const unsigned char z[] = { + static unsigned char z[] = { 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9, 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f, @@ -226,7 +262,7 @@ static int test_kdf_x963(void) 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d }; - static const unsigned char shared[] = { + static unsigned char shared[] = { 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31 }; @@ -244,12 +280,16 @@ static int test_kdf_x963(void) 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16 }; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"sha512", sizeof("sha512")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared, + sizeof(shared)); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha512()), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, shared, - sizeof(shared)), 0) + TEST_ptr(kctx = get_kdfbyname(SN_x963kdf)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -261,14 +301,15 @@ static int test_kdf_ss_hmac(void) { int ret; EVP_KDF_CTX *kctx; + OSSL_PARAM params[6], *p = params; unsigned char out[16]; - static const unsigned char z[] = { + static unsigned char z[] = { 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 }; - static const unsigned char other[] = { + static unsigned char other[] = { 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc }; - static const unsigned char salt[] = { + static unsigned char salt[] = { 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, 0x3f,0x89 }; @@ -277,16 +318,21 @@ static int test_kdf_ss_hmac(void) 0x1c,0xa3 }; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + (char *)OSSL_MAC_NAME_HMAC, + sizeof(OSSL_MAC_NAME_HMAC)); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"sha256", sizeof("sha256")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, + sizeof(other)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, + sizeof(salt)); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, - OSSL_MAC_NAME_HMAC), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, - sizeof(other)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, - sizeof(salt)), 0) + TEST_ptr(kctx = get_kdfbyname(SN_sskdf)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -298,14 +344,16 @@ static int test_kdf_ss_kmac(void) { int ret; EVP_KDF_CTX *kctx; + OSSL_PARAM params[6], *p = params; unsigned char out[64]; - static const unsigned char z[] = { + size_t mac_size = 20; + static unsigned char z[] = { 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 }; - static const unsigned char other[] = { + static unsigned char other[] = { 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc }; - static const unsigned char salt[] = { + static unsigned char salt[] = { 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, 0x3f,0x89 }; @@ -317,18 +365,20 @@ static int test_kdf_ss_kmac(void) 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03 }; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + (char *)OSSL_MAC_NAME_KMAC128, + sizeof(OSSL_MAC_NAME_KMAC128)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, + sizeof(other)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, + sizeof(salt)); + *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, - OSSL_MAC_NAME_KMAC128), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, - sizeof(z)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, - sizeof(other)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, - sizeof(salt)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE, - (size_t)20), 0) + TEST_ptr(kctx = get_kdfbyname(SN_sskdf)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -340,9 +390,11 @@ static int test_kdf_sshkdf(void) { int ret; EVP_KDF_CTX *kctx; + OSSL_PARAM params[6], *p = params; + char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; unsigned char out[8]; /* Test data from NIST CAVS 14.1 test vectors */ - static const unsigned char key[] = { + static unsigned char key[] = { 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a, 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a, 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa, @@ -356,12 +408,12 @@ static int test_kdf_sshkdf(void) 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14, 0x4e }; - static const unsigned char xcghash[] = { + static unsigned char xcghash[] = { 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 }; - static const unsigned char sessid[] = { + static unsigned char sessid[] = { 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 @@ -370,18 +422,21 @@ static int test_kdf_sshkdf(void) 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6 }; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"sha256", sizeof("sha256")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, + sizeof(key)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, + xcghash, sizeof(xcghash)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, + sessid, sizeof(sessid)); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, + &kdftype, sizeof(kdftype)); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, - sizeof(key)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, - xcghash, sizeof(xcghash)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, - sessid, sizeof(sessid)), 0) - && TEST_int_gt( - EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, - (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV), 0) + TEST_ptr(kctx = get_kdfbyname(SN_sshkdf)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -391,19 +446,38 @@ static int test_kdf_sshkdf(void) static int test_kdf_get_kdf(void) { - const EVP_KDF *kdf1, *kdf2; + EVP_KDF *kdf1 = NULL, *kdf2 = NULL; ASN1_OBJECT *obj; - - return - TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2)) - && TEST_ptr(kdf1 = EVP_get_kdfbyname(LN_id_pbkdf2)) - && TEST_ptr(kdf2 = EVP_get_kdfbyobj(obj)) - && TEST_ptr_eq(kdf1, kdf2) - && TEST_ptr(kdf1 = EVP_get_kdfbyname(SN_tls1_prf)) - && TEST_ptr(kdf2 = EVP_get_kdfbyname(LN_tls1_prf)) - && TEST_ptr_eq(kdf1, kdf2) - && TEST_ptr(kdf2 = EVP_get_kdfbynid(NID_tls1_prf)) - && TEST_ptr_eq(kdf1, kdf2); + int ok = 1; + + if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2)) + || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL)) + || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)), + NULL)) + || !TEST_ptr_eq(kdf1, kdf2)) + ok = 0; + EVP_KDF_free(kdf1); + kdf1 = NULL; + EVP_KDF_free(kdf2); + kdf2 = NULL; + + if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL)) + || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL)) + || !TEST_ptr_eq(kdf1, kdf2)) + ok = 0; + /* kdf1 is re-used below, so don't free it here */ + EVP_KDF_free(kdf2); + kdf2 = NULL; + + if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL)) + || !TEST_ptr_eq(kdf1, kdf2)) + ok = 0; + EVP_KDF_free(kdf1); + kdf1 = NULL; + EVP_KDF_free(kdf2); + kdf2 = NULL; + + return ok; } #ifndef OPENSSL_NO_CMS @@ -411,9 +485,11 @@ static int test_kdf_x942_asn1(void) { int ret; EVP_KDF_CTX *kctx = NULL; + OSSL_PARAM params[4], *p = params; + const char *cek_alg = SN_id_smime_alg_CMS3DESwrap; unsigned char out[24]; /* RFC2631 Section 2.1.6 Test data */ - static const unsigned char z[] = { + static unsigned char z[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d, 0x0e,0x0f,0x10,0x11,0x12,0x13 }; @@ -423,12 +499,18 @@ static int test_kdf_x942_asn1(void) 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb }; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"sha1", sizeof("sha1")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, + sizeof(z)); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, + (char *)cek_alg, + strlen(cek_alg) + 1); + *p = OSSL_PARAM_construct_end(); + ret = - TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha1()), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG, - SN_id_smime_alg_CMS3DESwrap), 0) + TEST_ptr(kctx = get_kdfbyname(SN_x942kdf)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); diff --git a/test/evp_test.c b/test/evp_test.c index b2047d591a..2f7506e6e6 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1975,6 +1975,8 @@ typedef struct kdf_data_st { /* Expected output */ unsigned char *output; size_t output_len; + OSSL_PARAM params[20]; + OSSL_PARAM *p; } KDF_DATA; /* @@ -1984,7 +1986,7 @@ typedef struct kdf_data_st { static int kdf_test_init(EVP_TEST *t, const char *name) { KDF_DATA *kdata; - const EVP_KDF *kdf; + EVP_KDF *kdf; #ifdef OPENSSL_NO_SCRYPT if (strcmp(name, "scrypt") == 0) { @@ -2000,13 +2002,16 @@ static int kdf_test_init(EVP_TEST *t, const char *name) } #endif /* OPENSSL_NO_CMS */ - kdf = EVP_get_kdfbyname(name); - if (kdf == NULL) + if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) return 0; + kdata->p = kdata->params; + *kdata->p = OSSL_PARAM_construct_end(); - if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) + kdf = EVP_KDF_fetch(NULL, name, NULL); + if (kdf == NULL) return 0; kdata->ctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); if (kdata->ctx == NULL) { OPENSSL_free(kdata); return 0; @@ -2018,6 +2023,10 @@ static int kdf_test_init(EVP_TEST *t, const char *name) static void kdf_test_cleanup(EVP_TEST *t) { KDF_DATA *kdata = t->data; + OSSL_PARAM *p; + + for (p = kdata->params; p->key != NULL; p++) + OPENSSL_free(p->data); OPENSSL_free(kdata->output); EVP_KDF_CTX_free(kdata->ctx); } @@ -2025,36 +2034,35 @@ static void kdf_test_cleanup(EVP_TEST *t) static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, const char *value) { + KDF_DATA *kdata = t->data; int rv; - char *p, *tmpval; + char *p, *name; + const OSSL_PARAM *defs = EVP_KDF_CTX_settable_params(EVP_KDF_CTX_kdf(kctx)); - if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) + if (!TEST_ptr(name = OPENSSL_strdup(value))) return 0; - p = strchr(tmpval, ':'); + p = strchr(name, ':'); if (p != NULL) *p++ = '\0'; - rv = EVP_KDF_ctrl_str(kctx, tmpval, p); - if (rv == -2) { - t->err = "KDF_CTRL_INVALID"; - rv = 1; - } else if (p != NULL && rv <= 0) { + + rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, strlen(p)); + *++kdata->p = OSSL_PARAM_construct_end(); + if (!rv) { + t->err = "KDF_PARAM_ERROR"; + OPENSSL_free(name); + return 0; + } + if (strcmp(name, "digest") == 0 && p != NULL) { /* If p has an OID and lookup fails assume disabled algorithm */ int nid = OBJ_sn2nid(p); if (nid == NID_undef) nid = OBJ_ln2nid(p); - if (nid != NID_undef - && EVP_get_digestbynid(nid) == NULL - && EVP_get_cipherbynid(nid) == NULL) { + if (nid != NID_undef && EVP_get_digestbynid(nid) == NULL) t->skip = 1; - rv = 1; - } else { - t->err = "KDF_CTRL_ERROR"; - rv = 1; - } } - OPENSSL_free(tmpval); - return rv > 0; + OPENSSL_free(name); + return 1; } static int kdf_test_parse(EVP_TEST *t, @@ -2075,6 +2083,10 @@ static int kdf_test_run(EVP_TEST *t) unsigned char *got = NULL; size_t got_len = expected->output_len; + if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) { + t->err = "KDF_CTRL_ERROR"; + return 1; + } if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { t->err = "INTERNAL_ERROR"; goto err; @@ -2161,6 +2173,7 @@ static int pkey_kdf_test_init(EVP_TEST *t, const char *name) static void pkey_kdf_test_cleanup(EVP_TEST *t) { PKEY_KDF_DATA *kdata = t->data; + OPENSSL_free(kdata->output); EVP_PKEY_CTX_free(kdata->ctx); } diff --git a/test/recipes/20-test_kdf.t b/test/recipes/20-test_kdf.t index 39fb485290..a03f6997b4 100755 --- a/test/recipes/20-test_kdf.t +++ b/test/recipes/20-test_kdf.t @@ -43,7 +43,7 @@ my @kdf_tests = ( ); my @scrypt_tests = ( - { cmd => [qw{openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl -kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 -kdfopt maxmem_bytes:10485760 id-scrypt}], + { cmd => [qw{openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl -kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 -kdfopt maxmem_bytes:10485760 id-scrypt}], expected => 'fd:ba:be:1c:9d:34:72:00:78:56:e7:19:0d:01:e9:fe:7c:6a:d7:cb:c8:23:78:30:e7:73:76:63:4b:37:31:62:2e:af:30:d9:2e:22:a3:88:6f:f1:09:27:9d:98:30:da:c7:27:af:b9:4a:83:ee:6d:83:60:cb:df:a2:cc:06:40', desc => 'SCRYPT' }, ); diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt index 6f7270bb9e..9c9be7552c 100644 --- a/test/recipes/30-test_evp_data/evpkdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf.txt @@ -254,51 +254,51 @@ Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081 Title = id-scrypt tests (from draft-josefsson-id-scrypt-kdf-03 and others) -KDF = scrypt +KDF = id-scrypt Ctrl.pass = pass: Ctrl.salt = salt: -Ctrl.N = N:16 +Ctrl.N = n:16 Ctrl.r = r:1 Ctrl.p = p:1 Output = 77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906 -KDF = scrypt +KDF = id-scrypt Ctrl.pass = pass:password Ctrl.salt = salt:NaCl -Ctrl.N = N:1024 +Ctrl.N = n:1024 Ctrl.r = r:8 Ctrl.p = p:16 Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 -KDF = scrypt +KDF = id-scrypt Ctrl.hexpass = hexpass:70617373776f7264 Ctrl.salt = salt:NaCl -Ctrl.N = N:1024 +Ctrl.N = n:1024 Ctrl.r = r:8 Ctrl.p = p:16 Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 -KDF = scrypt +KDF = id-scrypt Ctrl.pass = pass:password Ctrl.hexsalt = hexsalt:4e61436c -Ctrl.N = N:1024 +Ctrl.N = n:1024 Ctrl.r = r:8 Ctrl.p = p:16 Output = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 -KDF = scrypt +KDF = id-scrypt Ctrl.pass = pass:pleaseletmein Ctrl.salt = salt:SodiumChloride -Ctrl.N = N:16384 +Ctrl.N = n:16384 Ctrl.r = r:8 Ctrl.p = p:1 Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887 # Out of memory -KDF = scrypt +KDF = id-scrypt Ctrl.pass = pass:pleaseletmein Ctrl.salt = salt:SodiumChloride -Ctrl.N = N:1048576 +Ctrl.N = n:1048576 Ctrl.r = r:8 Ctrl.p = p:1 Result = INTERNAL_ERROR @@ -452,7 +452,7 @@ Title = SSHKDF tests (from NIST CAVS 14.1 test vectors) # The first one uses md instead of digest to test alias works KDF = SSHKDF -Ctrl.md = md:SHA1 +Ctrl.digest = digest:SHA1 Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 diff --git a/util/libcrypto.num b/util/libcrypto.num index e6567aefe2..442a6bb02f 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1807,7 +1807,6 @@ i2d_ASN1_bio_stream 1849 3_0_0 EXIST::FUNCTION: CRYPTO_THREAD_init_local 1850 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_serial_cb 1851 3_0_0 EXIST::FUNCTION:TS POLICY_MAPPING_it 1852 3_0_0 EXIST::FUNCTION: -ERR_load_KDF_strings 1853 3_0_0 EXIST::FUNCTION: UI_method_set_reader 1854 3_0_0 EXIST::FUNCTION: BIO_next 1855 3_0_0 EXIST::FUNCTION: ASN1_STRING_set_default_mask_asc 1856 3_0_0 EXIST::FUNCTION: @@ -4477,12 +4476,8 @@ ASYNC_WAIT_CTX_set_callback 4582 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_set_status 4583 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_get_status 4584 3_0_0 EXIST::FUNCTION: ERR_load_ESS_strings 4589 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_new_id 4590 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_free 4591 3_0_0 EXIST::FUNCTION: EVP_KDF_reset 4592 3_0_0 EXIST::FUNCTION: -EVP_KDF_ctrl 4593 3_0_0 EXIST::FUNCTION: -EVP_KDF_vctrl 4594 3_0_0 EXIST::FUNCTION: -EVP_KDF_ctrl_str 4595 3_0_0 EXIST::FUNCTION: EVP_KDF_size 4596 3_0_0 EXIST::FUNCTION: EVP_KDF_derive 4597 3_0_0 EXIST::FUNCTION: EC_GROUP_get0_field 4598 3_0_0 EXIST::FUNCTION:EC @@ -4632,8 +4627,6 @@ EVP_CIPHER_mode 4741 3_0_0 EXIST::FUNCTION: OPENSSL_info 4742 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_new 4743 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_kdf 4744 3_0_0 EXIST::FUNCTION: -EVP_KDF_nid 4745 3_0_0 EXIST::FUNCTION: -EVP_get_kdfbyname 4746 3_0_0 EXIST::FUNCTION: i2d_KeyParams 4747 3_0_0 EXIST::FUNCTION: d2i_KeyParams 4748 3_0_0 EXIST::FUNCTION: i2d_KeyParams_bio 4749 3_0_0 EXIST::FUNCTION: @@ -4734,3 +4727,16 @@ EVP_MAC_provider 4843 3_0_0 EXIST::FUNCTION: EVP_MAC_do_all_ex 4844 3_0_0 EXIST::FUNCTION: EVP_MD_free 4845 3_0_0 EXIST::FUNCTION: EVP_CIPHER_free 4846 3_0_0 EXIST::FUNCTION: +EVP_KDF_up_ref 4847 3_0_0 EXIST::FUNCTION: +EVP_KDF_free 4848 3_0_0 EXIST::FUNCTION: +EVP_KDF_fetch 4849 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_dup 4850 3_0_0 EXIST::FUNCTION: +EVP_KDF_name 4851 3_0_0 EXIST::FUNCTION: +EVP_KDF_provider 4852 3_0_0 EXIST::FUNCTION: +EVP_KDF_get_params 4853 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_get_params 4854 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_set_params 4855 3_0_0 EXIST::FUNCTION: +EVP_KDF_gettable_params 4856 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_gettable_params 4857 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_settable_params 4858 3_0_0 EXIST::FUNCTION: +EVP_KDF_do_all_ex 4859 3_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 05eee92d27..a59c7d491c 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -458,7 +458,6 @@ ERR_load_ENGINE_strings ERR_load_ERR_strings ERR_load_ESS_strings ERR_load_EVP_strings -ERR_load_KDF_strings ERR_load_OBJ_strings ERR_load_OCSP_strings ERR_load_OSSL_STORE_strings diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt index e544c1b3c7..8d65057c59 100644 --- a/util/missingcrypto111.txt +++ b/util/missingcrypto111.txt @@ -469,7 +469,6 @@ ERR_load_EC_strings ERR_load_ENGINE_strings ERR_load_ERR_strings ERR_load_EVP_strings -ERR_load_KDF_strings ERR_load_OBJ_strings ERR_load_OCSP_strings ERR_load_OSSL_STORE_strings diff --git a/util/private.num b/util/private.num index 351828268c..4d57795c5e 100644 --- a/util/private.num +++ b/util/private.num @@ -294,8 +294,6 @@ EVP_get_digestbynid define EVP_get_digestbyobj define EVP_get_macbynid define EVP_get_macbyobj define -EVP_get_kdfbynid define -EVP_get_kdfbyobj define EVP_idea_cfb define EVP_rc2_cfb define EVP_rc5_32_12_16_cfb define From no-reply at appveyor.com Fri Sep 6 10:06:23 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Sep 2019 10:06:23 +0000 Subject: Build failed: openssl master.27360 Message-ID: <20190906100623.1.9EEE5909FF519E23@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Sep 6 09:53:35 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 09:53:35 +0000 Subject: Still Failing: openssl/openssl#27938 (OpenSSL_1_1_1-stable - 6f34a16) In-Reply-To: Message-ID: <5d722c9f2f210_43fc93a2579dc3429f@dc070a21-6fd3-4b73-b32d-d403b4c38921.mail> Build Update for openssl/openssl ------------------------------------- Build: #27938 Status: Still Failing Duration: 8 mins and 55 secs Commit: 6f34a16 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9780) (cherry picked from commit dc5bcb88d819de55eb37460c122e02fec91c6d86) View the changeset: https://github.com/openssl/openssl/compare/5d16346679d7...6f34a16ea9a4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581585531?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Sep 6 09:54:31 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 09:54:31 +0000 Subject: Errored: openssl/openssl#27937 (master - dc5bcb8) In-Reply-To: Message-ID: <5d722cd7320b8_43fa559b875c032151b@f9597bd4-4109-4920-bbac-39635a774303.mail> Build Update for openssl/openssl ------------------------------------- Build: #27937 Status: Errored Duration: 15 mins and 14 secs Commit: dc5bcb8 (master) Author: Matt Caswell Message: Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9780) View the changeset: https://github.com/openssl/openssl/compare/7e8c33819373...dc5bcb88d819 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581585424?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Sep 6 10:33:45 2019 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Sep 2019 10:33:45 +0000 Subject: Build completed: openssl master.27361 Message-ID: <20190906103345.1.FC8C7E7904FDB58B@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Sep 6 10:49:35 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 10:49:35 +0000 Subject: Errored: openssl/openssl#27941 (master - c7bfb13) In-Reply-To: Message-ID: <5d7239bec1f9c_43fb6b8877a40264949@e814d813-fa17-43d5-bb62-27d57f701281.mail> Build Update for openssl/openssl ------------------------------------- Build: #27941 Status: Errored Duration: 14 mins and 57 secs Commit: c7bfb13 (master) Author: Pauli Message: libcrypto.num entries for KDFs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9662) View the changeset: https://github.com/openssl/openssl/compare/dc5bcb88d819...c7bfb138acf6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581593159?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Sep 6 15:21:44 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Sep 2019 15:21:44 +0000 Subject: [openssl] master update Message-ID: <1567783304.479483.13041.nullmailer@dev.openssl.org> The branch master has been updated via d2baf88c43e5a40cfc3bcd4ca35cbae53161941c (commit) via 311e903d8468e2a380d371609a10eda71de16c0e (commit) from c7bfb138acf6103ae6fd178eb212b110bfb39c0d (commit) - Log ----------------------------------------------------------------- commit d2baf88c43e5a40cfc3bcd4ca35cbae53161941c Author: Cesar Pereida Garcia Date: Fri Sep 6 10:48:00 2019 +0300 [crypto/rsa] Set the constant-time flag in multi-prime RSA too Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9779) commit 311e903d8468e2a380d371609a10eda71de16c0e Author: Cesar Pereida Garcia Date: Thu Sep 5 12:13:11 2019 +0300 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. This commit addresses multiple side-channel vulnerabilities present during RSA key validation. Private key parameters are re-computed using variable-time functions. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9779) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_bignum.c | 17 ++++++++++++++--- crypto/rsa/rsa_lib.c | 15 ++++++++++++--- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index d7abca6c76..c5e892900e 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - if (!*pval) - bn_secure_new(pval, it); - return bn_c2i(pval, cont, len, utype, free_cont, it); + int ret; + BIGNUM *bn; + + if (!*pval && !bn_secure_new(pval, it)) + return 0; + + ret = bn_c2i(pval, cont, len, utype, free_cont, it); + if (!ret) + return 0; + + /* Set constant-time flag for all secure BIGNUMS */ + bn = (BIGNUM *)*pval; + BN_set_flags(bn, BN_FLG_CONSTTIME); + return ret; } static int bn_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index f337a0df08..c6e570089f 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -325,6 +325,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) if (d != NULL) { BN_clear_free(r->d); r->d = d; + BN_set_flags(r->d, BN_FLG_CONSTTIME); } return 1; @@ -342,10 +343,12 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) if (p != NULL) { BN_clear_free(r->p); r->p = p; + BN_set_flags(r->p, BN_FLG_CONSTTIME); } if (q != NULL) { BN_clear_free(r->q); r->q = q; + BN_set_flags(r->q, BN_FLG_CONSTTIME); } return 1; @@ -364,14 +367,17 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) if (dmp1 != NULL) { BN_clear_free(r->dmp1); r->dmp1 = dmp1; + BN_set_flags(r->dmp1, BN_FLG_CONSTTIME); } if (dmq1 != NULL) { BN_clear_free(r->dmq1); r->dmq1 = dmq1; + BN_set_flags(r->dmq1, BN_FLG_CONSTTIME); } if (iqmp != NULL) { BN_clear_free(r->iqmp); r->iqmp = iqmp; + BN_set_flags(r->iqmp, BN_FLG_CONSTTIME); } return 1; @@ -403,12 +409,15 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], if (pinfo == NULL) goto err; if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) { - BN_free(pinfo->r); - BN_free(pinfo->d); - BN_free(pinfo->t); + BN_clear_free(pinfo->r); + BN_clear_free(pinfo->d); + BN_clear_free(pinfo->t); pinfo->r = primes[i]; pinfo->d = exps[i]; pinfo->t = coeffs[i]; + BN_set_flags(pinfo->r, BN_FLG_CONSTTIME); + BN_set_flags(pinfo->d, BN_FLG_CONSTTIME); + BN_set_flags(pinfo->t, BN_FLG_CONSTTIME); } else { rsa_multip_info_free(pinfo); goto err; From matt at openssl.org Fri Sep 6 15:21:55 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Sep 2019 15:21:55 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567783315.805192.13971.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 1bb2acb9987cc9d7f638b066ef396ca7f3243955 (commit) via 2f18596c32d145f194c3d1eac9b9e77b560aad71 (commit) from 6f34a16ea9a4d37e11a26dd4c3694ea5b107e53f (commit) - Log ----------------------------------------------------------------- commit 1bb2acb9987cc9d7f638b066ef396ca7f3243955 Author: Cesar Pereida Garcia Date: Fri Sep 6 10:48:00 2019 +0300 [crypto/rsa] Set the constant-time flag in multi-prime RSA too Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9779) commit 2f18596c32d145f194c3d1eac9b9e77b560aad71 Author: Cesar Pereida Garcia Date: Thu Sep 5 12:13:11 2019 +0300 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. This commit addresses multiple side-channel vulnerabilities present during RSA key validation. Private key parameters are re-computed using variable-time functions. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9779) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_bignum.c | 17 ++++++++++++++--- crypto/rsa/rsa_lib.c | 15 ++++++++++++--- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index da57e77a7a..c1e3e523a0 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - if (!*pval) - bn_secure_new(pval, it); - return bn_c2i(pval, cont, len, utype, free_cont, it); + int ret; + BIGNUM *bn; + + if (!*pval && !bn_secure_new(pval, it)) + return 0; + + ret = bn_c2i(pval, cont, len, utype, free_cont, it); + if (!ret) + return 0; + + /* Set constant-time flag for all secure BIGNUMS */ + bn = (BIGNUM *)*pval; + BN_set_flags(bn, BN_FLG_CONSTTIME); + return ret; } static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 49c34b7c36..2e9effeefa 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -198,6 +198,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) if (d != NULL) { BN_clear_free(r->d); r->d = d; + BN_set_flags(r->d, BN_FLG_CONSTTIME); } return 1; @@ -215,10 +216,12 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) if (p != NULL) { BN_clear_free(r->p); r->p = p; + BN_set_flags(r->p, BN_FLG_CONSTTIME); } if (q != NULL) { BN_clear_free(r->q); r->q = q; + BN_set_flags(r->q, BN_FLG_CONSTTIME); } return 1; @@ -237,14 +240,17 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) if (dmp1 != NULL) { BN_clear_free(r->dmp1); r->dmp1 = dmp1; + BN_set_flags(r->dmp1, BN_FLG_CONSTTIME); } if (dmq1 != NULL) { BN_clear_free(r->dmq1); r->dmq1 = dmq1; + BN_set_flags(r->dmq1, BN_FLG_CONSTTIME); } if (iqmp != NULL) { BN_clear_free(r->iqmp); r->iqmp = iqmp; + BN_set_flags(r->iqmp, BN_FLG_CONSTTIME); } return 1; @@ -276,12 +282,15 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], if (pinfo == NULL) goto err; if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) { - BN_free(pinfo->r); - BN_free(pinfo->d); - BN_free(pinfo->t); + BN_clear_free(pinfo->r); + BN_clear_free(pinfo->d); + BN_clear_free(pinfo->t); pinfo->r = primes[i]; pinfo->d = exps[i]; pinfo->t = coeffs[i]; + BN_set_flags(pinfo->r, BN_FLG_CONSTTIME); + BN_set_flags(pinfo->d, BN_FLG_CONSTTIME); + BN_set_flags(pinfo->t, BN_FLG_CONSTTIME); } else { rsa_multip_info_free(pinfo); goto err; From matt at openssl.org Fri Sep 6 15:22:06 2019 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Sep 2019 15:22:06 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1567783326.991835.14869.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 8bb913a3d7c29c189c7ac656c726f4a2bfcdd73b (commit) from 04882f77a8bb5df8bc9f3f9f82191f487d350be1 (commit) - Log ----------------------------------------------------------------- commit 8bb913a3d7c29c189c7ac656c726f4a2bfcdd73b Author: Cesar Pereida Garcia Date: Thu Sep 5 12:13:11 2019 +0300 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. This commit addresses multiple side-channel vulnerabilities present during RSA key validation. Private key parameters are re-computed using variable-time functions. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9779) (cherry picked from commit 311e903d8468e2a380d371609a10eda71de16c0e) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_bignum.c | 17 ++++++++++++++--- crypto/rsa/rsa_lib.c | 6 ++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index da57e77a7a..c1e3e523a0 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -130,9 +130,20 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - if (!*pval) - bn_secure_new(pval, it); - return bn_c2i(pval, cont, len, utype, free_cont, it); + int ret; + BIGNUM *bn; + + if (!*pval && !bn_secure_new(pval, it)) + return 0; + + ret = bn_c2i(pval, cont, len, utype, free_cont, it); + if (!ret) + return 0; + + /* Set constant-time flag for all secure BIGNUMS */ + bn = (BIGNUM *)*pval; + BN_set_flags(bn, BN_FLG_CONSTTIME); + return ret; } static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index d99d04916d..4a1250127c 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -184,6 +184,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) if (d != NULL) { BN_free(r->d); r->d = d; + BN_set_flags(r->d, BN_FLG_CONSTTIME); } return 1; @@ -201,10 +202,12 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) if (p != NULL) { BN_free(r->p); r->p = p; + BN_set_flags(r->p, BN_FLG_CONSTTIME); } if (q != NULL) { BN_free(r->q); r->q = q; + BN_set_flags(r->q, BN_FLG_CONSTTIME); } return 1; @@ -223,14 +226,17 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) if (dmp1 != NULL) { BN_free(r->dmp1); r->dmp1 = dmp1; + BN_set_flags(r->dmp1, BN_FLG_CONSTTIME); } if (dmq1 != NULL) { BN_free(r->dmq1); r->dmq1 = dmq1; + BN_set_flags(r->dmq1, BN_FLG_CONSTTIME); } if (iqmp != NULL) { BN_free(r->iqmp); r->iqmp = iqmp; + BN_set_flags(r->iqmp, BN_FLG_CONSTTIME); } return 1; From builds at travis-ci.org Fri Sep 6 15:45:55 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 15:45:55 +0000 Subject: Errored: openssl/openssl#27950 (master - d2baf88) In-Reply-To: Message-ID: <5d727f338780c_43fb1604d020036222e@2fa358fe-d4e1-49ca-9bad-13716d41c51d.mail> Build Update for openssl/openssl ------------------------------------- Build: #27950 Status: Errored Duration: 23 mins and 20 secs Commit: d2baf88 (master) Author: Cesar Pereida Garcia Message: [crypto/rsa] Set the constant-time flag in multi-prime RSA too Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9779) View the changeset: https://github.com/openssl/openssl/compare/c7bfb138acf6...d2baf88c43e5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581727106?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Sep 6 15:58:28 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 15:58:28 +0000 Subject: Still Failing: openssl/openssl#27951 (OpenSSL_1_1_1-stable - 1bb2acb) In-Reply-To: Message-ID: <5d728222104f4_43ff5947eda3c47401f@10311518-b49f-42b8-a3b2-6bde6e8597d4.mail> Build Update for openssl/openssl ------------------------------------- Build: #27951 Status: Still Failing Duration: 9 mins and 19 secs Commit: 1bb2acb (OpenSSL_1_1_1-stable) Author: Cesar Pereida Garcia Message: [crypto/rsa] Set the constant-time flag in multi-prime RSA too Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9779) View the changeset: https://github.com/openssl/openssl/compare/6f34a16ea9a4...1bb2acb9987c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581727135?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Fri Sep 6 16:40:23 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 06 Sep 2019 16:40:23 +0000 Subject: [openssl] master update Message-ID: <1567788023.184561.22720.nullmailer@dev.openssl.org> The branch master has been updated via 31ca19403d56ad71d823cf62990518dfc6905bb4 (commit) from d2baf88c43e5a40cfc3bcd4ca35cbae53161941c (commit) - Log ----------------------------------------------------------------- commit 31ca19403d56ad71d823cf62990518dfc6905bb4 Author: Bernd Edlinger Date: Fri Sep 6 08:46:46 2019 +0200 Fix a SCA leak in BN_generate_dsa_nonce Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9782) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_rand.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index fa75a3b10e..2b3e6f2076 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -264,8 +264,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, goto err; /* We copy |priv| into a local buffer to avoid exposing its length. */ - todo = sizeof(priv->d[0]) * priv->top; - if (todo > sizeof(private_bytes)) { + if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) { /* * No reasonable DSA or ECDSA key should have a private key this * large and we don't handle this case in order to avoid leaking the @@ -274,8 +273,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); goto err; } - memcpy(private_bytes, priv->d, todo); - memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); md = EVP_MD_fetch(libctx, "SHA512", NULL); if (md == NULL) { From bernd.edlinger at hotmail.de Fri Sep 6 16:41:25 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 06 Sep 2019 16:41:25 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567788085.037531.23768.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 9e1403d91a42d917e684a37a99fa98a0025253c0 (commit) from 1bb2acb9987cc9d7f638b066ef396ca7f3243955 (commit) - Log ----------------------------------------------------------------- commit 9e1403d91a42d917e684a37a99fa98a0025253c0 Author: Bernd Edlinger Date: Fri Sep 6 08:46:46 2019 +0200 Fix a SCA leak in BN_generate_dsa_nonce Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9782) (cherry picked from commit 31ca19403d56ad71d823cf62990518dfc6905bb4) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_rand.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index c0d1a32292..214768311a 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -225,8 +225,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, goto err; /* We copy |priv| into a local buffer to avoid exposing its length. */ - todo = sizeof(priv->d[0]) * priv->top; - if (todo > sizeof(private_bytes)) { + if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) { /* * No reasonable DSA or ECDSA key should have a private key this * large and we don't handle this case in order to avoid leaking the @@ -235,8 +234,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); goto err; } - memcpy(private_bytes, priv->d, todo); - memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); for (done = 0; done < num_k_bytes;) { if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1) From bernd.edlinger at hotmail.de Fri Sep 6 16:41:40 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 06 Sep 2019 16:41:40 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1567788100.489159.24738.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via f9d1cbe64eebc9e40c7e1f0da4f8f3d98b903b91 (commit) from 8bb913a3d7c29c189c7ac656c726f4a2bfcdd73b (commit) - Log ----------------------------------------------------------------- commit f9d1cbe64eebc9e40c7e1f0da4f8f3d98b903b91 Author: Bernd Edlinger Date: Fri Sep 6 08:46:46 2019 +0200 Fix a SCA leak in BN_generate_dsa_nonce Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9782) (cherry picked from commit 31ca19403d56ad71d823cf62990518dfc6905bb4) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_rand.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 9ce4c5f606..bff1d249af 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -215,8 +215,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, goto err; /* We copy |priv| into a local buffer to avoid exposing its length. */ - todo = sizeof(priv->d[0]) * priv->top; - if (todo > sizeof(private_bytes)) { + if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) { /* * No reasonable DSA or ECDSA key should have a private key this * large and we don't handle this case in order to avoid leaking the @@ -225,8 +224,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); goto err; } - memcpy(private_bytes, priv->d, todo); - memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); for (done = 0; done < num_k_bytes;) { if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1) From builds at travis-ci.org Fri Sep 6 17:22:49 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 17:22:49 +0000 Subject: Errored: openssl/openssl#27953 (master - 31ca194) In-Reply-To: Message-ID: <5d7295e9365bb_43fd2d5c3c75098275@0f5aac7d-f425-43b6-885d-dacdc8e5649b.mail> Build Update for openssl/openssl ------------------------------------- Build: #27953 Status: Errored Duration: 14 mins and 17 secs Commit: 31ca194 (master) Author: Bernd Edlinger Message: Fix a SCA leak in BN_generate_dsa_nonce Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9782) View the changeset: https://github.com/openssl/openssl/compare/d2baf88c43e5...31ca19403d56 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581762501?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Sep 6 17:35:45 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 17:35:45 +0000 Subject: Still Failing: openssl/openssl#27954 (OpenSSL_1_1_1-stable - 9e1403d) In-Reply-To: Message-ID: <5d7298f141a4e_43f9a97661bf89043f@a2349ab6-f0ce-4c37-b89d-b7a931234aec.mail> Build Update for openssl/openssl ------------------------------------- Build: #27954 Status: Still Failing Duration: 9 mins and 8 secs Commit: 9e1403d (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix a SCA leak in BN_generate_dsa_nonce Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9782) (cherry picked from commit 31ca19403d56ad71d823cf62990518dfc6905bb4) View the changeset: https://github.com/openssl/openssl/compare/1bb2acb9987c...9e1403d91a42 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581762881?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Fri Sep 6 23:09:27 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Fri, 06 Sep 2019 23:09:27 +0000 Subject: [openssl] master update Message-ID: <1567811367.811771.30151.nullmailer@dev.openssl.org> The branch master has been updated via 4fe2ee3a449a8ca2886584e221f34ff0ef5de119 (commit) via e0b660c27d8d97b4ad9e2098cc957de26872c0ef (commit) via 1b338abe3abb8c73f004c34d4b8a9272b89dfd5d (commit) via 8b44198b916015f77bef1befa26edb48ad8a0238 (commit) via 805315d3a20f7274195eed75b06c391dacf3b197 (commit) from 31ca19403d56ad71d823cf62990518dfc6905bb4 (commit) - Log ----------------------------------------------------------------- commit 4fe2ee3a449a8ca2886584e221f34ff0ef5de119 Author: Nicola Tuveri Date: Fri Sep 6 14:05:26 2019 +0300 [ec/ecp_nistp*.c] restyle: use {} around `else` too Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) commit e0b660c27d8d97b4ad9e2098cc957de26872c0ef Author: Nicola Tuveri Date: Fri Sep 6 01:31:45 2019 +0300 [ec/ecp_nistp*.c] remove flip_endian() Replace flip_endian() by using the little endian specific BN_bn2lebinpad() and BN_lebin2bn(). Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) commit 1b338abe3abb8c73f004c34d4b8a9272b89dfd5d Author: Nicola Tuveri Date: Fri Sep 6 00:18:36 2019 +0300 Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) commit 8b44198b916015f77bef1befa26edb48ad8a0238 Author: Nicola Tuveri Date: Fri Aug 2 02:08:34 2019 +0300 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME This issue was partially addressed by commit 972c87dfc7e765bd28a4964519c362f0d3a58ca4, which hardened its callee BN_num_bits_word() to avoid leaking the most-significant word of its argument via branching and memory access pattern. The commit message also reported: > There are a few places where BN_num_bits is called on an input where > the bit length is also secret. This does *not* fully resolve those > cases as we still only look at the top word. BN_num_bits() is called directly or indirectly (e.g., through BN_num_bytes() or BN_bn2binpad() ) in various parts of the `crypto/ec` code, notably in all the currently supported implementations of scalar multiplication (in the generic path through ec_scalar_mul_ladder() as well as in dedicated methods like ecp_nistp{224,256,521}.c and ecp_nistz256.c). Under the right conditions, a motivated SCA attacker could retrieve the secret bitlength of a secret nonce through this vulnerability, potentially leading, ultimately, to recover a long-term secret key. With this commit, exclusively for BIGNUMs that are flagged with BN_FLG_CONSTTIME, instead of accessing only bn->top, all the limbs of the BIGNUM are accessed up to bn->dmax and bitwise masking is used to avoid branching. Memory access pattern still leaks bn->dmax, the size of the lazily allocated buffer for representing the BIGNUM, which is inevitable with the current BIGNUM architecture: reading past bn->dmax would be an out-of-bound read. As such, it's the caller responsibility to ensure that bn->dmax does not leak secret information, by explicitly expanding the internal BIGNUM buffer to a public value sufficient to avoid any lazy reallocation while manipulating it: this should be already done at the top level alongside setting the BN_FLG_CONSTTIME. Thanks to David Schrammel and Samuel Weiser for reporting this issue through responsible disclosure. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) commit 805315d3a20f7274195eed75b06c391dacf3b197 Author: Nicola Tuveri Date: Fri Aug 2 01:33:05 2019 +0300 Fix a SCA leak using BN_bn2bin() BN_bn2bin() is not constant-time and leaks the number of bits in the processed BIGNUM. The specialized methods in ecp_nistp224.c, ecp_nistp256.c and ecp_nistp521.c internally used BN_bn2bin() to convert scalars into the internal fixed length representation. This can leak during ECDSA/ECDH key generation or handling the nonce while generating an ECDSA signature, when using these implementations. The amount and risk of leaked information useful for a SCA attack varies for each of the three curves, as it depends mainly on the ratio between the bitlength of the curve subgroup order (governing the size of the secret nonce/key) and the limb size for the internal BIGNUM representation (which depends on the compilation target architecture). To fix this, we replace BN_bn2bin() with BN_bn2binpad(), bounding the output length to the width of the internal representation buffer: this length is public. Internally the final implementation of both BN_bn2binpad() and BN_bn2bin() already has masking in place to avoid leaking bn->top through memory access patterns. Memory access pattern still leaks bn->dmax, the size of the lazily allocated buffer for representing the BIGNUM, which is inevitable with the current BIGNUM architecture: reading past bn->dmax would be an out-of-bound read. As such, it's the caller responsibility to ensure that bn->dmax does not leak secret information, by explicitly expanding the internal BIGNUM buffer to a public value sufficient to avoid any lazy reallocation while manipulating it: this is already done at the top level alongside setting the BN_FLG_CONSTTIME. Finally, the internal implementation of BN_bn2binpad() indirectly calls BN_num_bits() via BN_num_bytes(): the current implementation of BN_num_bits() can leak information to a SCA attacker, and is addressed in the next commit. Thanks to David Schrammel and Samuel Weiser for reporting this issue through responsible disclosure. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 81 ++++++++++++++++++++++++++++++++++++------------ crypto/ec/ecp_nistp224.c | 62 ++++++++++++++++-------------------- crypto/ec/ecp_nistp256.c | 63 ++++++++++++++++--------------------- crypto/ec/ecp_nistp521.c | 63 ++++++++++++++++--------------------- 4 files changed, 141 insertions(+), 128 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 5719a00ebf..01c9da116f 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -132,13 +132,57 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +/* + * This function still leaks `a->dmax`: it's caller's responsibility to + * expand the input `a` in advance to a public length. + */ +static ossl_inline +int bn_num_bits_consttime(const BIGNUM *a) +{ + int j, ret; + unsigned int mask, past_i; + int i = a->top - 1; + bn_check_top(a); + + for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) { + mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */ + + ret += BN_BITS2 & (~mask & ~past_i); + ret += BN_num_bits_word(a->d[j]) & mask; + + past_i |= mask; /* past_i will become 0xff..ff after i==j */ + } + + /* + * if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the + * final result. + */ + mask = ~(constant_time_eq_int(i, ((int)-1))); + + return ret & mask; +} + int BN_num_bits(const BIGNUM *a) { int i = a->top - 1; bn_check_top(a); + if (a->flags & BN_FLG_CONSTTIME) { + /* + * We assume that BIGNUMs flagged as CONSTTIME have also been expanded + * so that a->dmax is not leaking secret information. + * + * In other words, it's the caller's responsibility to ensure `a` has + * been preallocated in advance to a public length if we hit this + * branch. + * + */ + return bn_num_bits_consttime(a); + } + if (BN_is_zero(a)) return 0; + return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } @@ -414,8 +458,11 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) return ret; } +typedef enum {big, little} endianess_t; + /* ignore negative */ -static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +static +int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess) { int n; size_t i, lasti, j, atop, mask; @@ -447,10 +494,17 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) lasti = atop - 1; atop = a->top * BN_BYTES; - for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { + if (endianess == big) + to += tolen; /* start from the end of the buffer */ + for (i = 0, j = 0; j < (size_t)tolen; j++) { + unsigned char val; l = a->d[i / BN_BYTES]; mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); - *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + if (endianess == big) + *--to = val; + else + *to++ = val; i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ } @@ -461,12 +515,12 @@ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { if (tolen < 0) return -1; - return bn2binpad(a, to, tolen); + return bn2binpad(a, to, tolen, big); } int BN_bn2bin(const BIGNUM *a, unsigned char *to) { - return bn2binpad(a, to, -1); + return bn2binpad(a, to, -1, big); } BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) @@ -518,22 +572,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i; - BN_ULONG l; - bn_check_top(a); - i = BN_num_bytes(a); - if (tolen < i) + if (tolen < 0) return -1; - /* Add trailing zeroes if necessary */ - if (tolen > i) - memset(to + i, 0, tolen - i); - to += i; - while (i--) { - l = a->d[i / BN_BYTES]; - to--; - *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; - } - return tolen; + return bn2binpad(a, to, tolen, little); } BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 4725e28724..8922a47bab 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -327,34 +327,21 @@ static void felem_to_bin28(u8 out[28], const felem in) } } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* From OpenSSL BIGNUM to internal representation */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin28_to_felem(out, b_out); return 1; } @@ -362,10 +349,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* From internal representation to OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin28(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin28(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /******************************************************************************/ @@ -1413,8 +1399,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned num_bytes; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1489,14 +1474,12 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* the generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1512,10 +1495,16 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -1558,20 +1547,21 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 3cc5a833a4..4d284fa326 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -146,34 +146,21 @@ static void smallfelem_to_bin32(u8 out[32], const smallfelem in) *((u64 *)&out[24]) = in[3]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin32_to_felem(out, b_out); return 1; } @@ -181,10 +168,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { - felem_bytearray b_in, b_out; - smallfelem_to_bin32(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + smallfelem_to_bin32(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -2033,8 +2019,8 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; smallfelem (*pre_comp)[17][3] = NULL; smallfelem *tmp_smallfelems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; smallfelem x_in, y_in, z_in; @@ -2111,17 +2097,15 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, memset(secrets, 0, sizeof(*secrets) * num_points); memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -2137,10 +2121,16 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -2185,20 +2175,21 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 29b943598d..7b134bb7e7 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -169,34 +169,21 @@ static void felem_to_bin66(u8 out[66], const felem in) (*((limb *) & out[58])) = in[8]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin66_to_felem(out, b_out); return 1; } @@ -204,10 +191,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin66(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin66(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -1875,8 +1861,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1951,17 +1937,15 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1977,10 +1961,16 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -2023,21 +2013,22 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, (const felem(*)[3])g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); From nic.tuv at gmail.com Fri Sep 6 23:24:49 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Fri, 06 Sep 2019 23:24:49 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567812289.322431.32311.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ed0ac119506ac8cbbaa23a1a1347d74a7bf4da47 (commit) via 61387fd3a5e5e1393d329be3b7e43d4e32c0192a (commit) via 2432e1291d9a8808bee9505815072ee755b9c362 (commit) via b9a380f78cd7dbb414bccb38f0904a32d8384fca (commit) via 083f297a48e8c1dd5e02a5fa7be00586f8cb7dff (commit) from 9e1403d91a42d917e684a37a99fa98a0025253c0 (commit) - Log ----------------------------------------------------------------- commit ed0ac119506ac8cbbaa23a1a1347d74a7bf4da47 Author: Nicola Tuveri Date: Fri Sep 6 14:05:26 2019 +0300 [ec/ecp_nistp*.c] restyle: use {} around `else` too Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 4fe2ee3a449a8ca2886584e221f34ff0ef5de119) commit 61387fd3a5e5e1393d329be3b7e43d4e32c0192a Author: Nicola Tuveri Date: Fri Sep 6 01:31:45 2019 +0300 [ec/ecp_nistp*.c] remove flip_endian() Replace flip_endian() by using the little endian specific BN_bn2lebinpad() and BN_lebin2bn(). Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit e0b660c27d8d97b4ad9e2098cc957de26872c0ef) commit 2432e1291d9a8808bee9505815072ee755b9c362 Author: Nicola Tuveri Date: Fri Sep 6 00:18:36 2019 +0300 Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 1b338abe3abb8c73f004c34d4b8a9272b89dfd5d) commit b9a380f78cd7dbb414bccb38f0904a32d8384fca Author: Nicola Tuveri Date: Fri Aug 2 02:08:34 2019 +0300 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME This issue was partially addressed by commit 972c87dfc7e765bd28a4964519c362f0d3a58ca4, which hardened its callee BN_num_bits_word() to avoid leaking the most-significant word of its argument via branching and memory access pattern. The commit message also reported: > There are a few places where BN_num_bits is called on an input where > the bit length is also secret. This does *not* fully resolve those > cases as we still only look at the top word. BN_num_bits() is called directly or indirectly (e.g., through BN_num_bytes() or BN_bn2binpad() ) in various parts of the `crypto/ec` code, notably in all the currently supported implementations of scalar multiplication (in the generic path through ec_scalar_mul_ladder() as well as in dedicated methods like ecp_nistp{224,256,521}.c and ecp_nistz256.c). Under the right conditions, a motivated SCA attacker could retrieve the secret bitlength of a secret nonce through this vulnerability, potentially leading, ultimately, to recover a long-term secret key. With this commit, exclusively for BIGNUMs that are flagged with BN_FLG_CONSTTIME, instead of accessing only bn->top, all the limbs of the BIGNUM are accessed up to bn->dmax and bitwise masking is used to avoid branching. Memory access pattern still leaks bn->dmax, the size of the lazily allocated buffer for representing the BIGNUM, which is inevitable with the current BIGNUM architecture: reading past bn->dmax would be an out-of-bound read. As such, it's the caller responsibility to ensure that bn->dmax does not leak secret information, by explicitly expanding the internal BIGNUM buffer to a public value sufficient to avoid any lazy reallocation while manipulating it: this should be already done at the top level alongside setting the BN_FLG_CONSTTIME. Thanks to David Schrammel and Samuel Weiser for reporting this issue through responsible disclosure. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 8b44198b916015f77bef1befa26edb48ad8a0238) commit 083f297a48e8c1dd5e02a5fa7be00586f8cb7dff Author: Nicola Tuveri Date: Fri Aug 2 01:33:05 2019 +0300 Fix a SCA leak using BN_bn2bin() BN_bn2bin() is not constant-time and leaks the number of bits in the processed BIGNUM. The specialized methods in ecp_nistp224.c, ecp_nistp256.c and ecp_nistp521.c internally used BN_bn2bin() to convert scalars into the internal fixed length representation. This can leak during ECDSA/ECDH key generation or handling the nonce while generating an ECDSA signature, when using these implementations. The amount and risk of leaked information useful for a SCA attack varies for each of the three curves, as it depends mainly on the ratio between the bitlength of the curve subgroup order (governing the size of the secret nonce/key) and the limb size for the internal BIGNUM representation (which depends on the compilation target architecture). To fix this, we replace BN_bn2bin() with BN_bn2binpad(), bounding the output length to the width of the internal representation buffer: this length is public. Internally the final implementation of both BN_bn2binpad() and BN_bn2bin() already has masking in place to avoid leaking bn->top through memory access patterns. Memory access pattern still leaks bn->dmax, the size of the lazily allocated buffer for representing the BIGNUM, which is inevitable with the current BIGNUM architecture: reading past bn->dmax would be an out-of-bound read. As such, it's the caller responsibility to ensure that bn->dmax does not leak secret information, by explicitly expanding the internal BIGNUM buffer to a public value sufficient to avoid any lazy reallocation while manipulating it: this is already done at the top level alongside setting the BN_FLG_CONSTTIME. Finally, the internal implementation of BN_bn2binpad() indirectly calls BN_num_bits() via BN_num_bytes(): the current implementation of BN_num_bits() can leak information to a SCA attacker, and is addressed in the next commit. Thanks to David Schrammel and Samuel Weiser for reporting this issue through responsible disclosure. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 805315d3a20f7274195eed75b06c391dacf3b197) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 81 ++++++++++++++++++++++++++++++++++++------------ crypto/ec/ecp_nistp224.c | 62 ++++++++++++++++-------------------- crypto/ec/ecp_nistp256.c | 63 ++++++++++++++++--------------------- crypto/ec/ecp_nistp521.c | 63 ++++++++++++++++--------------------- 4 files changed, 141 insertions(+), 128 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 279d9c2488..254069ff38 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -132,13 +132,57 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +/* + * This function still leaks `a->dmax`: it's caller's responsibility to + * expand the input `a` in advance to a public length. + */ +static ossl_inline +int bn_num_bits_consttime(const BIGNUM *a) +{ + int j, ret; + unsigned int mask, past_i; + int i = a->top - 1; + bn_check_top(a); + + for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) { + mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */ + + ret += BN_BITS2 & (~mask & ~past_i); + ret += BN_num_bits_word(a->d[j]) & mask; + + past_i |= mask; /* past_i will become 0xff..ff after i==j */ + } + + /* + * if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the + * final result. + */ + mask = ~(constant_time_eq_int(i, ((int)-1))); + + return ret & mask; +} + int BN_num_bits(const BIGNUM *a) { int i = a->top - 1; bn_check_top(a); + if (a->flags & BN_FLG_CONSTTIME) { + /* + * We assume that BIGNUMs flagged as CONSTTIME have also been expanded + * so that a->dmax is not leaking secret information. + * + * In other words, it's the caller's responsibility to ensure `a` has + * been preallocated in advance to a public length if we hit this + * branch. + * + */ + return bn_num_bits_consttime(a); + } + if (BN_is_zero(a)) return 0; + return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } @@ -414,8 +458,11 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) return ret; } +typedef enum {big, little} endianess_t; + /* ignore negative */ -static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +static +int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess) { int n; size_t i, lasti, j, atop, mask; @@ -447,10 +494,17 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) lasti = atop - 1; atop = a->top * BN_BYTES; - for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { + if (endianess == big) + to += tolen; /* start from the end of the buffer */ + for (i = 0, j = 0; j < (size_t)tolen; j++) { + unsigned char val; l = a->d[i / BN_BYTES]; mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); - *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + if (endianess == big) + *--to = val; + else + *to++ = val; i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ } @@ -461,12 +515,12 @@ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { if (tolen < 0) return -1; - return bn2binpad(a, to, tolen); + return bn2binpad(a, to, tolen, big); } int BN_bn2bin(const BIGNUM *a, unsigned char *to) { - return bn2binpad(a, to, -1); + return bn2binpad(a, to, -1, big); } BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) @@ -518,22 +572,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i; - BN_ULONG l; - bn_check_top(a); - i = BN_num_bytes(a); - if (tolen < i) + if (tolen < 0) return -1; - /* Add trailing zeroes if necessary */ - if (tolen > i) - memset(to + i, 0, tolen - i); - to += i; - while (i--) { - l = a->d[i / BN_BYTES]; - to--; - *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; - } - return tolen; + return bn2binpad(a, to, tolen, little); } int BN_ucmp(const BIGNUM *a, const BIGNUM *b) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 025273a144..fbbdb9d938 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -324,34 +324,21 @@ static void felem_to_bin28(u8 out[28], const felem in) } } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* From OpenSSL BIGNUM to internal representation */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin28_to_felem(out, b_out); return 1; } @@ -359,10 +346,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* From internal representation to OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin28(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin28(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /******************************************************************************/ @@ -1402,8 +1388,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned num_bytes; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1478,14 +1463,12 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* the generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1501,10 +1484,16 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -1547,20 +1536,21 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index a21e5f78fc..22ba69aa44 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -146,34 +146,21 @@ static void smallfelem_to_bin32(u8 out[32], const smallfelem in) *((u64 *)&out[24]) = in[3]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin32_to_felem(out, b_out); return 1; } @@ -181,10 +168,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { - felem_bytearray b_in, b_out; - smallfelem_to_bin32(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + smallfelem_to_bin32(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -2024,8 +2010,8 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; smallfelem (*pre_comp)[17][3] = NULL; smallfelem *tmp_smallfelems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; smallfelem x_in, y_in, z_in; @@ -2102,17 +2088,15 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, memset(secrets, 0, sizeof(*secrets) * num_points); memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -2128,10 +2112,16 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -2176,20 +2166,21 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 1e45f1eec5..6340f48279 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -169,34 +169,21 @@ static void felem_to_bin66(u8 out[66], const felem in) (*((limb *) & out[58])) = in[8]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin66_to_felem(out, b_out); return 1; } @@ -204,10 +191,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin66(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin66(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -1866,8 +1852,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1942,17 +1928,15 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1968,10 +1952,16 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -2014,21 +2004,22 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, (const felem(*)[3])g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); From nic.tuv at gmail.com Fri Sep 6 23:31:28 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Fri, 06 Sep 2019 23:31:28 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1567812688.866592.1179.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 207a56437916a715bcf6e299c868c75a17ad8fc0 (commit) via e6f559f9de74a0f861d7de2786c64b62fe4ea3ed (commit) via 212a75004207234fa677f73e71a1c42b541b009e (commit) via 84930232519ae6506101c65d4389619173b6cded (commit) via f7546d64699dc6090d3a9359945cbe785404506e (commit) from f9d1cbe64eebc9e40c7e1f0da4f8f3d98b903b91 (commit) - Log ----------------------------------------------------------------- commit 207a56437916a715bcf6e299c868c75a17ad8fc0 Author: Nicola Tuveri Date: Fri Sep 6 14:05:26 2019 +0300 [ec/ecp_nistp*.c] restyle: use {} around `else` too Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 4fe2ee3a449a8ca2886584e221f34ff0ef5de119) commit e6f559f9de74a0f861d7de2786c64b62fe4ea3ed Author: Nicola Tuveri Date: Fri Sep 6 01:31:45 2019 +0300 [ec/ecp_nistp*.c] remove flip_endian() Replace flip_endian() by using the little endian specific BN_bn2lebinpad() and BN_lebin2bn(). Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit e0b660c27d8d97b4ad9e2098cc957de26872c0ef) commit 212a75004207234fa677f73e71a1c42b541b009e Author: Nicola Tuveri Date: Fri Sep 6 00:18:36 2019 +0300 Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 1b338abe3abb8c73f004c34d4b8a9272b89dfd5d) commit 84930232519ae6506101c65d4389619173b6cded Author: Nicola Tuveri Date: Fri Aug 2 02:08:34 2019 +0300 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME This issue was partially addressed by commit 972c87dfc7e765bd28a4964519c362f0d3a58ca4, which hardened its callee BN_num_bits_word() to avoid leaking the most-significant word of its argument via branching and memory access pattern. The commit message also reported: > There are a few places where BN_num_bits is called on an input where > the bit length is also secret. This does *not* fully resolve those > cases as we still only look at the top word. BN_num_bits() is called directly or indirectly (e.g., through BN_num_bytes() or BN_bn2binpad() ) in various parts of the `crypto/ec` code, notably in all the currently supported implementations of scalar multiplication (in the generic path through ec_scalar_mul_ladder() as well as in dedicated methods like ecp_nistp{224,256,521}.c and ecp_nistz256.c). Under the right conditions, a motivated SCA attacker could retrieve the secret bitlength of a secret nonce through this vulnerability, potentially leading, ultimately, to recover a long-term secret key. With this commit, exclusively for BIGNUMs that are flagged with BN_FLG_CONSTTIME, instead of accessing only bn->top, all the limbs of the BIGNUM are accessed up to bn->dmax and bitwise masking is used to avoid branching. Memory access pattern still leaks bn->dmax, the size of the lazily allocated buffer for representing the BIGNUM, which is inevitable with the current BIGNUM architecture: reading past bn->dmax would be an out-of-bound read. As such, it's the caller responsibility to ensure that bn->dmax does not leak secret information, by explicitly expanding the internal BIGNUM buffer to a public value sufficient to avoid any lazy reallocation while manipulating it: this should be already done at the top level alongside setting the BN_FLG_CONSTTIME. Thanks to David Schrammel and Samuel Weiser for reporting this issue through responsible disclosure. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 8b44198b916015f77bef1befa26edb48ad8a0238) commit f7546d64699dc6090d3a9359945cbe785404506e Author: Nicola Tuveri Date: Fri Aug 2 01:33:05 2019 +0300 Fix a SCA leak using BN_bn2bin() BN_bn2bin() is not constant-time and leaks the number of bits in the processed BIGNUM. The specialized methods in ecp_nistp224.c, ecp_nistp256.c and ecp_nistp521.c internally used BN_bn2bin() to convert scalars into the internal fixed length representation. This can leak during ECDSA/ECDH key generation or handling the nonce while generating an ECDSA signature, when using these implementations. The amount and risk of leaked information useful for a SCA attack varies for each of the three curves, as it depends mainly on the ratio between the bitlength of the curve subgroup order (governing the size of the secret nonce/key) and the limb size for the internal BIGNUM representation (which depends on the compilation target architecture). To fix this, we replace BN_bn2bin() with BN_bn2binpad(), bounding the output length to the width of the internal representation buffer: this length is public. Internally the final implementation of both BN_bn2binpad() and BN_bn2bin() already has masking in place to avoid leaking bn->top through memory access patterns. Memory access pattern still leaks bn->dmax, the size of the lazily allocated buffer for representing the BIGNUM, which is inevitable with the current BIGNUM architecture: reading past bn->dmax would be an out-of-bound read. As such, it's the caller responsibility to ensure that bn->dmax does not leak secret information, by explicitly expanding the internal BIGNUM buffer to a public value sufficient to avoid any lazy reallocation while manipulating it: this is already done at the top level alongside setting the BN_FLG_CONSTTIME. Finally, the internal implementation of BN_bn2binpad() indirectly calls BN_num_bits() via BN_num_bytes(): the current implementation of BN_num_bits() can leak information to a SCA attacker, and is addressed in the next commit. Thanks to David Schrammel and Samuel Weiser for reporting this issue through responsible disclosure. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 805315d3a20f7274195eed75b06c391dacf3b197) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 81 ++++++++++++++++++++++++++++++++++++------------ crypto/ec/ecp_nistp224.c | 62 ++++++++++++++++-------------------- crypto/ec/ecp_nistp256.c | 63 ++++++++++++++++--------------------- crypto/ec/ecp_nistp521.c | 63 ++++++++++++++++--------------------- 4 files changed, 141 insertions(+), 128 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index de46d0f2d1..144653e2b4 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -132,13 +132,57 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +/* + * This function still leaks `a->dmax`: it's caller's responsibility to + * expand the input `a` in advance to a public length. + */ +static ossl_inline +int bn_num_bits_consttime(const BIGNUM *a) +{ + int j, ret; + unsigned int mask, past_i; + int i = a->top - 1; + bn_check_top(a); + + for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) { + mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */ + + ret += BN_BITS2 & (~mask & ~past_i); + ret += BN_num_bits_word(a->d[j]) & mask; + + past_i |= mask; /* past_i will become 0xff..ff after i==j */ + } + + /* + * if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the + * final result. + */ + mask = ~(constant_time_eq_int(i, ((int)-1))); + + return ret & mask; +} + int BN_num_bits(const BIGNUM *a) { int i = a->top - 1; bn_check_top(a); + if (a->flags & BN_FLG_CONSTTIME) { + /* + * We assume that BIGNUMs flagged as CONSTTIME have also been expanded + * so that a->dmax is not leaking secret information. + * + * In other words, it's the caller's responsibility to ensure `a` has + * been preallocated in advance to a public length if we hit this + * branch. + * + */ + return bn_num_bits_consttime(a); + } + if (BN_is_zero(a)) return 0; + return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } @@ -499,8 +543,11 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) return (ret); } +typedef enum {big, little} endianess_t; + /* ignore negative */ -static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +static +int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess) { int n; size_t i, lasti, j, atop, mask; @@ -532,10 +579,17 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) lasti = atop - 1; atop = a->top * BN_BYTES; - for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { + if (endianess == big) + to += tolen; /* start from the end of the buffer */ + for (i = 0, j = 0; j < (size_t)tolen; j++) { + unsigned char val; l = a->d[i / BN_BYTES]; mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); - *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + if (endianess == big) + *--to = val; + else + *to++ = val; i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ } @@ -546,12 +600,12 @@ int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { if (tolen < 0) return -1; - return bn2binpad(a, to, tolen); + return bn2binpad(a, to, tolen, big); } int BN_bn2bin(const BIGNUM *a, unsigned char *to) { - return bn2binpad(a, to, -1); + return bn2binpad(a, to, -1, big); } BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) @@ -603,22 +657,9 @@ BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i; - BN_ULONG l; - bn_check_top(a); - i = BN_num_bytes(a); - if (tolen < i) + if (tolen < 0) return -1; - /* Add trailing zeroes if necessary */ - if (tolen > i) - memset(to + i, 0, tolen - i); - to += i; - while (i--) { - l = a->d[i / BN_BYTES]; - to--; - *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; - } - return tolen; + return bn2binpad(a, to, tolen, little); } int BN_ucmp(const BIGNUM *a, const BIGNUM *b) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 651dcb10a0..2763398a33 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -320,34 +320,21 @@ static void felem_to_bin28(u8 out[28], const felem in) } } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* From OpenSSL BIGNUM to internal representation */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin28_to_felem(out, b_out); return 1; } @@ -355,10 +342,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* From internal representation to OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin28(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin28(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /******************************************************************************/ @@ -1402,8 +1388,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned num_bytes; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1480,14 +1465,12 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* the generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1503,10 +1486,16 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -1549,20 +1538,21 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index dfd98c62fe..8f3063563c 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -146,34 +146,21 @@ static void smallfelem_to_bin32(u8 out[32], const smallfelem in) *((u64 *)&out[24]) = in[3]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin32_to_felem(out, b_out); return 1; } @@ -181,10 +168,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { - felem_bytearray b_in, b_out; - smallfelem_to_bin32(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + smallfelem_to_bin32(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -2019,8 +2005,8 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; smallfelem (*pre_comp)[17][3] = NULL; smallfelem *tmp_smallfelems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; smallfelem x_in, y_in, z_in; @@ -2099,17 +2085,15 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, memset(secrets, 0, sizeof(*secrets) * num_points); memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -2125,10 +2109,16 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -2173,20 +2163,21 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 6059c2efc8..7e6b5a9ba2 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -169,34 +169,21 @@ static void felem_to_bin66(u8 out[66], const felem in) (*((limb *) & out[58])) = in[8]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin66_to_felem(out, b_out); return 1; } @@ -204,10 +191,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin66(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin66(b_out, in); + return BN_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -1846,8 +1832,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1924,17 +1910,15 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1950,10 +1934,16 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = BN_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, p->X)) || (!BN_to_felem(y_out, p->Y)) || @@ -1996,21 +1986,22 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, (const felem(*)[3])g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); From builds at travis-ci.org Fri Sep 6 23:35:34 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 23:35:34 +0000 Subject: Errored: openssl/openssl#27964 (master - 4fe2ee3) In-Reply-To: Message-ID: <5d72ed4640585_43fe14973ed201905f3@ccaa65e5-83f1-4f47-a35a-8b6a1cb03b71.mail> Build Update for openssl/openssl ------------------------------------- Build: #27964 Status: Errored Duration: 25 mins and 27 secs Commit: 4fe2ee3 (master) Author: Nicola Tuveri Message: [ec/ecp_nistp*.c] restyle: use {} around `else` too Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) View the changeset: https://github.com/openssl/openssl/compare/31ca19403d56...4fe2ee3a449a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581893898?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Fri Sep 6 23:42:27 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Fri, 06 Sep 2019 23:42:27 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1567813347.056096.3427.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 920e37e3a7d6bb935dba446eb80cacb4c34e7488 (commit) via e3679b1547fc3b2d8e01943004d473c323b6f20d (commit) via bde4a001b3ad4b90a4dbf5d31b18e30e42230e69 (commit) via 853950f7bfc71b61a2e62db2563748b350b715cb (commit) via 2e9d293447b95c2a69eb5ff07fe974361d779444 (commit) from 55611d549bcf65e0de04938adbf403ccf02f241b (commit) - Log ----------------------------------------------------------------- commit 920e37e3a7d6bb935dba446eb80cacb4c34e7488 Author: Nicola Tuveri Date: Fri Sep 6 14:05:26 2019 +0300 [ec/ecp_nistp*.c] restyle: use {} around `else` too Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9793) commit e3679b1547fc3b2d8e01943004d473c323b6f20d Author: Nicola Tuveri Date: Fri Sep 6 01:31:45 2019 +0300 [ec/ecp_nistp*.c] remove flip_endian() Replace flip_endian() by using the little endian specific bn_bn2lebinpad() and bn_lebin2bn(). Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9793) commit bde4a001b3ad4b90a4dbf5d31b18e30e42230e69 Author: Nicola Tuveri Date: Fri Sep 6 00:18:36 2019 +0300 Uniform bn_bn2binpad() and bn_bn2lebinpad() implementations Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9793) commit 853950f7bfc71b61a2e62db2563748b350b715cb Author: Nicola Tuveri Date: Fri Aug 2 02:08:34 2019 +0300 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME This issue was partially addressed by commit 972c87dfc7e765bd28a4964519c362f0d3a58ca4, which hardened its callee BN_num_bits_word() to avoid leaking the most-significant word of its argument via branching and memory access pattern. The commit message also reported: > There are a few places where BN_num_bits is called on an input where > the bit length is also secret. This does *not* fully resolve those > cases as we still only look at the top word. BN_num_bits() is called directly or indirectly (e.g., through BN_num_bytes() or BN_bn2binpad() ) in various parts of the `crypto/ec` code, notably in all the currently supported implementations of scalar multiplication (in the generic path through ec_scalar_mul_ladder() as well as in dedicated methods like ecp_nistp{224,256,521}.c and ecp_nistz256.c). Under the right conditions, a motivated SCA attacker could retrieve the secret bitlength of a secret nonce through this vulnerability, potentially leading, ultimately, to recover a long-term secret key. With this commit, exclusively for BIGNUMs that are flagged with BN_FLG_CONSTTIME, instead of accessing only bn->top, all the limbs of the BIGNUM are accessed up to bn->dmax and bitwise masking is used to avoid branching. Memory access pattern still leaks bn->dmax, the size of the lazily allocated buffer for representing the BIGNUM, which is inevitable with the current BIGNUM architecture: reading past bn->dmax would be an out-of-bound read. As such, it's the caller responsibility to ensure that bn->dmax does not leak secret information, by explicitly expanding the internal BIGNUM buffer to a public value sufficient to avoid any lazy reallocation while manipulating it: this should be already done at the top level alongside setting the BN_FLG_CONSTTIME. Thanks to David Schrammel and Samuel Weiser for reporting this issue through responsible disclosure. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9793) commit 2e9d293447b95c2a69eb5ff07fe974361d779444 Author: Nicola Tuveri Date: Fri Aug 2 01:33:05 2019 +0300 Fix a SCA leak using BN_bn2bin() BN_bn2bin() is not constant-time and leaks the number of bits in the processed BIGNUM. The specialized methods in ecp_nistp224.c, ecp_nistp256.c and ecp_nistp521.c internally used BN_bn2bin() to convert scalars into the internal fixed length representation. This can leak during ECDSA/ECDH key generation or handling the nonce while generating an ECDSA signature, when using these implementations. The amount and risk of leaked information useful for a SCA attack varies for each of the three curves, as it depends mainly on the ratio between the bitlength of the curve subgroup order (governing the size of the secret nonce/key) and the limb size for the internal BIGNUM representation (which depends on the compilation target architecture). To fix this, we replace BN_bn2bin() with bn_bn2binpad(), bounding the output length to the width of the internal representation buffer: this length is public. Internally the final implementation of both bn_bn2binpad() and BN_bn2bin() already has masking in place to avoid leaking bn->top through memory access patterns. Memory access pattern still leaks bn->dmax, the size of the lazily allocated buffer for representing the BIGNUM, which is inevitable with the current BIGNUM architecture: reading past bn->dmax would be an out-of-bound read. As such, it's the caller responsibility to ensure that bn->dmax does not leak secret information, by explicitly expanding the internal BIGNUM buffer to a public value sufficient to avoid any lazy reallocation while manipulating it: this is already done at the top level alongside setting the BN_FLG_CONSTTIME. Finally, the internal implementation of bn_bn2binpad() indirectly calls BN_num_bits() via BN_num_bytes(): the current implementation of BN_num_bits() can leak information to a SCA attacker, and is addressed in the next commit. Thanks to David Schrammel and Samuel Weiser for reporting this issue through responsible disclosure. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9793) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 122 ++++++++++++++++++++++++++++++++++++++++++----- crypto/bn_int.h | 3 ++ crypto/ec/ecp_nistp224.c | 63 +++++++++++------------- crypto/ec/ecp_nistp256.c | 64 +++++++++++-------------- crypto/ec/ecp_nistp521.c | 64 +++++++++++-------------- 5 files changed, 197 insertions(+), 119 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 2a84698af8..d4419a382c 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -66,6 +66,7 @@ #include #include "cryptlib.h" #include "bn_lcl.h" +#include "constant_time_locl.h" const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; @@ -187,13 +188,57 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +/* + * This function still leaks `a->dmax`: it's caller's responsibility to + * expand the input `a` in advance to a public length. + */ +static inline +int bn_num_bits_consttime(const BIGNUM *a) +{ + int j, ret; + unsigned int mask, past_i; + int i = a->top - 1; + bn_check_top(a); + + for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) { + mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */ + + ret += BN_BITS2 & (~mask & ~past_i); + ret += BN_num_bits_word(a->d[j]) & mask; + + past_i |= mask; /* past_i will become 0xff..ff after i==j */ + } + + /* + * if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the + * final result. + */ + mask = ~(constant_time_eq_int(i, ((int)-1))); + + return ret & mask; +} + int BN_num_bits(const BIGNUM *a) { int i = a->top - 1; bn_check_top(a); + if (a->flags & BN_FLG_CONSTTIME) { + /* + * We assume that BIGNUMs flagged as CONSTTIME have also been expanded + * so that a->dmax is not leaking secret information. + * + * In other words, it's the caller's responsibility to ensure `a` has + * been preallocated in advance to a public length if we hit this + * branch. + * + */ + return bn_num_bits_consttime(a); + } + if (BN_is_zero(a)) return 0; + return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); } @@ -613,8 +658,11 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) return (ret); } +typedef enum {big, little} endianess_t; + /* ignore negative */ -static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +static +int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess) { int n; size_t i, lasti, j, atop, mask; @@ -646,10 +694,17 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) lasti = atop - 1; atop = a->top * BN_BYTES; - for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { + if (endianess == big) + to += tolen; /* start from the end of the buffer */ + for (i = 0, j = 0; j < (size_t)tolen; j++) { + unsigned char val; l = a->d[i / BN_BYTES]; mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); - *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + if (endianess == big) + *--to = val; + else + *to++ = val; i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ } @@ -660,21 +715,66 @@ int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { if (tolen < 0) return -1; - return bn2binpad(a, to, tolen); + return bn2binpad(a, to, tolen, big); } int BN_bn2bin(const BIGNUM *a, unsigned char *to) { - int n, i; + return bn2binpad(a, to, -1, big); +} + +BIGNUM *bn_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) +{ + unsigned int i, m; + unsigned int n; BN_ULONG l; + BIGNUM *bn = NULL; - bn_check_top(a); - n = i = BN_num_bytes(a); - while (i--) { - l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; + if (ret == NULL) + ret = bn = BN_new(); + if (ret == NULL) + return NULL; + bn_check_top(ret); + s += len; + /* Skip trailing zeroes. */ + for ( ; len > 0 && s[-1] == 0; s--, len--) + continue; + n = len; + if (n == 0) { + ret->top = 0; + return ret; + } + i = ((n - 1) / BN_BYTES) + 1; + m = ((n - 1) % (BN_BYTES)); + if (bn_wexpand(ret, (int)i) == NULL) { + BN_free(bn); + return NULL; + } + ret->top = i; + ret->neg = 0; + l = 0; + while (n--) { + s--; + l = (l << 8L) | *s; + if (m-- == 0) { + ret->d[--i] = l; + l = 0; + m = BN_BYTES - 1; + } } - return (n); + /* + * need to call this due to clear byte at top if avoiding having the top + * bit set (-ve number) + */ + bn_correct_top(ret); + return ret; +} + +int bn_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) +{ + if (tolen < 0) + return -1; + return bn2binpad(a, to, tolen, little); } int BN_ucmp(const BIGNUM *a, const BIGNUM *b) diff --git a/crypto/bn_int.h b/crypto/bn_int.h index a552cc20be..6791154818 100644 --- a/crypto/bn_int.h +++ b/crypto/bn_int.h @@ -19,3 +19,6 @@ int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); + +BIGNUM *bn_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int bn_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 121f587b58..76eaa7052a 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -37,6 +37,7 @@ # include # include # include "ec_lcl.h" +# include "bn_int.h" /* bn_bn2lebinpad, bn_lebin2bn */ # if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -334,34 +335,21 @@ static void felem_to_bin28(u8 out[28], const felem in) } } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* From OpenSSL BIGNUM to internal representation */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = bn_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin28_to_felem(out, b_out); return 1; } @@ -369,10 +357,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* From internal representation to OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin28(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin28(b_out, in); + return bn_lebin2bn(b_out, sizeof(b_out), out); } /******************************************************************************/ @@ -1426,8 +1413,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem(*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned num_bytes; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1509,14 +1495,12 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, memset(secrets, 0, num_points * sizeof(felem_bytearray)); memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* the generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1532,10 +1516,16 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = bn_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = bn_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || @@ -1578,20 +1568,21 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = bn_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = bn_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 378f0bae08..5576d312b9 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -38,6 +38,7 @@ # include # include # include "ec_lcl.h" +# include "bn_int.h" /* bn_bn2lebinpad, bn_lebin2bn */ # if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -144,34 +145,21 @@ static void smallfelem_to_bin32(u8 out[32], const smallfelem in) *((u64 *)&out[24]) = in[3]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = bn_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin32_to_felem(out, b_out); return 1; } @@ -179,10 +167,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { - felem_bytearray b_in, b_out; - smallfelem_to_bin32(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + smallfelem_to_bin32(b_out, in); + return bn_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -2014,8 +2001,8 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; smallfelem(*pre_comp)[17][3] = NULL; smallfelem *tmp_smallfelems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; smallfelem x_in, y_in, z_in; @@ -2097,17 +2084,15 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, memset(secrets, 0, num_points * sizeof(felem_bytearray)); memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem)); for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -2123,10 +2108,16 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = bn_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = bn_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || @@ -2171,20 +2162,21 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = bn_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = bn_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 1a42068c01..007cffa01d 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -38,6 +38,7 @@ # include # include # include "ec_lcl.h" +# include "bn_int.h" /* bn_bn2lebinpad, bn_lebin2bn */ # if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -168,34 +169,21 @@ static void felem_to_bin66(u8 out[66], const felem in) (*((limb *) & out[58])) = in[8]; } -/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ -static void flip_endian(u8 *out, const u8 *in, unsigned len) -{ - unsigned i; - for (i = 0; i < len; ++i) - out[i] = in[len - 1 - i]; -} - /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ static int BN_to_felem(felem out, const BIGNUM *bn) { - felem_bytearray b_in; felem_bytearray b_out; - unsigned num_bytes; + int num_bytes; - /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof(b_out)); - num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof(b_out)) { + if (BN_is_negative(bn)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - if (BN_is_negative(bn)) { + num_bytes = bn_bn2lebinpad(bn, b_out, sizeof(b_out)); + if (num_bytes < 0) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } - num_bytes = BN_bn2bin(bn, b_in); - flip_endian(b_out, b_in, num_bytes); bin66_to_felem(out, b_out); return 1; } @@ -203,10 +191,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* felem_to_BN converts an felem into an OpenSSL BIGNUM */ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { - felem_bytearray b_in, b_out; - felem_to_bin66(b_in, in); - flip_endian(b_out, b_in, sizeof(b_out)); - return BN_bin2bn(b_out, sizeof(b_out), out); + felem_bytearray b_out; + felem_to_bin66(b_out, in); + return bn_lebin2bn(b_out, sizeof(b_out), out); } /*- @@ -1826,8 +1813,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, felem_bytearray *secrets = NULL; felem(*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; - felem_bytearray tmp; - unsigned i, num_bytes; + unsigned i; + int num_bytes; int have_pre_comp = 0; size_t num_points = num; felem x_in, y_in, z_in, x_out, y_out, z_out; @@ -1909,17 +1896,15 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, memset(secrets, 0, num_points * sizeof(felem_bytearray)); memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); for (i = 0; i < num_points; ++i) { - if (i == num) + if (i == num) { /* * we didn't have a valid precomputation, so we pick the * generator */ - { p = EC_GROUP_get0_generator(group); p_scalar = scalar; - } else + } else { /* the i^th point */ - { p = points[i]; p_scalar = scalars[i]; } @@ -1935,10 +1920,16 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(p_scalar, tmp); - flip_endian(secrets[i], tmp, num_bytes); + num_bytes = bn_bn2lebinpad(tmp_scalar, + secrets[i], sizeof(secrets[i])); + } else { + num_bytes = bn_bn2lebinpad(p_scalar, + secrets[i], sizeof(secrets[i])); + } + if (num_bytes < 0) { + ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); + goto err; + } /* precompute multiples */ if ((!BN_to_felem(x_out, &p->X)) || (!BN_to_felem(y_out, &p->Y)) || @@ -1981,21 +1972,22 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB); goto err; } - num_bytes = BN_bn2bin(tmp_scalar, tmp); - } else - num_bytes = BN_bn2bin(scalar, tmp); - flip_endian(g_secret, tmp, num_bytes); + num_bytes = bn_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); + } else { + num_bytes = bn_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); + } /* do the multiplication with generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, g_secret, mixed, (const felem(*)[17][3])pre_comp, (const felem(*)[3])g_pre_comp); - } else + } else { /* do the multiplication without generator precomputation */ batch_mul(x_out, y_out, z_out, (const felem_bytearray(*))secrets, num_points, NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); + } /* reduce the output to its unique minimal representation */ felem_contract(x_in, x_out); felem_contract(y_in, y_out); From builds at travis-ci.org Fri Sep 6 23:45:05 2019 From: builds at travis-ci.org (Travis CI) Date: Fri, 06 Sep 2019 23:45:05 +0000 Subject: Still Failing: openssl/openssl#27965 (OpenSSL_1_1_1-stable - ed0ac11) In-Reply-To: Message-ID: <5d72ef8163c2c_43f976a18d5581450dc@ef76f4eb-b4e6-4417-841e-3d06ff14a7c9.mail> Build Update for openssl/openssl ------------------------------------- Build: #27965 Status: Still Failing Duration: 19 mins and 36 secs Commit: ed0ac11 (OpenSSL_1_1_1-stable) Author: Nicola Tuveri Message: [ec/ecp_nistp*.c] restyle: use {} around `else` too Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9511) (cherry picked from commit 4fe2ee3a449a8ca2886584e221f34ff0ef5de119) View the changeset: https://github.com/openssl/openssl/compare/9e1403d91a42...ed0ac119506a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581897452?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Sat Sep 7 01:05:10 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sat, 07 Sep 2019 01:05:10 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567818310.011644.14974.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a6186f39802f94937a46f7a41ef0c86b6334b592 (commit) via eb1ec38b266340710cb97c90b08fc90edd06262c (commit) via 30c22fa8b1d840036b8e203585738df62a03cec8 (commit) from ed0ac119506ac8cbbaa23a1a1347d74a7bf4da47 (commit) - Log ----------------------------------------------------------------- commit a6186f39802f94937a46f7a41ef0c86b6334b592 Author: Billy Brumley Date: Fri Sep 6 17:26:40 2019 +0300 CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9781) commit eb1ec38b266340710cb97c90b08fc90edd06262c Author: Billy Brumley Date: Thu Sep 5 21:25:52 2019 +0300 [test] computing ECC cofactors: regression test Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9781) commit 30c22fa8b1d840036b8e203585738df62a03cec8 Author: Billy Brumley Date: Thu Sep 5 21:25:37 2019 +0300 [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it The cofactor argument to EC_GROUP_set_generator is optional, and SCA mitigations for ECC currently use it. So the library currently falls back to very old SCA-vulnerable code if the cofactor is not present. This PR allows EC_GROUP_set_generator to compute the cofactor for all curves of cryptographic interest. Steering scalar multiplication to more SCA-robust code. This issue affects persisted private keys in explicit parameter form, where the (optional) cofactor field is zero or absent. It also affects curves not built-in to the library, but constructed programatically with explicit parameters, then calling EC_GROUP_set_generator with a nonsensical value (NULL, zero). The very old scalar multiplication code is known to be vulnerable to local uarch attacks, outside of the OpenSSL threat model. New results suggest the code path is also vulnerable to traditional wall clock timing attacks. CVE-2019-1547 Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9781) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++ crypto/ec/ec_lib.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++---- test/ectest.c | 84 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 186 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 8f732cb303..d34bba83fe 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,12 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before + this change, EC_GROUP_set_generator would accept order and/or cofactor as + NULL. After this change, only the cofactor parameter can be NULL. It also + does some minimal sanity checks on the passed order. + [Billy Bob Brumley] + *) Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. The RAND subsystem will wait for /dev/random to be producing output before seeding from /dev/urandom. diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 8cab5a5061..1289c8608e 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -265,6 +265,67 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth) static int ec_precompute_mont_data(EC_GROUP *); +/*- + * Try computing cofactor from the generator order (n) and field cardinality (q). + * This works for all curves of cryptographic interest. + * + * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q) + * h_min = (q + 1 - 2*sqrt(q))/n + * h_max = (q + 1 + 2*sqrt(q))/n + * h_max - h_min = 4*sqrt(q)/n + * So if n > 4*sqrt(q) holds, there is only one possible value for h: + * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil + * + * Otherwise, zero cofactor and return success. + */ +static int ec_guess_cofactor(EC_GROUP *group) { + int ret = 0; + BN_CTX *ctx = NULL; + BIGNUM *q = NULL; + + /*- + * If the cofactor is too large, we cannot guess it. + * The RHS of below is a strict overestimate of lg(4 * sqrt(q)) + */ + if (BN_num_bits(group->order) <= (BN_num_bits(group->field) + 1) / 2 + 3) { + /* default to 0 */ + BN_zero(group->cofactor); + /* return success */ + return 1; + } + + if ((ctx = BN_CTX_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; + + /* set q = 2**m for binary fields; q = p otherwise */ + if (group->meth->field_type == NID_X9_62_characteristic_two_field) { + BN_zero(q); + if (!BN_set_bit(q, BN_num_bits(group->field) - 1)) + goto err; + } else { + if (!BN_copy(q, group->field)) + goto err; + } + + /* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor */ + if (!BN_rshift1(group->cofactor, group->order) /* n/2 */ + || !BN_add(group->cofactor, group->cofactor, q) /* q + n/2 */ + /* q + 1 + n/2 */ + || !BN_add(group->cofactor, group->cofactor, BN_value_one()) + /* (q + 1 + n/2)/n */ + || !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx)) + goto err; + ret = 1; + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { @@ -273,6 +334,34 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, return 0; } + /* require group->field >= 1 */ + if (group->field == NULL || BN_is_zero(group->field) + || BN_is_negative(group->field)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD); + return 0; + } + + /*- + * - require order >= 1 + * - enforce upper bound due to Hasse thm: order can be no more than one bit + * longer than field cardinality + */ + if (order == NULL || BN_is_zero(order) || BN_is_negative(order) + || BN_num_bits(order) > BN_num_bits(group->field) + 1) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_GROUP_ORDER); + return 0; + } + + /*- + * Unfortunately the cofactor is an optional field in many standards. + * Internally, the lib uses 0 cofactor as a marker for "unknown cofactor". + * So accept cofactor == NULL or cofactor >= 0. + */ + if (cofactor != NULL && BN_is_negative(cofactor)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_UNKNOWN_COFACTOR); + return 0; + } + if (group->generator == NULL) { group->generator = EC_POINT_new(group); if (group->generator == NULL) @@ -281,17 +370,17 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, if (!EC_POINT_copy(group->generator, generator)) return 0; - if (order != NULL) { - if (!BN_copy(group->order, order)) - return 0; - } else - BN_zero(group->order); + if (!BN_copy(group->order, order)) + return 0; - if (cofactor != NULL) { + /* Either take the provided positive cofactor, or try to compute it */ + if (cofactor != NULL && !BN_is_zero(cofactor)) { if (!BN_copy(group->cofactor, cofactor)) return 0; - } else + } else if (!ec_guess_cofactor(group)) { BN_zero(group->cofactor); + return 0; + } /* * Some groups have an order with diff --git a/test/ectest.c b/test/ectest.c index 269ec4ef8f..ddc4ea11d6 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1561,6 +1561,89 @@ err: OPENSSL_free(buf); return r; } + +/*- + * For named curves, test that: + * - the lib correctly computes the cofactor if passed a NULL or zero cofactor + * - a nonsensical cofactor throws an error (negative test) + * - nonsensical orders throw errors (negative tests) + */ +static int cardinality_test(int n) +{ + int ret = 0; + int nid = curves[n].nid; + BN_CTX *ctx = NULL; + EC_GROUP *g1 = NULL, *g2 = NULL; + EC_POINT *g2_gen = NULL; + BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL, + *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL; + + TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); + + if (!TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(g2 = EC_GROUP_new(EC_GROUP_method_of(g1)))) { + EC_GROUP_free(g1); + EC_GROUP_free(g2); + BN_CTX_free(ctx); + return 0; + } + + BN_CTX_start(ctx); + g1_p = BN_CTX_get(ctx); + g1_a = BN_CTX_get(ctx); + g1_b = BN_CTX_get(ctx); + g1_x = BN_CTX_get(ctx); + g1_y = BN_CTX_get(ctx); + g1_order = BN_CTX_get(ctx); + g1_cf = BN_CTX_get(ctx); + + if (!TEST_ptr(g2_cf = BN_CTX_get(ctx)) + /* pull out the explicit curve parameters */ + || !TEST_true(EC_GROUP_get_curve(g1, g1_p, g1_a, g1_b, ctx)) + || !TEST_true(EC_POINT_get_affine_coordinates(g1, + EC_GROUP_get0_generator(g1), g1_x, g1_y, ctx)) + || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) + || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) + /* construct g2 manually with g1 parameters */ + || !TEST_true(EC_GROUP_set_curve(g2, g1_p, g1_a, g1_b, ctx)) + || !TEST_ptr(g2_gen = EC_POINT_new(g2)) + || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx)) + /* pass NULL cofactor: lib should compute it */ + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* pass zero cofactor: lib should compute it */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + || !TEST_true(EC_GROUP_get_cofactor(g2, g2_cf, ctx)) + || !TEST_BN_eq(g1_cf, g2_cf) + /* negative test for invalid cofactor */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + /* negative test for NULL order */ + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL)) + /* negative test for zero order */ + || !TEST_true(BN_set_word(g1_order, 0)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for negative order */ + || !TEST_true(BN_set_word(g2_cf, 0)) + || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + /* negative test for too large order */ + || !TEST_true(BN_lshift(g1_order, g1_p, 2)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) + goto err; + ret = 1; + err: + EC_POINT_free(g2_gen); + EC_GROUP_free(g1); + EC_GROUP_free(g2); + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} #endif int setup_tests(void) @@ -1572,6 +1655,7 @@ int setup_tests(void) return 0; ADD_TEST(parameter_test); + ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); # ifndef OPENSSL_NO_EC2M ADD_TEST(char2_field_tests); From builds at travis-ci.org Sat Sep 7 01:24:14 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 07 Sep 2019 01:24:14 +0000 Subject: Still Failing: openssl/openssl#27970 (OpenSSL_1_1_1-stable - a6186f3) In-Reply-To: Message-ID: <5d7306be70b0c_43fae3ad0b420184133@67cd2c3c-94b9-418a-908e-7b44206be80c.mail> Build Update for openssl/openssl ------------------------------------- Build: #27970 Status: Still Failing Duration: 18 mins and 14 secs Commit: a6186f3 (OpenSSL_1_1_1-stable) Author: Billy Brumley Message: CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9781) View the changeset: https://github.com/openssl/openssl/compare/ed0ac119506a...a6186f39802f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581920154?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Sat Sep 7 06:07:27 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 07 Sep 2019 06:07:27 +0000 Subject: [openssl] master update Message-ID: <1567836447.792640.8239.nullmailer@dev.openssl.org> The branch master has been updated via e97bab6929bbbc5b8364b25ca2ef4fcb02dd6e2a (commit) via a1de4680fbf53b0feffd27baca3c6b4caf0c6c45 (commit) via 0f0db4dc2520777b889968c93e054693c5c58fdc (commit) via 7e149b39288fdfc8d57c881536b272fae78df038 (commit) via e957226a0cf2150003b5b2d0b46ab9a89011f66f (commit) via 86f17ed64cb881a97801405906f4da7041a6edf8 (commit) via cb74317b4f525feca9129944f82e74e23b2e381f (commit) via c69561de00a032f85ec92d30c1e0bfa761b81dfd (commit) via 96d7e2733ef66e364f89aa394a6bdd49df48f2ae (commit) via 103d8b0be434c293c661861bda505f35f04d288f (commit) via 76497acf522578827f390891cf45c87280423d32 (commit) via 1dcc7ee6cf816e5fba8b99d278829031d71ee9df (commit) via 2f17cc493cfaa5c77a77d4f174dd2403188c41da (commit) from 4fe2ee3a449a8ca2886584e221f34ff0ef5de119 (commit) - Log ----------------------------------------------------------------- commit e97bab6929bbbc5b8364b25ca2ef4fcb02dd6e2a Author: Pauli Date: Sat Sep 7 10:50:46 2019 +1000 Use common digest getter for X942 KDF Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit a1de4680fbf53b0feffd27baca3c6b4caf0c6c45 Author: Pauli Date: Sat Sep 7 10:50:14 2019 +1000 Use common digest getter for SSH KDF Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit 0f0db4dc2520777b889968c93e054693c5c58fdc Author: Pauli Date: Sat Sep 7 10:49:53 2019 +1000 Use common digest getter for TLS1 PRF Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit 7e149b39288fdfc8d57c881536b272fae78df038 Author: Pauli Date: Sat Sep 7 10:49:36 2019 +1000 Use common digest getter for single step KDF Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit e957226a0cf2150003b5b2d0b46ab9a89011f66f Author: Pauli Date: Sat Sep 7 10:49:18 2019 +1000 Use common digest getter for PBKDF2 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit 86f17ed64cb881a97801405906f4da7041a6edf8 Author: Pauli Date: Sat Sep 7 10:48:56 2019 +1000 Use common digest getter for HKDF Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit cb74317b4f525feca9129944f82e74e23b2e381f Author: Pauli Date: Sat Sep 7 10:48:07 2019 +1000 Use common define for properties, engine, cipher and digest params Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit c69561de00a032f85ec92d30c1e0bfa761b81dfd Author: Pauli Date: Sat Sep 7 10:47:37 2019 +1000 Add 'engine' param to KDFs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit 96d7e2733ef66e364f89aa394a6bdd49df48f2ae Author: Pauli Date: Thu Sep 5 13:55:04 2019 +1000 KMAC using common digest get code Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit 103d8b0be434c293c661861bda505f35f04d288f Author: Pauli Date: Thu Sep 5 13:54:53 2019 +1000 HMAC using common digest get code Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit 76497acf522578827f390891cf45c87280423d32 Author: Pauli Date: Thu Sep 5 14:24:44 2019 +1000 GMAC using common cipher get code Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit 1dcc7ee6cf816e5fba8b99d278829031d71ee9df Author: Pauli Date: Thu Sep 5 14:15:02 2019 +1000 CMAC using common cipher get code Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) commit 2f17cc493cfaa5c77a77d4f174dd2403188c41da Author: Pauli Date: Thu Sep 5 13:53:20 2019 +1000 Unify the digest getting code inside providers. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_KDF.pod | 20 +-- include/openssl/core_names.h | 23 +++- providers/common/build.info | 5 +- providers/common/include/internal/provider_util.h | 79 +++++++++++ providers/common/include/internal/providercommon.h | 1 + providers/common/kdfs/hkdf.c | 44 ++---- providers/common/kdfs/pbkdf2.c | 41 ++---- providers/common/kdfs/sskdf.c | 50 +++---- providers/common/kdfs/tls1_prf.c | 68 ++++------ providers/common/macs/cmac_prov.c | 97 ++----------- providers/common/macs/gmac_prov.c | 92 +++---------- providers/common/macs/hmac_prov.c | 98 +++---------- providers/common/macs/kmac_prov.c | 80 +++++------ providers/common/provider_util.c | 151 +++++++++++++++++++++ providers/default/kdfs/sshkdf.c | 35 ++--- providers/default/kdfs/x942kdf.c | 40 ++---- 16 files changed, 441 insertions(+), 483 deletions(-) create mode 100644 providers/common/include/internal/provider_util.h create mode 100644 providers/common/provider_util.c diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index fc09d5fad8..2069e7f0ee 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -166,18 +166,22 @@ The default value, if any, is implementation dependent. =item B ("properties") -Some KDF implementations use other cryptographic algorithms, this parameter -sets what property query will be used to fetch the implementation. - =item B ("mac") -Some KDF implementations use a MAC as an underlying computation -algorithm, this parameter sets what the MAC algorithm should be. - =item B ("digest") -For MAC implementations that use a message digest as an underlying computation -algorithm, this parameter sets what the digest algorithm should be. +=item B ("engine") + +For KDF implementations that use an underlying computation MAC or +digest, these parameters set what the algorithm should be, and the +engine that implements the algorithm or the properties to fetch it +by if needed. + +The value is always the name of the intended engine, algorithm, +or the properties. + +Note that not all algorithms may support all possible underlying +implementations. =item B ("key") diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 1d8857295c..b78a0978fd 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -40,6 +40,16 @@ extern "C" { */ #define OSSL_PROV_PARAM_MODULE_FILENAME "module-filename" +/* + * Algorithm parameters + * If "engine" or "properties" are specified, they should always be paired + * with the algorithm type. + */ +#define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */ +#define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */ +#define OSSL_ALG_PARAM_ENGINE "engine" /* utf8_string */ +#define OSSL_ALG_PARAM_PROPERTIES "properties"/* utf8_string */ + /* cipher parameters */ #define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ #define OSSL_CIPHER_PARAM_MODE "mode" /* uint */ @@ -80,10 +90,10 @@ extern "C" { * If "engine" or "properties" are specified, they should always be paired * with "cipher" or "digest". */ -#define OSSL_MAC_PARAM_CIPHER "cipher" /* utf8 string */ -#define OSSL_MAC_PARAM_DIGEST "digest" /* utf8 string */ -#define OSSL_MAC_PARAM_ENGINE "engine" /* utf8 string */ -#define OSSL_MAC_PARAM_PROPERTIES "properties" /* utf8 string */ +#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ +#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ +#define OSSL_MAC_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE /* utf8 string */ +#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ #define OSSL_MAC_PARAM_SIZE "size" /* size_t */ /* Known MAC names (not a complete list) */ @@ -97,10 +107,11 @@ extern "C" { #define OSSL_KDF_PARAM_KEY "key" /* octet string */ #define OSSL_KDF_PARAM_SALT "salt" /* octet string */ #define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ -#define OSSL_KDF_PARAM_DIGEST "digest" /* utf8 string */ +#define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ #define OSSL_KDF_PARAM_MAC "mac" /* utf8 string */ #define OSSL_KDF_PARAM_MAC_SIZE "maclen" /* size_t */ -#define OSSL_KDF_PARAM_PROPERTIES "properties" /* utf8 string */ +#define OSSL_KDF_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE /* utf8 string */ +#define OSSL_KDF_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */ #define OSSL_KDF_PARAM_ITER "iter" /* unsigned int */ #define OSSL_KDF_PARAM_MODE "mode" /* utf8 string or int */ #define OSSL_KDF_PARAM_PKCS5 "pkcs5" /* int */ diff --git a/providers/common/build.info b/providers/common/build.info index 4d87b15e8d..b098ca6958 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,4 +1,5 @@ SUBDIRS=digests ciphers macs kdfs exchange keymgmt +$COMMON=provider_util.c -SOURCE[../../libcrypto]=\ - provider_err.c provlib.c +SOURCE[../../libcrypto]=$COMMON provider_err.c provlib.c +SOURCE[../fips]=$COMMON diff --git a/providers/common/include/internal/provider_util.h b/providers/common/include/internal/provider_util.h new file mode 100644 index 0000000000..c25c65886e --- /dev/null +++ b/providers/common/include/internal/provider_util.h @@ -0,0 +1,79 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +typedef struct { + /* + * References to the underlying cipher implementation. |cipher| caches + * the cipher, always. |alloc_cipher| only holds a reference to an + * explicitly fetched cipher. + */ + const EVP_CIPHER *cipher; /* cipher */ + EVP_CIPHER *alloc_cipher; /* fetched cipher */ + + /* Conditions for legacy EVP_CIPHER uses */ + ENGINE *engine; /* cipher engine */ +} PROV_CIPHER; + +typedef struct { + /* + * References to the underlying digest implementation. |md| caches + * the digest, always. |alloc_md| only holds a reference to an explicitly + * fetched digest. + */ + const EVP_MD *md; /* digest */ + EVP_MD *alloc_md; /* fetched digest */ + + /* Conditions for legacy EVP_MD uses */ + ENGINE *engine; /* digest engine */ +} PROV_DIGEST; + +/* Cipher functions */ +/* + * Load a cipher from the specified parameters with the specified context. + * The params "properties", "engine" and "cipher" are used to determine the + * implementation used. If a provider cannot be found, it falls back to trying + * non-provider based implementations. + */ +int ossl_prov_cipher_load_from_params(PROV_CIPHER *pd, + const OSSL_PARAM params[], + OPENSSL_CTX *ctx); + +/* Reset the PROV_CIPHER fields and free any allocated cipher reference */ +void ossl_prov_cipher_reset(PROV_CIPHER *pd); + +/* Clone a PROV_CIPHER structure into a second */ +int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src); + +/* Query the cipher and associated engine (if any) */ +const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pd); +ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pd); + +/* Digest functions */ +/* + * Load a digest from the specified parameters with the specified context. + * The params "properties", "engine" and "digest" are used to determine the + * implementation used. If a provider cannot be found, it falls back to trying + * non-provider based implementations. + */ +int ossl_prov_digest_load_from_params(PROV_DIGEST *pd, + const OSSL_PARAM params[], + OPENSSL_CTX *ctx); + +/* Reset the PROV_DIGEST fields and free any allocated digest reference */ +void ossl_prov_digest_reset(PROV_DIGEST *pd); + +/* Clone a PROV_DIGEST structure into a second */ +int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src); + +/* Query the digest and associated engine (if any) */ +const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd); +ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd); diff --git a/providers/common/include/internal/providercommon.h b/providers/common/include/internal/providercommon.h index d54fafa971..569c08c0b1 100644 --- a/providers/common/include/internal/providercommon.h +++ b/providers/common/include/internal/providercommon.h @@ -12,3 +12,4 @@ const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx); const char *ossl_prov_util_nid_to_name(int nid); + diff --git a/providers/common/kdfs/hkdf.c b/providers/common/kdfs/hkdf.c index 30bda90f69..ac5cc34a21 100644 --- a/providers/common/kdfs/hkdf.c +++ b/providers/common/kdfs/hkdf.c @@ -20,6 +20,7 @@ #include "internal/provider_ctx.h" #include "internal/providercommonerr.h" #include "internal/provider_algs.h" +#include "internal/provider_util.h" #include "e_os.h" #define HKDF_MAXBUF 1024 @@ -50,7 +51,7 @@ static int HKDF_Expand(const EVP_MD *evp_md, typedef struct { void *provctx; int mode; - EVP_MD *md; + PROV_DIGEST digest; unsigned char *salt; size_t salt_len; unsigned char *key; @@ -82,7 +83,7 @@ static void kdf_hkdf_reset(void *vctx) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; - EVP_MD_meth_free(ctx->md); + ossl_prov_digest_reset(&ctx->digest); OPENSSL_free(ctx->salt); OPENSSL_clear_free(ctx->key, ctx->key_len); OPENSSL_cleanse(ctx->info, ctx->info_len); @@ -92,15 +93,16 @@ static void kdf_hkdf_reset(void *vctx) static size_t kdf_hkdf_size(KDF_HKDF *ctx) { int sz; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); if (ctx->mode != EVP_KDF_HKDF_MODE_EXTRACT_ONLY) return SIZE_MAX; - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - sz = EVP_MD_size(ctx->md); + sz = EVP_MD_size(md); if (sz < 0) return 0; @@ -110,8 +112,9 @@ static size_t kdf_hkdf_size(KDF_HKDF *ctx) static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen) { KDF_HKDF *ctx = (KDF_HKDF *)vctx; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } @@ -122,16 +125,16 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen) switch (ctx->mode) { case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: - return HKDF(ctx->md, ctx->salt, ctx->salt_len, ctx->key, + return HKDF(md, ctx->salt, ctx->salt_len, ctx->key, ctx->key_len, ctx->info, ctx->info_len, key, keylen); case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: - return HKDF_Extract(ctx->md, ctx->salt, ctx->salt_len, ctx->key, + return HKDF_Extract(md, ctx->salt, ctx->salt_len, ctx->key, ctx->key_len, key, keylen); case EVP_KDF_HKDF_MODE_EXPAND_ONLY: - return HKDF_Expand(ctx->md, ctx->key, ctx->key_len, ctx->info, + return HKDF_Expand(md, ctx->key, ctx->key_len, ctx->info, ctx->info_len, key, keylen); default: @@ -143,30 +146,11 @@ static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { const OSSL_PARAM *p; KDF_HKDF *ctx = vctx; - EVP_MD *md; + OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); int n; - const char *properties = NULL; - /* Grab search properties, this should be before the digest lookup */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - properties = p->data; - } - /* Handle aliasing of digest parameter names */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, - properties); - if (md == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); - return 0; - } - EVP_MD_meth_free(ctx->md); - ctx->md = md; - } + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { if (p->data_type == OSSL_PARAM_UTF8_STRING) { diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c index e60f0126f7..ce395576dd 100644 --- a/providers/common/kdfs/pbkdf2.c +++ b/providers/common/kdfs/pbkdf2.c @@ -20,6 +20,7 @@ #include "internal/provider_ctx.h" #include "internal/providercommonerr.h" #include "internal/provider_algs.h" +#include "internal/provider_util.h" /* Constants specified in SP800-132 */ #define KDF_PBKDF2_MIN_KEY_LEN_BITS 112 @@ -55,7 +56,7 @@ typedef struct { unsigned char *salt; size_t salt_len; uint64_t iter; - EVP_MD *md; + PROV_DIGEST digest; int lower_bound_checks; } KDF_PBKDF2; @@ -77,7 +78,7 @@ static void *kdf_pbkdf2_new(void *provctx) static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx) { - EVP_MD_meth_free(ctx->md); + ossl_prov_digest_reset(&ctx->digest); OPENSSL_free(ctx->salt); OPENSSL_clear_free(ctx->pass, ctx->pass_len); memset(ctx, 0, sizeof(*ctx)); @@ -101,9 +102,13 @@ static void kdf_pbkdf2_reset(void *vctx) static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx) { + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha1, 0); + ossl_prov_digest_load_from_params(&ctx->digest, params, provctx); ctx->iter = PKCS5_DEFAULT_ITER; - ctx->md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), SN_sha1, - NULL); ctx->lower_bound_checks = KDF_PBKDF2_DEFAULT_CHECKS; } @@ -128,6 +133,7 @@ static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, size_t keylen) { KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); if (ctx->pass == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_PASS); @@ -141,38 +147,19 @@ static int kdf_pbkdf2_derive(void *vctx, unsigned char *key, return pbkdf2_derive((char *)ctx->pass, ctx->pass_len, ctx->salt, ctx->salt_len, ctx->iter, - ctx->md, key, keylen, ctx->lower_bound_checks); + md, key, keylen, ctx->lower_bound_checks); } static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { const OSSL_PARAM *p; KDF_PBKDF2 *ctx = vctx; - EVP_MD *md; + OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); int pkcs5; uint64_t iter, min_iter; - const char *properties = NULL; - /* Grab search properties, this should be before the digest lookup */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - properties = p->data; - } - /* Handle aliasing of digest parameter names */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, - properties); - if (md == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); - return 0; - } - EVP_MD_meth_free(ctx->md); - ctx->md = md; - } + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PKCS5)) != NULL) { if (!OSSL_PARAM_get_int(p, &pkcs5)) diff --git a/providers/common/kdfs/sskdf.c b/providers/common/kdfs/sskdf.c index b8a41fbbaa..e7921bac35 100644 --- a/providers/common/kdfs/sskdf.c +++ b/providers/common/kdfs/sskdf.c @@ -48,11 +48,12 @@ #include "internal/provider_ctx.h" #include "internal/providercommonerr.h" #include "internal/provider_algs.h" +#include "internal/provider_util.h" typedef struct { void *provctx; EVP_MAC *mac; /* H(x) = HMAC_hash OR H(x) = KMAC */ - EVP_MD *md; /* H(x) = hash OR when H(x) = HMAC_hash */ + PROV_DIGEST digest; unsigned char *secret; size_t secret_len; unsigned char *info; @@ -315,7 +316,7 @@ static void sskdf_reset(void *vctx) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; - EVP_MD_meth_free(ctx->md); + ossl_prov_digest_reset(&ctx->digest); EVP_MAC_free(ctx->mac); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->info, ctx->info_len); @@ -344,18 +345,20 @@ static int sskdf_set_buffer(unsigned char **out, size_t *out_len, static size_t sskdf_size(KDF_SSKDF *ctx) { int len; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - len = EVP_MD_size(ctx->md); + len = EVP_MD_size(md); return (len <= 0) ? 0 : (size_t)len; } static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); if (ctx->secret == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); @@ -378,11 +381,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) macname = EVP_MAC_name(ctx->mac); if (strcmp(macname, OSSL_MAC_NAME_HMAC) == 0) { /* H(x) = HMAC(x, salt, hash) */ - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - default_salt_len = EVP_MD_block_size(ctx->md); + default_salt_len = EVP_MD_block_size(md); if (default_salt_len <= 0) return 0; } else if (strcmp(macname, OSSL_MAC_NAME_KMAC128) == 0 @@ -407,7 +410,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) } ctx->salt_len = default_salt_len; } - ret = SSKDF_mac_kdm(ctx->mac, ctx->md, + ret = SSKDF_mac_kdm(ctx->mac, md, custom, custom_len, ctx->out_len, ctx->salt, ctx->salt_len, ctx->secret, ctx->secret_len, @@ -415,11 +418,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) return ret; } else { /* H(x) = hash */ - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - return SSKDF_hash_kdm(ctx->md, ctx->secret, ctx->secret_len, + return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, ctx->info, ctx->info_len, 0, key, keylen); } } @@ -427,6 +430,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); if (ctx->secret == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); @@ -438,11 +442,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen) return 0; } else { /* H(x) = hash */ - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - return SSKDF_hash_kdm(ctx->md, ctx->secret, ctx->secret_len, + return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, ctx->info, ctx->info_len, 1, key, keylen); } } @@ -451,31 +455,13 @@ static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { const OSSL_PARAM *p; KDF_SSKDF *ctx = vctx; - EVP_MD *md; + OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); EVP_MAC *mac; size_t sz; const char *properties = NULL; - /* Grab search properties, should be before the digest and mac lookups */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - properties = p->data; - } - /* Handle aliasing of digest parameter names */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, - properties); - if (md == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); - return 0; - } - EVP_MD_meth_free(ctx->md); - ctx->md = md; - } + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MAC)) != NULL) { EVP_MAC_free(ctx->mac); diff --git a/providers/common/kdfs/tls1_prf.c b/providers/common/kdfs/tls1_prf.c index 38dbaddbf0..2c5e24b403 100644 --- a/providers/common/kdfs/tls1_prf.c +++ b/providers/common/kdfs/tls1_prf.c @@ -58,6 +58,7 @@ #include "internal/provider_ctx.h" #include "internal/providercommonerr.h" #include "internal/provider_algs.h" +#include "internal/provider_util.h" #include "e_os.h" static OSSL_OP_kdf_newctx_fn kdf_tls1_prf_new; @@ -78,9 +79,9 @@ static int tls1_prf_alg(const EVP_MD *md, const EVP_MD *sha1, typedef struct { void *provctx; /* Digest to use for PRF */ - EVP_MD *md; + PROV_DIGEST digest; /* Second digest for the MD5/SHA-1 combined PRF */ - EVP_MD *sha1; + PROV_DIGEST sha1; /* Secret value to use for PRF */ unsigned char *sec; size_t seclen; @@ -111,8 +112,8 @@ static void kdf_tls1_prf_reset(void *vctx) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; - EVP_MD_meth_free(ctx->sha1); - EVP_MD_meth_free(ctx->md); + ossl_prov_digest_reset(&ctx->sha1); + ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); memset(ctx, 0, sizeof(*ctx)); @@ -122,8 +123,9 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } @@ -135,7 +137,8 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SEED); return 0; } - return tls1_prf_alg(ctx->md, ctx->sha1, ctx->sec, ctx->seclen, + return tls1_prf_alg(md, ossl_prov_digest_md(&ctx->sha1), + ctx->sec, ctx->seclen, ctx->seed, ctx->seedlen, key, keylen); } @@ -144,41 +147,28 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { const OSSL_PARAM *p; TLS1_PRF *ctx = vctx; - EVP_MD *md, *sha = NULL; - const char *properties = NULL, *name; - - /* Grab search properties, this should be before the digest lookup */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) + OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL + && p->data_type == OSSL_PARAM_UTF8_STRING + && strcasecmp(p->data, SN_md5_sha1) == 0) { + OSSL_PARAM qaram[4], *q = qaram; + + /* Handle combined MD5 / SHA1 digest specially */ + *q++ = OSSL_PARAM_construct_utf8_string("digest", SN_md5, 0); + if ((p = OSSL_PARAM_locate_const(params, "engine")) != NULL) + *q++ = *p; + if ((p = OSSL_PARAM_locate_const(params, "properties")) != NULL) + *q++ = *p; + *q = OSSL_PARAM_construct_end(); + if (!ossl_prov_digest_load_from_params(&ctx->digest, qaram, provctx)) return 0; - properties = p->data; - } - /* Handle aliasing of digest parameter names */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) + qaram[0] = OSSL_PARAM_construct_utf8_string("digest", SN_sha1, 0); + if (!ossl_prov_digest_load_from_params(&ctx->sha1, qaram, provctx)) return 0; - name = p->data; - if (strcasecmp(name, SN_md5_sha1) == 0) { - sha = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), SN_sha1, - properties); - if (sha == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOAD_SHA1); - return 0; - } - name = SN_md5; - } - md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), name, - properties); - if (md == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); - EVP_MD_meth_free(sha); - return 0; - } - EVP_MD_meth_free(ctx->sha1); - EVP_MD_meth_free(ctx->md); - ctx->md = md; - ctx->sha1 = sha; + } else if (!ossl_prov_digest_load_from_params(&ctx->digest, params, + provctx)) { + return 0; } if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) { diff --git a/providers/common/macs/cmac_prov.c b/providers/common/macs/cmac_prov.c index 7c15bc77b0..aee0b2bb0a 100644 --- a/providers/common/macs/cmac_prov.c +++ b/providers/common/macs/cmac_prov.c @@ -16,6 +16,7 @@ #include "internal/provider_algs.h" #include "internal/provider_ctx.h" +#include "internal/provider_util.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -38,21 +39,7 @@ static OSSL_OP_mac_final_fn cmac_final; struct cmac_data_st { void *provctx; CMAC_CTX *ctx; - - /* - * References to the underlying cipher implementation. tmpcipher - * caches the cipher, always. alloc_cipher only holds a reference - * to an explicitly fetched cipher. - * tmpcipher is cleared after a CMAC_Init call. - */ - const EVP_CIPHER *tmpcipher; /* cached CMAC cipher */ - EVP_CIPHER *alloc_cipher; /* fetched CMAC cipher */ - - /* - * Conditions for legacy EVP_CIPHER uses. - * tmpengine is cleared after a CMAC_Init call. - */ - ENGINE *tmpengine; /* CMAC cipher engine (legacy) */ + PROV_CIPHER cipher; }; static void *cmac_new(void *provctx) @@ -76,7 +63,7 @@ static void cmac_free(void *vmacctx) if (macctx != NULL) { CMAC_CTX_free(macctx->ctx); - EVP_CIPHER_free(macctx->alloc_cipher); + ossl_prov_cipher_reset(&macctx->cipher); OPENSSL_free(macctx); } } @@ -86,19 +73,11 @@ static void *cmac_dup(void *vsrc) struct cmac_data_st *src = vsrc; struct cmac_data_st *dst = cmac_new(src->provctx); - if (!CMAC_CTX_copy(dst->ctx, src->ctx)) { + if (!CMAC_CTX_copy(dst->ctx, src->ctx) + || !ossl_prov_cipher_copy(&dst->cipher, &src->cipher)) { cmac_free(dst); return NULL; } - - if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher)) { - cmac_free(dst); - return NULL; - } - - dst->tmpengine = src->tmpengine; - dst->tmpcipher = src->tmpcipher; - dst->alloc_cipher = src->alloc_cipher; return dst; } @@ -112,12 +91,11 @@ static size_t cmac_size(void *vmacctx) static int cmac_init(void *vmacctx) { struct cmac_data_st *macctx = vmacctx; - int rv = CMAC_Init(macctx->ctx, NULL, 0, macctx->tmpcipher, - (ENGINE *)macctx->tmpengine); - - macctx->tmpcipher = NULL; - macctx->tmpengine = NULL; + int rv = CMAC_Init(macctx->ctx, NULL, 0, + ossl_prov_cipher_cipher(&macctx->cipher), + ossl_prov_cipher_engine(&macctx->cipher)); + ossl_prov_cipher_reset(&macctx->cipher); return rv; } @@ -174,67 +152,22 @@ static const OSSL_PARAM *cmac_settable_ctx_params(void) static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) { struct cmac_data_st *macctx = vmacctx; + OPENSSL_CTX *ctx = PROV_LIBRARY_CONTEXT_OF(macctx->provctx); const OSSL_PARAM *p; - if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - - { - const char *algoname = p->data; - const char *propquery = NULL; - -/* Inside the FIPS module, we don't support engines */ -#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(macctx->tmpengine); - macctx->tmpengine = NULL; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_ENGINE)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - - macctx->tmpengine = ENGINE_by_id(p->data); - if (macctx->tmpengine == NULL) - return 0; - } -#endif - if ((p = OSSL_PARAM_locate_const(params, - OSSL_MAC_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - - propquery = p->data; - } + if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx)) + return 0; - EVP_CIPHER_free(macctx->alloc_cipher); - - macctx->tmpcipher = macctx->alloc_cipher = - EVP_CIPHER_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx), - algoname, propquery); - -#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */ - /* TODO(3.0) BEGIN legacy stuff, to be removed */ - if (macctx->tmpcipher == NULL) - macctx->tmpcipher = EVP_get_cipherbyname(algoname); - /* TODO(3.0) END of legacy stuff */ -#endif - - if (macctx->tmpcipher == NULL) - return 0; - } - } if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; if (!CMAC_Init(macctx->ctx, p->data, p->data_size, - macctx->tmpcipher, macctx->tmpengine)) + ossl_prov_cipher_cipher(&macctx->cipher), + ossl_prov_cipher_engine(&macctx->cipher))) return 0; - macctx->tmpcipher = NULL; - macctx->tmpengine = NULL; + ossl_prov_cipher_reset(&macctx->cipher); } return 1; } diff --git a/providers/common/macs/gmac_prov.c b/providers/common/macs/gmac_prov.c index 22c8c95550..2da176d8b0 100644 --- a/providers/common/macs/gmac_prov.c +++ b/providers/common/macs/gmac_prov.c @@ -18,6 +18,7 @@ #include "internal/providercommonerr.h" #include "internal/provider_algs.h" #include "internal/provider_ctx.h" +#include "internal/provider_util.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -40,20 +41,7 @@ static OSSL_OP_mac_final_fn gmac_final; struct gmac_data_st { void *provctx; EVP_CIPHER_CTX *ctx; /* Cipher context */ - - /* - * References to the underlying cipher implementation. |cipher| caches - * the cipher, always. |alloc_cipher| only holds a reference to an - * explicitly fetched cipher. - * |cipher| is cleared after a CMAC_Init call. - */ - const EVP_CIPHER *cipher; /* Cache GCM cipher */ - EVP_CIPHER *alloc_cipher; /* Fetched cipher */ - - /* - * Conditions for legacy EVP_CIPHER uses. - */ - ENGINE *engine; /* Engine implementing the cipher */ + PROV_CIPHER cipher; }; static size_t gmac_size(void); @@ -64,7 +52,7 @@ static void gmac_free(void *vmacctx) if (macctx != NULL) { EVP_CIPHER_CTX_free(macctx->ctx); - EVP_CIPHER_free(macctx->alloc_cipher); + ossl_prov_cipher_reset(&macctx->cipher); OPENSSL_free(macctx); } } @@ -92,15 +80,10 @@ static void *gmac_dup(void *vsrc) return NULL; if (!EVP_CIPHER_CTX_copy(dst->ctx, src->ctx) - || (src->alloc_cipher != NULL - && !EVP_CIPHER_up_ref(src->alloc_cipher))) { + || !ossl_prov_cipher_copy(&dst->cipher, &src->cipher)) { gmac_free(dst); return NULL; } - - dst->cipher = src->cipher; - dst->alloc_cipher = src->alloc_cipher; - dst->engine = src->engine; return dst; } @@ -188,65 +171,22 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) { struct gmac_data_st *macctx = vmacctx; EVP_CIPHER_CTX *ctx = macctx->ctx; + OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(macctx->provctx); const OSSL_PARAM *p; - if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; + if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx)) + return 0; - { - const char *algoname = p->data; - const char *propquery = NULL; - -/* Inside the FIPS module, we don't support engines */ -#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(macctx->engine); - macctx->engine = NULL; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_ENGINE)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - - macctx->engine = ENGINE_by_id(p->data); - if (macctx->engine == NULL) - return 0; - } -#endif - if ((p = OSSL_PARAM_locate_const(params, - OSSL_MAC_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - - propquery = p->data; - } - - EVP_CIPHER_free(macctx->alloc_cipher); - macctx->cipher = macctx->alloc_cipher = NULL; - - macctx->cipher = macctx->alloc_cipher = - EVP_CIPHER_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx), - algoname, propquery); -#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */ - /* TODO(3.0) BEGIN legacy stuff, to be removed */ - if (macctx->cipher == NULL) - macctx->cipher = EVP_get_cipherbyname(algoname); - /* TODO(3.0) END of legacy stuff */ -#endif - - if (macctx->cipher == NULL) - return 0; - - if (EVP_CIPHER_mode(macctx->cipher) != EVP_CIPH_GCM_MODE) { - ERR_raise(ERR_LIB_PROV, EVP_R_CIPHER_NOT_GCM_MODE); - return 0; - } - } - if (!EVP_EncryptInit_ex(ctx, macctx->cipher, macctx->engine, - NULL, NULL)) - return 0; + if (EVP_CIPHER_mode(ossl_prov_cipher_cipher(&macctx->cipher)) + != EVP_CIPH_GCM_MODE) { + ERR_raise(ERR_LIB_PROV, EVP_R_CIPHER_NOT_GCM_MODE); + return 0; } + if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher), + ossl_prov_cipher_engine(&macctx->cipher), NULL, + NULL)) + return 0; + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) return 0; diff --git a/providers/common/macs/hmac_prov.c b/providers/common/macs/hmac_prov.c index d5f6db79de..64d6dd9dc9 100644 --- a/providers/common/macs/hmac_prov.c +++ b/providers/common/macs/hmac_prov.c @@ -16,6 +16,7 @@ #include "internal/provider_algs.h" #include "internal/provider_ctx.h" +#include "internal/provider_util.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -39,21 +40,7 @@ static OSSL_OP_mac_final_fn hmac_final; struct hmac_data_st { void *provctx; HMAC_CTX *ctx; /* HMAC context */ - - /* - * References to the underlying digest implementation. tmpmd caches - * the md, always. alloc_md only holds a reference to an explicitly - * fetched digest. - * tmpmd is cleared after a CMAC_Init call. - */ - const EVP_MD *tmpmd; /* HMAC digest */ - EVP_MD *alloc_md; /* fetched digest */ - - /* - * Conditions for legacy EVP_MD uses. - * tmpengine is cleared after a CMAC_Init call. - */ - ENGINE *tmpengine; /* HMAC digest engine */ + PROV_DIGEST digest; }; static size_t hmac_size(void *vmacctx); @@ -79,7 +66,7 @@ static void hmac_free(void *vmacctx) if (macctx != NULL) { HMAC_CTX_free(macctx->ctx); - EVP_MD_free(macctx->alloc_md); + ossl_prov_digest_reset(&macctx->digest); OPENSSL_free(macctx); } } @@ -92,19 +79,11 @@ static void *hmac_dup(void *vsrc) if (dst == NULL) return NULL; - if (!HMAC_CTX_copy(dst->ctx, src->ctx)) { - hmac_free(dst); - return NULL; - } - - if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md)) { + if (!HMAC_CTX_copy(dst->ctx, src->ctx) + || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { hmac_free(dst); return NULL; } - - dst->tmpengine = src->tmpengine; - dst->tmpmd = src->tmpmd; - dst->alloc_md = src->alloc_md; return dst; } @@ -118,14 +97,14 @@ static size_t hmac_size(void *vmacctx) static int hmac_init(void *vmacctx) { struct hmac_data_st *macctx = vmacctx; + const EVP_MD *digest = ossl_prov_digest_md(&macctx->digest); int rv = 1; /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ - if (macctx->tmpmd != NULL) - rv = HMAC_Init_ex(macctx->ctx, NULL, 0, macctx->tmpmd, - (ENGINE * )macctx->tmpengine); - macctx->tmpengine = NULL; - macctx->tmpmd = NULL; + if (digest != NULL) + rv = HMAC_Init_ex(macctx->ctx, NULL, 0, digest, + ossl_prov_digest_engine(&macctx->digest)); + ossl_prov_digest_reset(&macctx->digest); return rv; } @@ -188,57 +167,12 @@ static const OSSL_PARAM *hmac_settable_ctx_params(void) static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) { struct hmac_data_st *macctx = vmacctx; + OPENSSL_CTX *ctx = PROV_LIBRARY_CONTEXT_OF(macctx->provctx); const OSSL_PARAM *p; - if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_DIGEST)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; + if (!ossl_prov_digest_load_from_params(&macctx->digest, params, ctx)) + return 0; - { - const char *algoname = p->data; - const char *propquery = NULL; - -/* Inside the FIPS module, we don't support engines */ -#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(macctx->tmpengine); - macctx->tmpengine = NULL; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_ENGINE)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - - macctx->tmpengine = ENGINE_by_id(p->data); - if (macctx->tmpengine == NULL) - return 0; - } -#endif - if ((p = OSSL_PARAM_locate_const(params, - OSSL_MAC_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - - propquery = p->data; - } - - EVP_MD_free(macctx->alloc_md); - - macctx->tmpmd = macctx->alloc_md = - EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx), - algoname, propquery); - -#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */ - /* TODO(3.0) BEGIN legacy stuff, to be removed */ - if (macctx->tmpmd == NULL) - macctx->tmpmd = EVP_get_digestbyname(algoname); - /* TODO(3.0) END of legacy stuff */ -#endif - - if (macctx->tmpmd == NULL) - return 0; - } - } /* TODO(3.0) formalize the meaning of "flags", perhaps as other params */ if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_FLAGS)) != NULL) { @@ -253,11 +187,11 @@ static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) return 0; if (!HMAC_Init_ex(macctx->ctx, p->data, p->data_size, - macctx->tmpmd, NULL /* ENGINE */)) + ossl_prov_digest_md(&macctx->digest), + NULL /* ENGINE */)) return 0; - macctx->tmpmd = NULL; - macctx->tmpengine = NULL; + ossl_prov_digest_reset(&macctx->digest); } return 1; } diff --git a/providers/common/macs/kmac_prov.c b/providers/common/macs/kmac_prov.c index 9ffdbd5249..53598418db 100644 --- a/providers/common/macs/kmac_prov.c +++ b/providers/common/macs/kmac_prov.c @@ -57,6 +57,7 @@ #include "internal/providercommonerr.h" #include "internal/provider_algs.h" #include "internal/provider_ctx.h" +#include "internal/provider_util.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -113,16 +114,7 @@ static const unsigned char kmac_string[] = { struct kmac_data_st { void *provctx; EVP_MD_CTX *ctx; - - /* - * References to the underlying keccak_kmac implementation. |md| - * caches the digest, always. |alloc_md| only holds a reference to an - * explicitly fetched digest. - * |md| is cleared after a EVP_DigestInit call. - */ - const EVP_MD *md; /* Cache KMAC digest */ - EVP_MD *alloc_md; /* Fetched digest */ - + PROV_DIGEST digest; size_t out_len; int key_len; int custom_len; @@ -150,7 +142,7 @@ static void kmac_free(void *vmacctx) if (kctx != NULL) { EVP_MD_CTX_free(kctx->ctx); - EVP_MD_free(kctx->alloc_md); + ossl_prov_digest_reset(&kctx->digest); OPENSSL_cleanse(kctx->key, kctx->key_len); OPENSSL_cleanse(kctx->custom, kctx->custom_len); OPENSSL_free(kctx); @@ -162,12 +154,9 @@ static void kmac_free(void *vmacctx) * reimplementing the EVP functionality with direct use of * keccak_mac_init() and friends. */ -static void *kmac_new(void *provctx, EVP_MD *fetched_md, const EVP_MD *md) +static struct kmac_data_st *kmac_new(void *provctx) { - struct kmac_data_st *kctx = NULL; - - if (md == NULL) - return NULL; + struct kmac_data_st *kctx; if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL || (kctx->ctx = EVP_MD_CTX_new()) == NULL) { @@ -175,58 +164,57 @@ static void *kmac_new(void *provctx, EVP_MD *fetched_md, const EVP_MD *md) return NULL; } kctx->provctx = provctx; - kctx->md = md; - kctx->alloc_md = fetched_md; - kctx->out_len = EVP_MD_size(md); return kctx; } -static void *kmac_fetch_new(void *provctx, const char *mdname) +static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params) { - EVP_MD *fetched_md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(provctx), - mdname, NULL); - const EVP_MD *md = fetched_md; - void *ret = NULL; - -#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */ - /* TODO(3.0) BEGIN legacy stuff, to be removed */ - if (md == NULL) - md = EVP_get_digestbyname(mdname); - /* TODO(3.0) END of legacy stuff */ -#endif - - ret = kmac_new(provctx, fetched_md, md); - if (ret == NULL) - EVP_MD_free(fetched_md); - return ret; + struct kmac_data_st *kctx = kmac_new(provctx); + + if (kctx == NULL) + return 0; + if (!ossl_prov_digest_load_from_params(&kctx->digest, params, + PROV_LIBRARY_CONTEXT_OF(provctx))) + return 0; + + kctx->out_len = EVP_MD_size(ossl_prov_digest_md(&kctx->digest)); + return kctx; } static void *kmac128_new(void *provctx) { - return kmac_fetch_new(provctx, OSSL_DIGEST_NAME_KECCAK_KMAC128); + static const OSSL_PARAM kmac128_params[] = { + OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC128, + sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC128)), + OSSL_PARAM_END + }; + return kmac_fetch_new(provctx, kmac128_params); } static void *kmac256_new(void *provctx) { - return kmac_fetch_new(provctx, OSSL_DIGEST_NAME_KECCAK_KMAC256); + static const OSSL_PARAM kmac256_params[] = { + OSSL_PARAM_utf8_string("digest", OSSL_DIGEST_NAME_KECCAK_KMAC256, + sizeof(OSSL_DIGEST_NAME_KECCAK_KMAC256)), + OSSL_PARAM_END + }; + return kmac_fetch_new(provctx, kmac256_params); } static void *kmac_dup(void *vsrc) { struct kmac_data_st *src = vsrc; - struct kmac_data_st *dst = kmac_new(src->provctx, src->alloc_md, src->md); + struct kmac_data_st *dst = kmac_new(src->provctx); if (dst == NULL) return NULL; if (!EVP_MD_CTX_copy(dst->ctx, src->ctx) - || (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md))) { + || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { kmac_free(dst); return NULL; } - dst->md = src->md; - dst->alloc_md = src->alloc_md; dst->out_len = src->out_len; dst->key_len = src->key_len; dst->custom_len = src->custom_len; @@ -255,10 +243,11 @@ static int kmac_init(void *vmacctx) EVPerr(EVP_F_KMAC_INIT, EVP_R_NO_KEY_SET); return 0; } - if (!EVP_DigestInit_ex(kctx->ctx, kctx->md, NULL)) + if (!EVP_DigestInit_ex(kctx->ctx, ossl_prov_digest_md(&kctx->digest), + NULL)) return 0; - block_len = EVP_MD_block_size(kctx->md); + block_len = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest)); /* Set default custom string if it is not already set */ if (kctx->custom_len == 0) { @@ -354,6 +343,7 @@ static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params) { struct kmac_data_st *kctx = vmacctx; const OSSL_PARAM *p; + const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest); if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL && !OSSL_PARAM_get_int(p, &kctx->xof_mode)) @@ -368,7 +358,7 @@ static int kmac_set_ctx_params(void *vmacctx, const OSSL_PARAM *params) } if (!kmac_bytepad_encode_key(kctx->key, &kctx->key_len, p->data, p->data_size, - EVP_MD_block_size(kctx->md))) + EVP_MD_block_size(digest))) return 0; } if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM)) diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c new file mode 100644 index 0000000000..babbfffd3d --- /dev/null +++ b/providers/common/provider_util.c @@ -0,0 +1,151 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/provider_util.h" + +void ossl_prov_cipher_reset(PROV_CIPHER *pc) +{ + EVP_CIPHER_free(pc->alloc_cipher); + pc->alloc_cipher = NULL; + pc->cipher = NULL; + pc->engine = NULL; +} + +int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src) +{ + if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher)) + return 0; + dst->engine = src->engine; + dst->cipher = src->cipher; + dst->alloc_cipher = src->alloc_cipher; + return 1; +} + +static int load_common(const OSSL_PARAM params[], const char **propquery, + ENGINE **engine) +{ + const OSSL_PARAM *p; + + *propquery = NULL; + p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + *propquery = p->data; + } + + *engine = NULL; + /* TODO legacy stuff, to be removed */ +#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */ + p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + ENGINE_finish(*engine); + *engine = ENGINE_by_id(p->data); + if (*engine == NULL) + return 0; + } +#endif + return 1; +} + +int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc, + const OSSL_PARAM params[], + OPENSSL_CTX *ctx) +{ + const OSSL_PARAM *p; + const char *propquery; + + if (!load_common(params, &propquery, &pc->engine)) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_CIPHER); + if (p == NULL) + return 1; + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + + EVP_CIPHER_free(pc->alloc_cipher); + pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery); + /* TODO legacy stuff, to be removed */ +#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */ + if (pc->cipher == NULL) + pc->cipher = EVP_get_cipherbyname(p->data); +#endif + return pc->cipher != NULL; +} + +const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc) +{ + return pc->cipher; +} + +ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc) +{ + return pc->engine; +} + +void ossl_prov_digest_reset(PROV_DIGEST *pd) +{ + EVP_MD_free(pd->alloc_md); + pd->alloc_md = NULL; + pd->md = NULL; + pd->engine = NULL; +} + +int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src) +{ + if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md)) + return 0; + dst->engine = src->engine; + dst->md = src->md; + dst->alloc_md = src->alloc_md; + return 1; +} + +int ossl_prov_digest_load_from_params(PROV_DIGEST *pd, + const OSSL_PARAM params[], + OPENSSL_CTX *ctx) +{ + const OSSL_PARAM *p; + const char *propquery; + + if (!load_common(params, &propquery, &pd->engine)) + return 0; + + + p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST); + if (p == NULL) + return 1; + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + + EVP_MD_free(pd->alloc_md); + pd->md = pd->alloc_md = EVP_MD_fetch(ctx, p->data, propquery); + /* TODO legacy stuff, to be removed */ +#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */ + if (pd->md == NULL) + pd->md = EVP_get_digestbyname(p->data); +#endif + return pd->md != NULL; +} + +const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd) +{ + return pd->md; +} + +ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd) +{ + return pd->engine; +} + diff --git a/providers/default/kdfs/sshkdf.c b/providers/default/kdfs/sshkdf.c index da59aaf861..2db5397294 100644 --- a/providers/default/kdfs/sshkdf.c +++ b/providers/default/kdfs/sshkdf.c @@ -19,6 +19,7 @@ #include "internal/provider_ctx.h" #include "internal/providercommonerr.h" #include "internal/provider_algs.h" +# include "internal/provider_util.h" /* See RFC 4253, Section 7.2 */ static OSSL_OP_kdf_newctx_fn kdf_sshkdf_new; @@ -38,7 +39,7 @@ static int SSHKDF(const EVP_MD *evp_md, typedef struct { void *provctx; - EVP_MD *md; + PROV_DIGEST digest; unsigned char *key; /* K */ size_t key_len; unsigned char *xcghash; /* H */ @@ -70,7 +71,7 @@ static void kdf_sshkdf_reset(void *vctx) { KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; - EVP_MD_meth_free(ctx->md); + ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->key, ctx->key_len); OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len); OPENSSL_clear_free(ctx->session_id, ctx->session_id_len); @@ -89,8 +90,9 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen) { KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } @@ -110,7 +112,7 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE); return 0; } - return SSHKDF(ctx->md, ctx->key, ctx->key_len, + return SSHKDF(md, ctx->key, ctx->key_len, ctx->xcghash, ctx->xcghash_len, ctx->session_id, ctx->session_id_len, ctx->type, key, keylen); @@ -120,30 +122,11 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { const OSSL_PARAM *p; KDF_SSHKDF *ctx = vctx; - EVP_MD *md; + OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); int t; - const char *properties = NULL; - /* Grab search properties, this should be before the digest lookup */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - properties = p->data; - } - /* Handle aliasing of digest parameter names */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, - properties); - if (md == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); - return 0; - } - EVP_MD_meth_free(ctx->md); - ctx->md = md; - } + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) if (!sshkdf_set_membuf(&ctx->key, &ctx->key_len, p)) diff --git a/providers/default/kdfs/x942kdf.c b/providers/default/kdfs/x942kdf.c index af2b4a8db4..7c3afef911 100644 --- a/providers/default/kdfs/x942kdf.c +++ b/providers/default/kdfs/x942kdf.c @@ -28,6 +28,7 @@ # include "internal/provider_ctx.h" # include "internal/providercommonerr.h" # include "internal/provider_algs.h" +# include "internal/provider_util.h" # define X942KDF_MAX_INLEN (1 << 30) @@ -42,7 +43,7 @@ static OSSL_OP_kdf_get_ctx_params_fn x942kdf_get_ctx_params; typedef struct { void *provctx; - EVP_MD *md; + PROV_DIGEST digest; unsigned char *secret; size_t secret_len; int cek_nid; @@ -255,7 +256,7 @@ static void x942kdf_reset(void *vctx) { KDF_X942 *ctx = (KDF_X942 *)vctx; - EVP_MD_meth_free(ctx->md); + ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->ukm, ctx->ukm_len); memset(ctx, 0, sizeof(*ctx)); @@ -283,18 +284,20 @@ static int x942kdf_set_buffer(unsigned char **out, size_t *out_len, static size_t x942kdf_size(KDF_X942 *ctx) { int len; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - len = EVP_MD_size(ctx->md); + len = EVP_MD_size(md); return (len <= 0) ? 0 : (size_t)len; } static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen) { KDF_X942 *ctx = (KDF_X942 *)vctx; + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); int ret = 0; unsigned char *ctr; unsigned char *der = NULL; @@ -304,7 +307,7 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen) ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); return 0; } - if (ctx->md == NULL) { + if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } @@ -331,7 +334,7 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen) ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING); return 0; } - ret = x942kdf_hash_kdm(ctx->md, ctx->secret, ctx->secret_len, + ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len, der, der_len, ctr, key, keylen); OPENSSL_free(der); return ret; @@ -341,30 +344,11 @@ static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { const OSSL_PARAM *p; KDF_X942 *ctx = vctx; - EVP_MD *md; - const char *properties = NULL; + OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); size_t i; - /* Grab search properties, this should be before the digest lookup */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) - != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - properties = p->data; - } - /* Handle aliasing of digest parameter names */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) - return 0; - md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, - properties); - if (md == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); - return 0; - } - EVP_MD_meth_free(ctx->md); - ctx->md = md; - } + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL || (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) From builds at travis-ci.org Sat Sep 7 06:28:13 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 07 Sep 2019 06:28:13 +0000 Subject: Errored: openssl/openssl#27975 (master - e97bab6) In-Reply-To: Message-ID: <5d734dfd694ba_43fae3c8f4ad822533e@67cd2c3c-94b9-418a-908e-7b44206be80c.mail> Build Update for openssl/openssl ------------------------------------- Build: #27975 Status: Errored Duration: 20 mins and 7 secs Commit: e97bab6 (master) Author: Pauli Message: Use common digest getter for X942 KDF Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9770) View the changeset: https://github.com/openssl/openssl/compare/4fe2ee3a449a...e97bab6929bb View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581964469?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Sat Sep 7 08:28:31 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 07 Sep 2019 08:28:31 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567844911.574627.16881.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 87bea6550ae0dda7c40937cff2e86cc2b0b09491 (commit) from a6186f39802f94937a46f7a41ef0c86b6334b592 (commit) - Log ----------------------------------------------------------------- commit 87bea6550ae0dda7c40937cff2e86cc2b0b09491 Author: Bernd Edlinger Date: Fri Aug 23 10:17:31 2019 +0200 Remove x86/x86_64 BSAES and AES_ASM support This leaves VPAES and AESNI support. The VPAES performance is comparable but BSAES is not completely constant time. There are table lookups using secret key data in AES_set_encrypt/decrypt_key and in ctr mode short data uses the non-constant time AES_encrypt function instead of bit-slicing. Furthermore the AES_ASM is by far outperformed by recent GCC versions. Since BSAES calls back to AES_ASM for short data blocks the performance on those is also worse than the pure software implementaion. Fixes: #9640 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9675) ----------------------------------------------------------------------- Summary of changes: Configurations/00-base-templates.conf | 4 +- crypto/aes/asm/aes-586.pl | 3000 ------------------------------ crypto/aes/asm/aes-x86_64.pl | 2916 ----------------------------- crypto/aes/asm/bsaes-x86_64.pl | 3239 --------------------------------- crypto/evp/e_aes.c | 2 +- 5 files changed, 3 insertions(+), 9158 deletions(-) delete mode 100755 crypto/aes/asm/aes-586.pl delete mode 100755 crypto/aes/asm/aes-x86_64.pl delete mode 100644 crypto/aes/asm/bsaes-x86_64.pl diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf index 5fd995cb33..e01dc63a8b 100644 --- a/Configurations/00-base-templates.conf +++ b/Configurations/00-base-templates.conf @@ -198,7 +198,7 @@ my %targets=( bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s", ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s", des_asm_src => "des-586.s crypt586.s", - aes_asm_src => "aes-586.s vpaes-x86.s aesni-x86.s", + aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s", bf_asm_src => "bf-586.s", md5_asm_src => "md5-586.s", cast_asm_src => "cast-586.s", @@ -223,7 +223,7 @@ my %targets=( cpuid_asm_src => "x86_64cpuid.s", bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s", ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s", - aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", + aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", md5_asm_src => "md5-x86_64.s", sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s", rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s", diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl deleted file mode 100755 index 29059edf8b..0000000000 --- a/crypto/aes/asm/aes-586.pl +++ /dev/null @@ -1,3000 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Version 4.3. -# -# You might fail to appreciate this module performance from the first -# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered -# to be *the* best Intel C compiler without -KPIC, performance appears -# to be virtually identical... But try to re-configure with shared -# library support... Aha! Intel compiler "suddenly" lags behind by 30% -# [on P4, more on others]:-) And if compared to position-independent -# code generated by GNU C, this code performs *more* than *twice* as -# fast! Yes, all this buzz about PIC means that unlike other hand- -# coded implementations, this one was explicitly designed to be safe -# to use even in shared library context... This also means that this -# code isn't necessarily absolutely fastest "ever," because in order -# to achieve position independence an extra register has to be -# off-loaded to stack, which affects the benchmark result. -# -# Special note about instruction choice. Do you recall RC4_INT code -# performing poorly on P4? It might be the time to figure out why. -# RC4_INT code implies effective address calculations in base+offset*4 -# form. Trouble is that it seems that offset scaling turned to be -# critical path... At least eliminating scaling resulted in 2.8x RC4 -# performance improvement [as you might recall]. As AES code is hungry -# for scaling too, I [try to] avoid the latter by favoring off-by-2 -# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF. -# -# As was shown by Dean Gaudet, the above note turned out to be -# void. Performance improvement with off-by-2 shifts was observed on -# intermediate implementation, which was spilling yet another register -# to stack... Final offset*4 code below runs just a tad faster on P4, -# but exhibits up to 10% improvement on other cores. -# -# Second version is "monolithic" replacement for aes_core.c, which in -# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key. -# This made it possible to implement little-endian variant of the -# algorithm without modifying the base C code. Motivating factor for -# the undertaken effort was that it appeared that in tight IA-32 -# register window little-endian flavor could achieve slightly higher -# Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent ?-archs... -# -# Third version adds AES_cbc_encrypt implementation, which resulted in -# up to 40% performance improvement of CBC benchmark results. 40% was -# observed on P4 core, where "overall" improvement coefficient, i.e. if -# compared to PIC generated by GCC and in CBC mode, was observed to be -# as large as 4x:-) CBC performance is virtually identical to ECB now -# and on some platforms even better, e.g. 17.6 "small" cycles/byte on -# Opteron, because certain function prologues and epilogues are -# effectively taken out of the loop... -# -# Version 3.2 implements compressed tables and prefetch of these tables -# in CBC[!] mode. Former means that 3/4 of table references are now -# misaligned, which unfortunately has negative impact on elder IA-32 -# implementations, Pentium suffered 30% penalty, PIII - 10%. -# -# Version 3.3 avoids L1 cache aliasing between stack frame and -# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The -# latter is achieved by copying the key schedule to controlled place in -# stack. This unfortunately has rather strong impact on small block CBC -# performance, ~2x deterioration on 16-byte block if compared to 3.3. -# -# Version 3.5 checks if there is L1 cache aliasing between user-supplied -# key schedule and S-boxes and abstains from copying the former if -# there is no. This allows end-user to consciously retain small block -# performance by aligning key schedule in specific manner. -# -# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. -# -# Current ECB performance numbers for 128-bit key in CPU cycles per -# processed byte [measure commonly used by AES benchmarkers] are: -# -# small footprint fully unrolled -# P4 24 22 -# AMD K8 20 19 -# PIII 25 23 -# Pentium 81 78 -# -# Version 3.7 reimplements outer rounds as "compact." Meaning that -# first and last rounds reference compact 256 bytes S-box. This means -# that first round consumes a lot more CPU cycles and that encrypt -# and decrypt performance becomes asymmetric. Encrypt performance -# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is -# aggressively pre-fetched. -# -# Version 4.0 effectively rolls back to 3.6 and instead implements -# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact, -# which use exclusively 256 byte S-box. These functions are to be -# called in modes not concealing plain text, such as ECB, or when -# we're asked to process smaller amount of data [or unconditionally -# on hyper-threading CPU]. Currently it's called unconditionally from -# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine -# still needs to be modified to switch between slower and faster -# mode when appropriate... But in either case benchmark landscape -# changes dramatically and below numbers are CPU cycles per processed -# byte for 128-bit key. -# -# ECB encrypt ECB decrypt CBC large chunk -# P4 52[54] 83[95] 23 -# AMD K8 46[41] 66[70] 18 -# PIII 41[50] 60[77] 24 -# Core 2 31[36] 45[64] 18.5 -# Atom 76[100] 96[138] 60 -# Pentium 115 150 77 -# -# Version 4.1 switches to compact S-box even in key schedule setup. -# -# Version 4.2 prefetches compact S-box in every SSE round or in other -# words every cache-line is *guaranteed* to be accessed within ~50 -# cycles window. Why just SSE? Because it's needed on hyper-threading -# CPU! Which is also why it's prefetched with 64 byte stride. Best -# part is that it has no negative effect on performance:-) -# -# Version 4.3 implements switch between compact and non-compact block -# functions in AES_cbc_encrypt depending on how much data was asked -# to be processed in one stroke. -# -###################################################################### -# Timing attacks are classified in two classes: synchronous when -# attacker consciously initiates cryptographic operation and collects -# timing data of various character afterwards, and asynchronous when -# malicious code is executed on same CPU simultaneously with AES, -# instruments itself and performs statistical analysis of this data. -# -# As far as synchronous attacks go the root to the AES timing -# vulnerability is twofold. Firstly, of 256 S-box elements at most 160 -# are referred to in single 128-bit block operation. Well, in C -# implementation with 4 distinct tables it's actually as little as 40 -# references per 256 elements table, but anyway... Secondly, even -# though S-box elements are clustered into smaller amount of cache- -# lines, smaller than 160 and even 40, it turned out that for certain -# plain-text pattern[s] or simply put chosen plain-text and given key -# few cache-lines remain unaccessed during block operation. Now, if -# attacker can figure out this access pattern, he can deduct the key -# [or at least part of it]. The natural way to mitigate this kind of -# attacks is to minimize the amount of cache-lines in S-box and/or -# prefetch them to ensure that every one is accessed for more uniform -# timing. But note that *if* plain-text was concealed in such way that -# input to block function is distributed *uniformly*, then attack -# wouldn't apply. Now note that some encryption modes, most notably -# CBC, do mask the plain-text in this exact way [secure cipher output -# is distributed uniformly]. Yes, one still might find input that -# would reveal the information about given key, but if amount of -# candidate inputs to be tried is larger than amount of possible key -# combinations then attack becomes infeasible. This is why revised -# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk -# of data is to be processed in one stroke. The current size limit of -# 512 bytes is chosen to provide same [diminishingly low] probability -# for cache-line to remain untouched in large chunk operation with -# large S-box as for single block operation with compact S-box and -# surely needs more careful consideration... -# -# As for asynchronous attacks. There are two flavours: attacker code -# being interleaved with AES on hyper-threading CPU at *instruction* -# level, and two processes time sharing single core. As for latter. -# Two vectors. 1. Given that attacker process has higher priority, -# yield execution to process performing AES just before timer fires -# off the scheduler, immediately regain control of CPU and analyze the -# cache state. For this attack to be efficient attacker would have to -# effectively slow down the operation by several *orders* of magnitude, -# by ratio of time slice to duration of handful of AES rounds, which -# unlikely to remain unnoticed. Not to mention that this also means -# that he would spend correspondingly more time to collect enough -# statistical data to mount the attack. It's probably appropriate to -# say that if adversary reckons that this attack is beneficial and -# risks to be noticed, you probably have larger problems having him -# mere opportunity. In other words suggested code design expects you -# to preclude/mitigate this attack by overall system security design. -# 2. Attacker manages to make his code interrupt driven. In order for -# this kind of attack to be feasible, interrupt rate has to be high -# enough, again comparable to duration of handful of AES rounds. But -# is there interrupt source of such rate? Hardly, not even 1Gbps NIC -# generates interrupts at such raging rate... -# -# And now back to the former, hyper-threading CPU or more specifically -# Intel P4. Recall that asynchronous attack implies that malicious -# code instruments itself. And naturally instrumentation granularity -# has be noticeably lower than duration of codepath accessing S-box. -# Given that all cache-lines are accessed during that time that is. -# Current implementation accesses *all* cache-lines within ~50 cycles -# window, which is actually *less* than RDTSC latency on Intel P4! - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop; -open OUT,">$output"; -*STDOUT=*OUT; - -&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); -&static_label("AES_Te"); -&static_label("AES_Td"); - -$s0="eax"; -$s1="ebx"; -$s2="ecx"; -$s3="edx"; -$key="edi"; -$acc="esi"; -$tbl="ebp"; - -# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated -# by caller -$__ra=&DWP(0,"esp"); # return address -$__s0=&DWP(4,"esp"); # s0 backing store -$__s1=&DWP(8,"esp"); # s1 backing store -$__s2=&DWP(12,"esp"); # s2 backing store -$__s3=&DWP(16,"esp"); # s3 backing store -$__key=&DWP(20,"esp"); # pointer to key schedule -$__end=&DWP(24,"esp"); # pointer to end of key schedule -$__tbl=&DWP(28,"esp"); # %ebp backing store - -# stack frame layout in AES_[en|crypt] routines, which differs from -# above by 4 and overlaps by %ebp backing store -$_tbl=&DWP(24,"esp"); -$_esp=&DWP(28,"esp"); - -sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } - -$speed_limit=512; # chunks smaller than $speed_limit are - # processed with compact routine in CBC mode -$small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent ?-archs], but ~5 times smaller! - # I favor compact code to minimize cache - # contention and in hope to "collect" 5% back - # in real-life applications... - -$vertical_spin=0; # shift "vertically" defaults to 0, because of - # its proof-of-concept status... -# Note that there is no decvert(), as well as last encryption round is -# performed with "horizontal" shifts. This is because this "vertical" -# implementation [one which groups shifts on a given $s[i] to form a -# "column," unlike "horizontal" one, which groups shifts on different -# $s[i] to form a "row"] is work in progress. It was observed to run -# few percents faster on Intel cores, but not AMD. On AMD K8 core it's -# whole 12% slower:-( So we face a trade-off... Shall it be resolved -# some day? Till then the code is considered experimental and by -# default remains dormant... - -sub encvert() -{ my ($te, at s) = @_; - my ($v0,$v1) = ($acc,$key); - - &mov ($v0,$s[3]); # copy s3 - &mov (&DWP(4,"esp"),$s[2]); # save s2 - &mov ($v1,$s[0]); # copy s0 - &mov (&DWP(8,"esp"),$s[1]); # save s1 - - &movz ($s[2],&HB($s[0])); - &and ($s[0],0xFF); - &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0 - &shr ($v1,16); - &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8 - &movz ($s[1],&HB($v1)); - &and ($v1,0xFF); - &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16 - &mov ($v1,$v0); - &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24 - - &and ($v0,0xFF); - &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0 - &movz ($v0,&HB($v1)); - &shr ($v1,16); - &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8 - &movz ($v0,&HB($v1)); - &and ($v1,0xFF); - &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16 - &mov ($v1,&DWP(4,"esp")); # restore s2 - &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24 - - &mov ($v0,$v1); - &and ($v1,0xFF); - &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0 - &movz ($v1,&HB($v0)); - &shr ($v0,16); - &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8 - &movz ($v1,&HB($v0)); - &and ($v0,0xFF); - &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16 - &mov ($v0,&DWP(8,"esp")); # restore s1 - &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24 - - &mov ($v1,$v0); - &and ($v0,0xFF); - &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0 - &movz ($v0,&HB($v1)); - &shr ($v1,16); - &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8 - &movz ($v0,&HB($v1)); - &and ($v1,0xFF); - &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16 - &mov ($key,$__key); # reincarnate v1 as key - &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24 -} - -# Another experimental routine, which features "horizontal spin," but -# eliminates one reference to stack. Strangely enough runs slower... -sub enchoriz() -{ my ($v0,$v1) = ($key,$acc); - - &movz ($v0,&LB($s0)); # 3, 2, 1, 0* - &rotr ($s2,8); # 8,11,10, 9 - &mov ($v1,&DWP(0,$te,$v0,8)); # 0 - &movz ($v0,&HB($s1)); # 7, 6, 5*, 4 - &rotr ($s3,16); # 13,12,15,14 - &xor ($v1,&DWP(3,$te,$v0,8)); # 5 - &movz ($v0,&HB($s2)); # 8,11,10*, 9 - &rotr ($s0,16); # 1, 0, 3, 2 - &xor ($v1,&DWP(2,$te,$v0,8)); # 10 - &movz ($v0,&HB($s3)); # 13,12,15*,14 - &xor ($v1,&DWP(1,$te,$v0,8)); # 15, t[0] collected - &mov ($__s0,$v1); # t[0] saved - - &movz ($v0,&LB($s1)); # 7, 6, 5, 4* - &shr ($s1,16); # -, -, 7, 6 - &mov ($v1,&DWP(0,$te,$v0,8)); # 4 - &movz ($v0,&LB($s3)); # 13,12,15,14* - &xor ($v1,&DWP(2,$te,$v0,8)); # 14 - &movz ($v0,&HB($s0)); # 1, 0, 3*, 2 - &and ($s3,0xffff0000); # 13,12, -, - - &xor ($v1,&DWP(1,$te,$v0,8)); # 3 - &movz ($v0,&LB($s2)); # 8,11,10, 9* - &or ($s3,$s1); # 13,12, 7, 6 - &xor ($v1,&DWP(3,$te,$v0,8)); # 9, t[1] collected - &mov ($s1,$v1); # s[1]=t[1] - - &movz ($v0,&LB($s0)); # 1, 0, 3, 2* - &shr ($s2,16); # -, -, 8,11 - &mov ($v1,&DWP(2,$te,$v0,8)); # 2 - &movz ($v0,&HB($s3)); # 13,12, 7*, 6 - &xor ($v1,&DWP(1,$te,$v0,8)); # 7 - &movz ($v0,&HB($s2)); # -, -, 8*,11 - &xor ($v1,&DWP(0,$te,$v0,8)); # 8 - &mov ($v0,$s3); - &shr ($v0,24); # 13 - &xor ($v1,&DWP(3,$te,$v0,8)); # 13, t[2] collected - - &movz ($v0,&LB($s2)); # -, -, 8,11* - &shr ($s0,24); # 1* - &mov ($s2,&DWP(1,$te,$v0,8)); # 11 - &xor ($s2,&DWP(3,$te,$s0,8)); # 1 - &mov ($s0,$__s0); # s[0]=t[0] - &movz ($v0,&LB($s3)); # 13,12, 7, 6* - &shr ($s3,16); # , ,13,12 - &xor ($s2,&DWP(2,$te,$v0,8)); # 6 - &mov ($key,$__key); # reincarnate v0 as key - &and ($s3,0xff); # , ,13,12* - &mov ($s3,&DWP(0,$te,$s3,8)); # 12 - &xor ($s3,$s2); # s[2]=t[3] collected - &mov ($s2,$v1); # s[2]=t[2] -} - -# More experimental code... SSE one... Even though this one eliminates -# *all* references to stack, it's not faster... -sub sse_encbody() -{ - &movz ($acc,&LB("eax")); # 0 - &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 0 - &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2 - &movz ("edx",&HB("eax")); # 1 - &mov ("edx",&DWP(3,$tbl,"edx",8)); # 1 - &shr ("eax",16); # 5, 4 - - &movz ($acc,&LB("ebx")); # 10 - &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 10 - &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8 - &movz ($acc,&HB("ebx")); # 11 - &xor ("edx",&DWP(1,$tbl,$acc,8)); # 11 - &shr ("ebx",16); # 15,14 - - &movz ($acc,&HB("eax")); # 5 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 5 - &movq ("mm3",QWP(16,$key)); - &movz ($acc,&HB("ebx")); # 15 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 15 - &movd ("mm0","ecx"); # t[0] collected - - &movz ($acc,&LB("eax")); # 4 - &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 4 - &movd ("eax","mm2"); # 7, 6, 3, 2 - &movz ($acc,&LB("ebx")); # 14 - &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 14 - &movd ("ebx","mm6"); # 13,12, 9, 8 - - &movz ($acc,&HB("eax")); # 3 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 3 - &movz ($acc,&HB("ebx")); # 9 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 9 - &movd ("mm1","ecx"); # t[1] collected - - &movz ($acc,&LB("eax")); # 2 - &mov ("ecx",&DWP(2,$tbl,$acc,8)); # 2 - &shr ("eax",16); # 7, 6 - &punpckldq ("mm0","mm1"); # t[0,1] collected - &movz ($acc,&LB("ebx")); # 8 - &xor ("ecx",&DWP(0,$tbl,$acc,8)); # 8 - &shr ("ebx",16); # 13,12 - - &movz ($acc,&HB("eax")); # 7 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 7 - &pxor ("mm0","mm3"); - &movz ("eax",&LB("eax")); # 6 - &xor ("edx",&DWP(2,$tbl,"eax",8)); # 6 - &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0 - &movz ($acc,&HB("ebx")); # 13 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 13 - &xor ("ecx",&DWP(24,$key)); # t[2] - &movd ("mm4","ecx"); # t[2] collected - &movz ("ebx",&LB("ebx")); # 12 - &xor ("edx",&DWP(0,$tbl,"ebx",8)); # 12 - &shr ("ecx",16); - &movd ("eax","mm1"); # 5, 4, 1, 0 - &mov ("ebx",&DWP(28,$key)); # t[3] - &xor ("ebx","edx"); - &movd ("mm5","ebx"); # t[3] collected - &and ("ebx",0xffff0000); - &or ("ebx","ecx"); - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - -###################################################################### -# "Compact" block function -###################################################################### - -sub enccompact() -{ my $Fn = \&mov; - while ($#_>5) { pop(@_); $Fn=sub{}; } - my ($i,$te, at s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # $Fn is used in first compact round and its purpose is to - # void restoration of some values from stack, so that after - # 4xenccompact with extra argument $key value is left there... - if ($i==3) { &$Fn ($key,$__key); }##%edx - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &movz ($out,&BP(-128,$te,$out,1)); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24); } - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } - &comment(); -} - -sub enctransform() -{ my @s = ($s0,$s1,$s2,$s3); - my $i = shift; - my $tmp = $tbl; - my $r2 = $key ; - - &and ($tmp,$s[$i]); - &lea ($r2,&DWP(0,$s[$i],$s[$i])); - &mov ($acc,$tmp); - &shr ($tmp,7); - &and ($r2,0xfefefefe); - &sub ($acc,$tmp); - &mov ($tmp,$s[$i]); - &and ($acc,0x1b1b1b1b); - &rotr ($tmp,16); - &xor ($acc,$r2); # r2 - &mov ($r2,$s[$i]); - - &xor ($s[$i],$acc); # r0 ^ r2 - &rotr ($r2,16+8); - &xor ($acc,$tmp); - &rotl ($s[$i],24); - &xor ($acc,$r2); - &mov ($tmp,0x80808080) if ($i!=1); - &xor ($s[$i],$acc); # ROTATE(r2^r0,24) ^ r2 -} - -&function_begin_B("_x86_AES_encrypt_compact"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - # prefetch Te4 - &mov ($key,&DWP(0-128,$tbl)); - &mov ($acc,&DWP(32-128,$tbl)); - &mov ($key,&DWP(64-128,$tbl)); - &mov ($acc,&DWP(96-128,$tbl)); - &mov ($key,&DWP(128-128,$tbl)); - &mov ($acc,&DWP(160-128,$tbl)); - &mov ($key,&DWP(192-128,$tbl)); - &mov ($acc,&DWP(224-128,$tbl)); - - &set_label("loop",16); - - &enccompact(0,$tbl,$s0,$s1,$s2,$s3,1); - &enccompact(1,$tbl,$s1,$s2,$s3,$s0,1); - &enccompact(2,$tbl,$s2,$s3,$s0,$s1,1); - &enccompact(3,$tbl,$s3,$s0,$s1,$s2,1); - &mov ($tbl,0x80808080); - &enctransform(2); - &enctransform(3); - &enctransform(0); - &enctransform(1); - &mov ($key,$__key); - &mov ($tbl,$__tbl); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - - &enccompact(0,$tbl,$s0,$s1,$s2,$s3); - &enccompact(1,$tbl,$s1,$s2,$s3,$s0); - &enccompact(2,$tbl,$s2,$s3,$s0,$s1); - &enccompact(3,$tbl,$s3,$s0,$s1,$s2); - - &xor ($s0,&DWP(16,$key)); - &xor ($s1,&DWP(20,$key)); - &xor ($s2,&DWP(24,$key)); - &xor ($s3,&DWP(28,$key)); - - &ret (); -&function_end_B("_x86_AES_encrypt_compact"); - -###################################################################### -# "Compact" SSE block function. -###################################################################### -# -# Performance is not actually extraordinary in comparison to pure -# x86 code. In particular encrypt performance is virtually the same. -# Decrypt performance on the other hand is 15-20% better on newer -# ?-archs [but we're thankful for *any* improvement here], and ~50% -# better on PIII:-) And additionally on the pros side this code -# eliminates redundant references to stack and thus relieves/ -# minimizes the pressure on the memory bus. -# -# MMX register layout lsb -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# | mm4 | mm0 | -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# | s3 | s2 | s1 | s0 | -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0| -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# -# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8. -# In this terms encryption and decryption "compact" permutation -# matrices can be depicted as following: -# -# encryption lsb # decryption lsb -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t0 || 15 | 10 | 5 | 0 | # | t0 || 7 | 10 | 13 | 0 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t1 || 3 | 14 | 9 | 4 | # | t1 || 11 | 14 | 1 | 4 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t2 || 7 | 2 | 13 | 8 | # | t2 || 15 | 2 | 5 | 8 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t3 || 11 | 6 | 1 | 12 | # | t3 || 3 | 6 | 9 | 12 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# -###################################################################### -# Why not xmm registers? Short answer. It was actually tested and -# was not any faster, but *contrary*, most notably on Intel CPUs. -# Longer answer. Main advantage of using mm registers is that movd -# latency is lower, especially on Intel P4. While arithmetic -# instructions are twice as many, they can be scheduled every cycle -# and not every second one when they are operating on xmm register, -# so that "arithmetic throughput" remains virtually the same. And -# finally the code can be executed even on elder SSE-only CPUs:-) - -sub sse_enccompact() -{ - &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0 - &pshufw ("mm5","mm4",0x0d); # 15,14,11,10 - &movd ("eax","mm1"); # 5, 4, 1, 0 - &movd ("ebx","mm5"); # 15,14,11,10 - &mov ($__key,$key); - - &movz ($acc,&LB("eax")); # 0 - &movz ("edx",&HB("eax")); # 1 - &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2 - &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0 - &movz ($key,&LB("ebx")); # 10 - &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1 - &shr ("eax",16); # 5, 4 - &shl ("edx",8); # 1 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 10 - &movz ($key,&HB("ebx")); # 11 - &shl ($acc,16); # 10 - &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8 - &or ("ecx",$acc); # 10 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 11 - &movz ($key,&HB("eax")); # 5 - &shl ($acc,24); # 11 - &shr ("ebx",16); # 15,14 - &or ("edx",$acc); # 11 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 5 - &movz ($key,&HB("ebx")); # 15 - &shl ($acc,8); # 5 - &or ("ecx",$acc); # 5 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 15 - &movz ($key,&LB("eax")); # 4 - &shl ($acc,24); # 15 - &or ("ecx",$acc); # 15 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 4 - &movz ($key,&LB("ebx")); # 14 - &movd ("eax","mm2"); # 7, 6, 3, 2 - &movd ("mm0","ecx"); # t[0] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 14 - &movz ($key,&HB("eax")); # 3 - &shl ("ecx",16); # 14 - &movd ("ebx","mm6"); # 13,12, 9, 8 - &or ("ecx",$acc); # 14 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 3 - &movz ($key,&HB("ebx")); # 9 - &shl ($acc,24); # 3 - &or ("ecx",$acc); # 3 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 9 - &movz ($key,&LB("ebx")); # 8 - &shl ($acc,8); # 9 - &shr ("ebx",16); # 13,12 - &or ("ecx",$acc); # 9 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 8 - &movz ($key,&LB("eax")); # 2 - &shr ("eax",16); # 7, 6 - &movd ("mm1","ecx"); # t[1] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 2 - &movz ($key,&HB("eax")); # 7 - &shl ("ecx",16); # 2 - &and ("eax",0xff); # 6 - &or ("ecx",$acc); # 2 - - &punpckldq ("mm0","mm1"); # t[0,1] collected - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 7 - &movz ($key,&HB("ebx")); # 13 - &shl ($acc,24); # 7 - &and ("ebx",0xff); # 12 - &movz ("eax",&BP(-128,$tbl,"eax",1)); # 6 - &or ("ecx",$acc); # 7 - &shl ("eax",16); # 6 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 13 - &or ("edx","eax"); # 6 - &shl ($acc,8); # 13 - &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 12 - &or ("ecx",$acc); # 13 - &or ("edx","ebx"); # 12 - &mov ($key,$__key); - &movd ("mm4","ecx"); # t[2] collected - &movd ("mm5","edx"); # t[3] collected - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - - if (!$x86only) { -&function_begin_B("_sse_AES_encrypt_compact"); - &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0 - &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8 - - # note that caller is expected to allocate stack frame for me! - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &mov ($s0,0x1b1b1b1b); # magic constant - &mov (&DWP(8,"esp"),$s0); - &mov (&DWP(12,"esp"),$s0); - - # prefetch Te4 - &mov ($s0,&DWP(0-128,$tbl)); - &mov ($s1,&DWP(32-128,$tbl)); - &mov ($s2,&DWP(64-128,$tbl)); - &mov ($s3,&DWP(96-128,$tbl)); - &mov ($s0,&DWP(128-128,$tbl)); - &mov ($s1,&DWP(160-128,$tbl)); - &mov ($s2,&DWP(192-128,$tbl)); - &mov ($s3,&DWP(224-128,$tbl)); - - &set_label("loop",16); - &sse_enccompact(); - &add ($key,16); - &cmp ($key,$__end); - &ja (&label("out")); - - &movq ("mm2",&QWP(8,"esp")); - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &movq ("mm1","mm0"); &movq ("mm5","mm4"); # r0 - &pcmpgtb("mm3","mm0"); &pcmpgtb("mm7","mm4"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &pshufw ("mm2","mm0",0xb1); &pshufw ("mm6","mm4",0xb1);# ROTATE(r0,16) - &paddb ("mm0","mm0"); &paddb ("mm4","mm4"); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # = r2 - &pshufw ("mm3","mm2",0xb1); &pshufw ("mm7","mm6",0xb1);# r0 - &pxor ("mm1","mm0"); &pxor ("mm5","mm4"); # r0^r2 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(r0,16) - - &movq ("mm2","mm3"); &movq ("mm6","mm7"); - &pslld ("mm3",8); &pslld ("mm7",8); - &psrld ("mm2",24); &psrld ("mm6",24); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= r0<<8 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= r0>>24 - - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key)); - &psrld ("mm1",8); &psrld ("mm5",8); - &mov ($s0,&DWP(0-128,$tbl)); - &pslld ("mm3",24); &pslld ("mm7",24); - &mov ($s1,&DWP(64-128,$tbl)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= (r2^r0)<<8 - &mov ($s2,&DWP(128-128,$tbl)); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= (r2^r0)>>24 - &mov ($s3,&DWP(192-128,$tbl)); - - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); - &jmp (&label("loop")); - - &set_label("out",16); - &pxor ("mm0",&QWP(0,$key)); - &pxor ("mm4",&QWP(8,$key)); - - &ret (); -&function_end_B("_sse_AES_encrypt_compact"); - } - -###################################################################### -# Vanilla block function. -###################################################################### - -sub encstep() -{ my ($i,$te, at s) = @_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # lines marked with #%e?x[i] denote "reordered" instructions... - if ($i==3) { &mov ($key,$__key); }##%edx - else { &mov ($out,$s[0]); - &and ($out,0xFF); } - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &mov ($out,&DWP(0,$te,$out,8)); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &xor ($out,&DWP(3,$te,$tmp,8)); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &xor ($out,&DWP(2,$te,$tmp,8)); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24) } - &xor ($out,&DWP(1,$te,$tmp,8)); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } - &comment(); -} - -sub enclast() -{ my ($i,$te, at s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - if ($i==3) { &mov ($key,$__key); }##%edx - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &mov ($out,&DWP(2,$te,$out,8)); - &and ($out,0x000000ff); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &mov ($tmp,&DWP(0,$te,$tmp,8)); - &and ($tmp,0x0000ff00); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &mov ($tmp,&DWP(0,$te,$tmp,8)); - &and ($tmp,0x00ff0000); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24); } - &mov ($tmp,&DWP(2,$te,$tmp,8)); - &and ($tmp,0xff000000); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } -} - -&function_begin_B("_x86_AES_encrypt"); - if ($vertical_spin) { - # I need high parts of volatile registers to be accessible... - &exch ($s1="edi",$key="ebx"); - &mov ($s2="esi",$acc="ecx"); - } - - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - if ($small_footprint) { - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &set_label("loop",16); - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - } - else { - &cmp ($acc,10); - &jle (&label("10rounds")); - &cmp ($acc,12); - &jle (&label("12rounds")); - - &set_label("14rounds",4); - for ($i=1;$i<3;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("12rounds",4); - for ($i=1;$i<3;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("10rounds",4); - for ($i=1;$i<10;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - } - - if ($vertical_spin) { - # "reincarnate" some registers for "horizontal" spin... - &mov ($s1="ebx",$key="edi"); - &mov ($s2="ecx",$acc="esi"); - } - &enclast(0,$tbl,$s0,$s1,$s2,$s3); - &enclast(1,$tbl,$s1,$s2,$s3,$s0); - &enclast(2,$tbl,$s2,$s3,$s0,$s1); - &enclast(3,$tbl,$s3,$s0,$s1,$s2); - - &add ($key,$small_footprint?16:160); - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &ret (); - -&set_label("AES_Te",64); # Yes! I keep it in the code segment! - &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); - &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); - &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); - &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); - &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); - &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); - &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); - &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); - &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); - &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); - &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); - &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); - &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); - &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); - &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); - &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); - &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); - &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); - &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); - &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); - &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); - &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); - &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); - &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); - &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); - &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); - &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); - &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); - &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); - &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); - &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); - &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); - &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); - &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); - &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); - &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); - &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); - &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); - &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); - &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); - &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); - &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); - &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); - &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); - &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); - &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); - &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); - &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); - &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); - &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); - &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); - &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); - &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); - &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); - &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); - &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); - &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); - &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); - &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); - &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); - &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); - &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); - &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); - &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); - -#Te4 # four copies of Te4 to choose from to avoid L1 aliasing - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); -#rcon: - &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008); - &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080); - &data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000); - &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000); -&function_end_B("_x86_AES_encrypt"); - -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); -&function_begin("AES_encrypt"); - &mov ($acc,&wparam(0)); # load inp - &mov ($key,&wparam(2)); # load key - - &mov ($s0,"esp"); - &sub ("esp",36); - &and ("esp",-64); # align to cache-line - - # place stack frame just "above" the key schedule - &lea ($s1,&DWP(-64-63,$key)); - &sub ($s1,"esp"); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp",$s1); - &add ("esp",4); # 4 is reserved for caller's return address - &mov ($_esp,$s0); # save stack pointer - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - &lea ($s1,&DWP(768-4,"esp")); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - if (!$x86only) { - &bt (&DWP(0,$s0),25); # check for SSE bit - &jnc (&label("x86")); - - &movq ("mm0",&QWP(0,$acc)); - &movq ("mm4",&QWP(8,$acc)); - &call ("_sse_AES_encrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &movq (&QWP(0,$acc),"mm0"); # write output data - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &function_end_A(); - } - &set_label("x86",16); - &mov ($_tbl,$tbl); - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - &call ("_x86_AES_encrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &mov (&DWP(0,$acc),$s0); # write output data - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); -&function_end("AES_encrypt"); - -#--------------------------------------------------------------------# - -###################################################################### -# "Compact" block function -###################################################################### - -sub deccompact() -{ my $Fn = \&mov; - while ($#_>5) { pop(@_); $Fn=sub{}; } - my ($i,$td, at s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # $Fn is used in first compact round and its purpose is to - # void restoration of some values from stack, so that after - # 4xdeccompact with extra argument $key, $s0 and $s1 values - # are left there... - if($i==3) { &$Fn ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &movz ($out,&BP(-128,$td,$out,1)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &$Fn ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &$Fn ($s[3],$__s0); } -} - -# must be called with 2,3,0,1 as argument sequence!!! -sub dectransform() -{ my @s = ($s0,$s1,$s2,$s3); - my $i = shift; - my $tmp = $key; - my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1); - my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1); - my $tp8 = $tbl; - - &mov ($tmp,0x80808080); - &and ($tmp,$s[$i]); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp2,&DWP(0,$s[$i],$s[$i])); - &sub ($acc,$tmp); - &and ($tp2,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp2); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp4,&DWP(0,$tp2,$tp2)); - &sub ($acc,$tmp); - &and ($tp4,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$s[$i]); # tp2^tp1 - &xor ($tp4,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp4); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp8,&DWP(0,$tp4,$tp4)); - &sub ($acc,$tmp); - &and ($tp8,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp4,$s[$i]); # tp4^tp1 - &rotl ($s[$i],8); # = ROTATE(tp1,8) - &xor ($tp8,$acc); - - &xor ($s[$i],$tp2); - &xor ($tp2,$tp8); - &xor ($s[$i],$tp4); - &xor ($tp4,$tp8); - &rotl ($tp2,24); - &xor ($s[$i],$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1) - &rotl ($tp4,16); - &xor ($s[$i],$tp2); # ^= ROTATE(tp8^tp2^tp1,24) - &rotl ($tp8,8); - &xor ($s[$i],$tp4); # ^= ROTATE(tp8^tp4^tp1,16) - &mov ($s[0],$__s0) if($i==2); #prefetch $s0 - &mov ($s[1],$__s1) if($i==3); #prefetch $s1 - &mov ($s[2],$__s2) if($i==1); - &xor ($s[$i],$tp8); # ^= ROTATE(tp8,8) - - &mov ($s[3],$__s3) if($i==1); - &mov (&DWP(4+4*$i,"esp"),$s[$i]) if($i>=2); -} - -&function_begin_B("_x86_AES_decrypt_compact"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - # prefetch Td4 - &mov ($key,&DWP(0-128,$tbl)); - &mov ($acc,&DWP(32-128,$tbl)); - &mov ($key,&DWP(64-128,$tbl)); - &mov ($acc,&DWP(96-128,$tbl)); - &mov ($key,&DWP(128-128,$tbl)); - &mov ($acc,&DWP(160-128,$tbl)); - &mov ($key,&DWP(192-128,$tbl)); - &mov ($acc,&DWP(224-128,$tbl)); - - &set_label("loop",16); - - &deccompact(0,$tbl,$s0,$s3,$s2,$s1,1); - &deccompact(1,$tbl,$s1,$s0,$s3,$s2,1); - &deccompact(2,$tbl,$s2,$s1,$s0,$s3,1); - &deccompact(3,$tbl,$s3,$s2,$s1,$s0,1); - &dectransform(2); - &dectransform(3); - &dectransform(0); - &dectransform(1); - &mov ($key,$__key); - &mov ($tbl,$__tbl); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - - &deccompact(0,$tbl,$s0,$s3,$s2,$s1); - &deccompact(1,$tbl,$s1,$s0,$s3,$s2); - &deccompact(2,$tbl,$s2,$s1,$s0,$s3); - &deccompact(3,$tbl,$s3,$s2,$s1,$s0); - - &xor ($s0,&DWP(16,$key)); - &xor ($s1,&DWP(20,$key)); - &xor ($s2,&DWP(24,$key)); - &xor ($s3,&DWP(28,$key)); - - &ret (); -&function_end_B("_x86_AES_decrypt_compact"); - -###################################################################### -# "Compact" SSE block function. -###################################################################### - -sub sse_deccompact() -{ - &pshufw ("mm1","mm0",0x0c); # 7, 6, 1, 0 - &pshufw ("mm5","mm4",0x09); # 13,12,11,10 - &movd ("eax","mm1"); # 7, 6, 1, 0 - &movd ("ebx","mm5"); # 13,12,11,10 - &mov ($__key,$key); - - &movz ($acc,&LB("eax")); # 0 - &movz ("edx",&HB("eax")); # 1 - &pshufw ("mm2","mm0",0x06); # 3, 2, 5, 4 - &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0 - &movz ($key,&LB("ebx")); # 10 - &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1 - &shr ("eax",16); # 7, 6 - &shl ("edx",8); # 1 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 10 - &movz ($key,&HB("ebx")); # 11 - &shl ($acc,16); # 10 - &pshufw ("mm6","mm4",0x03); # 9, 8,15,14 - &or ("ecx",$acc); # 10 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 11 - &movz ($key,&HB("eax")); # 7 - &shl ($acc,24); # 11 - &shr ("ebx",16); # 13,12 - &or ("edx",$acc); # 11 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 7 - &movz ($key,&HB("ebx")); # 13 - &shl ($acc,24); # 7 - &or ("ecx",$acc); # 7 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 13 - &movz ($key,&LB("eax")); # 6 - &shl ($acc,8); # 13 - &movd ("eax","mm2"); # 3, 2, 5, 4 - &or ("ecx",$acc); # 13 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 6 - &movz ($key,&LB("ebx")); # 12 - &shl ($acc,16); # 6 - &movd ("ebx","mm6"); # 9, 8,15,14 - &movd ("mm0","ecx"); # t[0] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 12 - &movz ($key,&LB("eax")); # 4 - &or ("ecx",$acc); # 12 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 4 - &movz ($key,&LB("ebx")); # 14 - &or ("edx",$acc); # 4 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 14 - &movz ($key,&HB("eax")); # 5 - &shl ($acc,16); # 14 - &shr ("eax",16); # 3, 2 - &or ("edx",$acc); # 14 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 5 - &movz ($key,&HB("ebx")); # 15 - &shr ("ebx",16); # 9, 8 - &shl ($acc,8); # 5 - &movd ("mm1","edx"); # t[1] collected - &movz ("edx",&BP(-128,$tbl,$key,1)); # 15 - &movz ($key,&HB("ebx")); # 9 - &shl ("edx",24); # 15 - &and ("ebx",0xff); # 8 - &or ("edx",$acc); # 15 - - &punpckldq ("mm0","mm1"); # t[0,1] collected - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 9 - &movz ($key,&LB("eax")); # 2 - &shl ($acc,8); # 9 - &movz ("eax",&HB("eax")); # 3 - &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 8 - &or ("ecx",$acc); # 9 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 2 - &or ("edx","ebx"); # 8 - &shl ($acc,16); # 2 - &movz ("eax",&BP(-128,$tbl,"eax",1)); # 3 - &or ("edx",$acc); # 2 - &shl ("eax",24); # 3 - &or ("ecx","eax"); # 3 - &mov ($key,$__key); - &movd ("mm4","edx"); # t[2] collected - &movd ("mm5","ecx"); # t[3] collected - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - - if (!$x86only) { -&function_begin_B("_sse_AES_decrypt_compact"); - &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0 - &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8 - - # note that caller is expected to allocate stack frame for me! - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &mov ($s0,0x1b1b1b1b); # magic constant - &mov (&DWP(8,"esp"),$s0); - &mov (&DWP(12,"esp"),$s0); - - # prefetch Td4 - &mov ($s0,&DWP(0-128,$tbl)); - &mov ($s1,&DWP(32-128,$tbl)); - &mov ($s2,&DWP(64-128,$tbl)); - &mov ($s3,&DWP(96-128,$tbl)); - &mov ($s0,&DWP(128-128,$tbl)); - &mov ($s1,&DWP(160-128,$tbl)); - &mov ($s2,&DWP(192-128,$tbl)); - &mov ($s3,&DWP(224-128,$tbl)); - - &set_label("loop",16); - &sse_deccompact(); - &add ($key,16); - &cmp ($key,$__end); - &ja (&label("out")); - - # ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N) - &movq ("mm3","mm0"); &movq ("mm7","mm4"); - &movq ("mm2","mm0",1); &movq ("mm6","mm4",1); - &movq ("mm1","mm0"); &movq ("mm5","mm4"); - &pshufw ("mm0","mm0",0xb1); &pshufw ("mm4","mm4",0xb1);# = ROTATE(tp0,16) - &pslld ("mm2",8); &pslld ("mm6",8); - &psrld ("mm3",8); &psrld ("mm7",8); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<8 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>8 - &pslld ("mm2",16); &pslld ("mm6",16); - &psrld ("mm3",16); &psrld ("mm7",16); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<24 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>24 - - &movq ("mm3",&QWP(8,"esp")); - &pxor ("mm2","mm2"); &pxor ("mm6","mm6"); - &pcmpgtb("mm2","mm1"); &pcmpgtb("mm6","mm5"); - &pand ("mm2","mm3"); &pand ("mm6","mm3"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm2"); &pxor ("mm5","mm6"); # tp2 - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &movq ("mm2","mm1"); &movq ("mm6","mm5"); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp2 - &pslld ("mm3",24); &pslld ("mm7",24); - &psrld ("mm2",8); &psrld ("mm6",8); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp2<<24 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp2>>8 - - &movq ("mm2",&QWP(8,"esp")); - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp4 - &pshufw ("mm3","mm1",0xb1); &pshufw ("mm7","mm5",0xb1); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp4 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= ROTATE(tp4,16) - - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp8 - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8 - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &pshufw ("mm2","mm1",0xb1); &pshufw ("mm6","mm5",0xb1); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(tp8,16) - &pslld ("mm1",8); &pslld ("mm5",8); - &psrld ("mm3",8); &psrld ("mm7",8); - &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<8 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>8 - &mov ($s0,&DWP(0-128,$tbl)); - &pslld ("mm1",16); &pslld ("mm5",16); - &mov ($s1,&DWP(64-128,$tbl)); - &psrld ("mm3",16); &psrld ("mm7",16); - &mov ($s2,&DWP(128-128,$tbl)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<24 - &mov ($s3,&DWP(192-128,$tbl)); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>24 - - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); - &jmp (&label("loop")); - - &set_label("out",16); - &pxor ("mm0",&QWP(0,$key)); - &pxor ("mm4",&QWP(8,$key)); - - &ret (); -&function_end_B("_sse_AES_decrypt_compact"); - } - -###################################################################### -# Vanilla block function. -###################################################################### - -sub decstep() -{ my ($i,$td, at s) = @_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # no instructions are reordered, as performance appears - # optimal... or rather that all attempts to reorder didn't - # result in better performance [which by the way is not a - # bit lower than encryption]. - if($i==3) { &mov ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &mov ($out,&DWP(0,$td,$out,8)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &xor ($out,&DWP(3,$td,$tmp,8)); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { &mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &xor ($out,&DWP(2,$td,$tmp,8)); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &xor ($out,&DWP(1,$td,$tmp,8)); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$__s0); } - &comment(); -} - -sub declast() -{ my ($i,$td, at s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - if($i==0) { &lea ($td,&DWP(2048+128,$td)); - &mov ($tmp,&DWP(0-128,$td)); - &mov ($acc,&DWP(32-128,$td)); - &mov ($tmp,&DWP(64-128,$td)); - &mov ($acc,&DWP(96-128,$td)); - &mov ($tmp,&DWP(128-128,$td)); - &mov ($acc,&DWP(160-128,$td)); - &mov ($tmp,&DWP(192-128,$td)); - &mov ($acc,&DWP(224-128,$td)); - &lea ($td,&DWP(-128,$td)); } - if($i==3) { &mov ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &movz ($out,&BP(0,$td,$out,1)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$__s0); - &lea ($td,&DWP(-2048,$td)); } -} - -&function_begin_B("_x86_AES_decrypt"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - if ($small_footprint) { - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - &set_label("loop",16); - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - } - else { - &cmp ($acc,10); - &jle (&label("10rounds")); - &cmp ($acc,12); - &jle (&label("12rounds")); - - &set_label("14rounds",4); - for ($i=1;$i<3;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("12rounds",4); - for ($i=1;$i<3;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("10rounds",4); - for ($i=1;$i<10;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - } - - &declast(0,$tbl,$s0,$s3,$s2,$s1); - &declast(1,$tbl,$s1,$s0,$s3,$s2); - &declast(2,$tbl,$s2,$s1,$s0,$s3); - &declast(3,$tbl,$s3,$s2,$s1,$s0); - - &add ($key,$small_footprint?16:160); - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &ret (); - -&set_label("AES_Td",64); # Yes! I keep it in the code segment! - &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); - &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); - &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); - &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); - &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); - &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); - &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); - &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); - &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); - &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); - &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); - &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); - &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); - &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); - &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); - &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); - &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); - &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); - &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); - &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); - &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); - &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); - &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); - &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); - &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); - &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); - &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); - &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); - &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); - &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); - &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); - &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); - &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); - &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); - &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); - &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); - &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); - &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); - &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); - &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); - &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); - &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); - &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); - &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); - &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); - &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); - &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); - &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); - &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); - &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); - &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); - &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); - &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); - &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); - &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); - &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); - &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); - &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); - &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); - &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); - &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); - &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); - &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); - &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); - -#Td4: # four copies of Td4 to choose from to avoid L1 aliasing - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -&function_end_B("_x86_AES_decrypt"); - -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -&function_begin("AES_decrypt"); - &mov ($acc,&wparam(0)); # load inp - &mov ($key,&wparam(2)); # load key - - &mov ($s0,"esp"); - &sub ("esp",36); - &and ("esp",-64); # align to cache-line - - # place stack frame just "above" the key schedule - &lea ($s1,&DWP(-64-63,$key)); - &sub ($s1,"esp"); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp",$s1); - &add ("esp",4); # 4 is reserved for caller's return address - &mov ($_esp,$s0); # save stack pointer - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only); - &lea ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl)); - - # pick Td4 copy which can't "overlap" with stack frame or key schedule - &lea ($s1,&DWP(768-4,"esp")); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - if (!$x86only) { - &bt (&DWP(0,$s0),25); # check for SSE bit - &jnc (&label("x86")); - - &movq ("mm0",&QWP(0,$acc)); - &movq ("mm4",&QWP(8,$acc)); - &call ("_sse_AES_decrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &movq (&QWP(0,$acc),"mm0"); # write output data - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &function_end_A(); - } - &set_label("x86",16); - &mov ($_tbl,$tbl); - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - &call ("_x86_AES_decrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &mov (&DWP(0,$acc),$s0); # write output data - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); -&function_end("AES_decrypt"); - -# void AES_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -4(%esp) # return address 0(%esp) -# 0(%esp) # s0 backing store 4(%esp) -# 4(%esp) # s1 backing store 8(%esp) -# 8(%esp) # s2 backing store 12(%esp) -# 12(%esp) # s3 backing store 16(%esp) -# 16(%esp) # key backup 20(%esp) -# 20(%esp) # end of key schedule 24(%esp) -# 24(%esp) # %ebp backup 28(%esp) -# 28(%esp) # %esp backup -my $_inp=&DWP(32,"esp"); # copy of wparam(0) -my $_out=&DWP(36,"esp"); # copy of wparam(1) -my $_len=&DWP(40,"esp"); # copy of wparam(2) -my $_key=&DWP(44,"esp"); # copy of wparam(3) -my $_ivp=&DWP(48,"esp"); # copy of wparam(4) -my $_tmp=&DWP(52,"esp"); # volatile variable -# -my $ivec=&DWP(60,"esp"); # ivec[16] -my $aes_key=&DWP(76,"esp"); # copy of aes_key -my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds - -&function_begin("AES_cbc_encrypt"); - &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len - &cmp ($s2,0); - &je (&label("drop_out")); - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only); - - &cmp (&wparam(5),0); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - &jne (&label("picked_te")); - &lea ($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl)); - &set_label("picked_te"); - - # one can argue if this is required - &pushf (); - &cld (); - - &cmp ($s2,$speed_limit); - &jb (&label("slow_way")); - &test ($s2,15); - &jnz (&label("slow_way")); - if (!$x86only) { - &bt (&DWP(0,$s0),28); # check for hyper-threading bit - &jc (&label("slow_way")); - } - # pre-allocate aligned stack frame... - &lea ($acc,&DWP(-80-244,"esp")); - &and ($acc,-64); - - # ... and make sure it doesn't alias with $tbl modulo 4096 - &mov ($s0,$tbl); - &lea ($s1,&DWP(2048+256,$tbl)); - &mov ($s3,$acc); - &and ($s0,0xfff); # s = %ebp&0xfff - &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff - &and ($s3,0xfff); # p = %esp&0xfff - - &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); - &jb (&label("tbl_break_out")); - &sub ($s3,$s1); - &sub ($acc,$s3); - &jmp (&label("tbl_ok")); - &set_label("tbl_break_out",4); # else %esp -= (p-s)&0xfff + framesz; - &sub ($s3,$s0); - &and ($s3,0xfff); - &add ($s3,384); - &sub ($acc,$s3); - &set_label("tbl_ok",4); - - &lea ($s3,&wparam(0)); # obtain pointer to parameter block - &exch ("esp",$acc); # allocate stack frame - &add ("esp",4); # reserve for return address! - &mov ($_tbl,$tbl); # save %ebp - &mov ($_esp,$acc); # save %esp - - &mov ($s0,&DWP(0,$s3)); # load inp - &mov ($s1,&DWP(4,$s3)); # load out - #&mov ($s2,&DWP(8,$s3)); # load len - &mov ($key,&DWP(12,$s3)); # load key - &mov ($acc,&DWP(16,$s3)); # load ivp - &mov ($s3,&DWP(20,$s3)); # load enc flag - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$key); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - - &mov ($mark,0); # copy of aes_key->rounds = 0; - # do we copy key schedule to stack? - &mov ($s1 eq "ebx" ? $s1 : "",$key); - &mov ($s2 eq "ecx" ? $s2 : "",244/4); - &sub ($s1,$tbl); - &mov ("esi",$key); - &and ($s1,0xfff); - &lea ("edi",$aes_key); - &cmp ($s1,2048+256); - &jb (&label("do_copy")); - &cmp ($s1,4096-244); - &jb (&label("skip_copy")); - &set_label("do_copy",4); - &mov ($_key,"edi"); - &data_word(0xA5F3F689); # rep movsd - &set_label("skip_copy"); - - &mov ($key,16); - &set_label("prefetch_tbl",4); - &mov ($s0,&DWP(0,$tbl)); - &mov ($s1,&DWP(32,$tbl)); - &mov ($s2,&DWP(64,$tbl)); - &mov ($acc,&DWP(96,$tbl)); - &lea ($tbl,&DWP(128,$tbl)); - &sub ($key,1); - &jnz (&label("prefetch_tbl")); - &sub ($tbl,2048); - - &mov ($acc,$_inp); - &mov ($key,$_ivp); - - &cmp ($s3,0); - &je (&label("fast_decrypt")); - -#----------------------------- ENCRYPT -----------------------------# - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &set_label("fast_enc_loop",16); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$acc)); # xor input data - &xor ($s1,&DWP(4,$acc)); - &xor ($s2,&DWP(8,$acc)); - &xor ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_encrypt"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # save output data - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($s2,$_len); # load len - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_enc_loop")); - &mov ($acc,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last 2 dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # save ivec - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &je (&label("skip_ezero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); - &data_word(0xABF3F689); # rep stosd - &set_label("skip_ezero"); - &mov ("esp",$_esp); - &popf (); - &set_label("drop_out"); - &function_end_A(); - &pushf (); # kludge, never executed - -#----------------------------- DECRYPT -----------------------------# -&set_label("fast_decrypt",16); - - &cmp ($acc,$_out); - &je (&label("fast_dec_in_place")); # in-place processing... - - &mov ($_tmp,$key); - - &align (4); - &set_label("fast_dec_loop",16); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt"); - - &mov ($key,$_tmp); # load ivp - &mov ($acc,$_len); # load len - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($key,$_out); # load out - &mov ($acc,$_inp); # load inp - - &mov (&DWP(0,$key),$s0); # write output - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - &mov ($_tmp,$acc); # save ivp - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($key,&DWP(16,$key)); # advance out - &mov ($_out,$key); # save out - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_dec_loop")); - &mov ($key,$_tmp); # load temp ivp - &mov ($acc,$_ivp); # load user ivp - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # copy back to user - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - &jmp (&label("fast_dec_out")); - - &set_label("fast_dec_in_place",16); - &set_label("fast_dec_in_place_loop"); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt"); - - &mov ($key,$_ivp); # load ivp - &mov ($acc,$_out); # load out - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov (&DWP(0,$acc),$s0); # write output - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance out - &mov ($_out,$acc); # save out - - &lea ($acc,$ivec); - &mov ($s0,&DWP(0,$acc)); # read temp - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($acc,$_inp); # load inp - &mov ($s2,$_len); # load len - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_dec_in_place_loop")); - - &set_label("fast_dec_out",4); - &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &je (&label("skip_dzero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); - &data_word(0xABF3F689); # rep stosd - &set_label("skip_dzero"); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - -#--------------------------- SLOW ROUTINE ---------------------------# -&set_label("slow_way",16); - - &mov ($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap - &mov ($key,&wparam(3)); # load key - - # pre-allocate aligned stack frame... - &lea ($acc,&DWP(-80,"esp")); - &and ($acc,-64); - - # ... and make sure it doesn't alias with $key modulo 1024 - &lea ($s1,&DWP(-80-63,$key)); - &sub ($s1,$acc); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ($acc,$s1); - - # pick S-box copy which can't overlap with stack frame or $key - &lea ($s1,&DWP(768,$acc)); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - &lea ($s3,&wparam(0)); # pointer to parameter block - - &exch ("esp",$acc); - &add ("esp",4); # reserve for return address! - &mov ($_tbl,$tbl); # save %ebp - &mov ($_esp,$acc); # save %esp - &mov ($_tmp,$s0); # save OPENSSL_ia32cap - - &mov ($s0,&DWP(0,$s3)); # load inp - &mov ($s1,&DWP(4,$s3)); # load out - #&mov ($s2,&DWP(8,$s3)); # load len - #&mov ($key,&DWP(12,$s3)); # load key - &mov ($acc,&DWP(16,$s3)); # load ivp - &mov ($s3,&DWP(20,$s3)); # load enc flag - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$key); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - - &mov ($key,$acc); - &mov ($acc,$s0); - - &cmp ($s3,0); - &je (&label("slow_decrypt")); - -#--------------------------- SLOW ENCRYPT ---------------------------# - &cmp ($s2,16); - &mov ($s3,$s1); - &jb (&label("slow_enc_tail")); - - if (!$x86only) { - &bt ($_tmp,25); # check for SSE bit - &jnc (&label("slow_enc_x86")); - - &movq ("mm0",&QWP(0,$key)); # load iv - &movq ("mm4",&QWP(8,$key)); - - &set_label("slow_enc_loop_sse",16); - &pxor ("mm0",&QWP(0,$acc)); # xor input data - &pxor ("mm4",&QWP(8,$acc)); - - &mov ($key,$_key); - &call ("_sse_AES_encrypt_compact"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - &mov ($s2,$_len); # load len - - &movq (&QWP(0,$key),"mm0"); # save output data - &movq (&QWP(8,$key),"mm4"); - - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &cmp ($s2,16); - &mov ($_len,$s2); # save len - &jae (&label("slow_enc_loop_sse")); - &test ($s2,15); - &jnz (&label("slow_enc_tail")); - &mov ($acc,$_ivp); # load ivp - &movq (&QWP(0,$acc),"mm0"); # save ivec - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - } - &set_label("slow_enc_x86",16); - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &set_label("slow_enc_loop_x86",4); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$acc)); # xor input data - &xor ($s1,&DWP(4,$acc)); - &xor ($s2,&DWP(8,$acc)); - &xor ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_encrypt_compact"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # save output data - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &cmp ($s2,16); - &mov ($_len,$s2); # save len - &jae (&label("slow_enc_loop_x86")); - &test ($s2,15); - &jnz (&label("slow_enc_tail")); - &mov ($acc,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # save ivec - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_enc_tail",16); - &emms () if (!$x86only); - &mov ($key eq "edi"? $key:"",$s3); # load out to edi - &mov ($s1,16); - &sub ($s1,$s2); - &cmp ($key,$acc eq "esi"? $acc:""); # compare with inp - &je (&label("enc_in_place")); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy input - &jmp (&label("enc_skip_in_place")); - &set_label("enc_in_place"); - &lea ($key,&DWP(0,$key,$s2)); - &set_label("enc_skip_in_place"); - &mov ($s2,$s1); - &xor ($s0,$s0); - &align (4); - &data_word(0xAAF3F689); # rep stosb # zero tail - - &mov ($key,$_ivp); # restore ivp - &mov ($acc,$s3); # output as input - &mov ($s0,&DWP(0,$key)); - &mov ($s1,&DWP(4,$key)); - &mov ($_len,16); # len=16 - &jmp (&label("slow_enc_loop_x86")); # one more spin... - -#--------------------------- SLOW DECRYPT ---------------------------# -&set_label("slow_decrypt",16); - if (!$x86only) { - &bt ($_tmp,25); # check for SSE bit - &jnc (&label("slow_dec_loop_x86")); - - &set_label("slow_dec_loop_sse",4); - &movq ("mm0",&QWP(0,$acc)); # read input - &movq ("mm4",&QWP(8,$acc)); - - &mov ($key,$_key); - &call ("_sse_AES_decrypt_compact"); - - &mov ($acc,$_inp); # load inp - &lea ($s0,$ivec); - &mov ($s1,$_out); # load out - &mov ($s2,$_len); # load len - &mov ($key,$_ivp); # load ivp - - &movq ("mm1",&QWP(0,$acc)); # re-read input - &movq ("mm5",&QWP(8,$acc)); - - &pxor ("mm0",&QWP(0,$key)); # xor iv - &pxor ("mm4",&QWP(8,$key)); - - &movq (&QWP(0,$key),"mm1"); # copy input to iv - &movq (&QWP(8,$key),"mm5"); - - &sub ($s2,16); # decrease len - &jc (&label("slow_dec_partial_sse")); - - &movq (&QWP(0,$s1),"mm0"); # write output - &movq (&QWP(8,$s1),"mm4"); - - &lea ($s1,&DWP(16,$s1)); # advance out - &mov ($_out,$s1); # save out - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &mov ($_len,$s2); # save len - &jnz (&label("slow_dec_loop_sse")); - &emms (); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_dec_partial_sse",16); - &movq (&QWP(0,$s0),"mm0"); # save output to temp - &movq (&QWP(8,$s0),"mm4"); - &emms (); - - &add ($s2 eq "ecx" ? "ecx":"",16); - &mov ("edi",$s1); # out - &mov ("esi",$s0); # temp - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy partial output - - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - } - &set_label("slow_dec_loop_x86",16); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt_compact"); - - &mov ($key,$_ivp); # load ivp - &mov ($acc,$_len); # load len - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &sub ($acc,16); - &jc (&label("slow_dec_partial_x86")); - - &mov ($_len,$acc); # save len - &mov ($acc,$_out); # load out - - &mov (&DWP(0,$acc),$s0); # write output - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance out - &mov ($_out,$acc); # save out - - &lea ($acc,$ivec); - &mov ($s0,&DWP(0,$acc)); # read temp - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy it to iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($acc,$_inp); # load inp - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &jnz (&label("slow_dec_loop_x86")); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_dec_partial_x86",16); - &lea ($acc,$ivec); - &mov (&DWP(0,$acc),$s0); # save output to temp - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &mov ($acc,$_inp); - &mov ($s0,&DWP(0,$acc)); # re-read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy it to iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ("ecx",$_len); - &mov ("edi",$_out); - &lea ("esi",$ivec); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy partial output - - &mov ("esp",$_esp); - &popf (); -&function_end("AES_cbc_encrypt"); -} - -#------------------------------------------------------------------# - -sub enckey() -{ - &movz ("esi",&LB("edx")); # rk[i]>>0 - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[i]>>8 - &shl ("ebx",24); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shr ("edx",16); - &movz ("esi",&LB("edx")); # rk[i]>>16 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[i]>>24 - &shl ("ebx",8); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shl ("ebx",16); - &xor ("eax","ebx"); - - &xor ("eax",&DWP(1024-128,$tbl,"ecx",4)); # rcon -} - -&function_begin("_x86_AES_set_encrypt_key"); - &mov ("esi",&wparam(1)); # user supplied key - &mov ("edi",&wparam(3)); # private key schedule - - &test ("esi",-1); - &jz (&label("badpointer")); - &test ("edi",-1); - &jz (&label("badpointer")); - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($tbl); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - &lea ($tbl,&DWP(2048+128,$tbl)); - - # prefetch Te4 - &mov ("eax",&DWP(0-128,$tbl)); - &mov ("ebx",&DWP(32-128,$tbl)); - &mov ("ecx",&DWP(64-128,$tbl)); - &mov ("edx",&DWP(96-128,$tbl)); - &mov ("eax",&DWP(128-128,$tbl)); - &mov ("ebx",&DWP(160-128,$tbl)); - &mov ("ecx",&DWP(192-128,$tbl)); - &mov ("edx",&DWP(224-128,$tbl)); - - &mov ("ecx",&wparam(2)); # number of bits in key - &cmp ("ecx",128); - &je (&label("10rounds")); - &cmp ("ecx",192); - &je (&label("12rounds")); - &cmp ("ecx",256); - &je (&label("14rounds")); - &mov ("eax",-2); # invalid number of bits - &jmp (&label("exit")); - - &set_label("10rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 4 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("10shortcut")); - - &align (4); - &set_label("10loop"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - &mov ("edx",&DWP(12,"edi")); # rk[3] - &set_label("10shortcut"); - &enckey (); - - &mov (&DWP(16,"edi"),"eax"); # rk[4] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(20,"edi"),"eax"); # rk[5] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(24,"edi"),"eax"); # rk[6] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(28,"edi"),"eax"); # rk[7] - &inc ("ecx"); - &add ("edi",16); - &cmp ("ecx",10); - &jl (&label("10loop")); - - &mov (&DWP(80,"edi"),10); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("12rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 6 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - &mov ("ecx",&DWP(16,"esi")); - &mov ("edx",&DWP(20,"esi")); - &mov (&DWP(16,"edi"),"ecx"); - &mov (&DWP(20,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("12shortcut")); - - &align (4); - &set_label("12loop"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - &mov ("edx",&DWP(20,"edi")); # rk[5] - &set_label("12shortcut"); - &enckey (); - - &mov (&DWP(24,"edi"),"eax"); # rk[6] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(28,"edi"),"eax"); # rk[7] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(32,"edi"),"eax"); # rk[8] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(36,"edi"),"eax"); # rk[9] - - &cmp ("ecx",7); - &je (&label("12break")); - &inc ("ecx"); - - &xor ("eax",&DWP(16,"edi")); - &mov (&DWP(40,"edi"),"eax"); # rk[10] - &xor ("eax",&DWP(20,"edi")); - &mov (&DWP(44,"edi"),"eax"); # rk[11] - - &add ("edi",24); - &jmp (&label("12loop")); - - &set_label("12break"); - &mov (&DWP(72,"edi"),12); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("14rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 8 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("edx",&DWP(28,"esi")); - &mov (&DWP(16,"edi"),"eax"); - &mov (&DWP(20,"edi"),"ebx"); - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("14shortcut")); - - &align (4); - &set_label("14loop"); - &mov ("edx",&DWP(28,"edi")); # rk[7] - &set_label("14shortcut"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - - &enckey (); - - &mov (&DWP(32,"edi"),"eax"); # rk[8] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(36,"edi"),"eax"); # rk[9] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(40,"edi"),"eax"); # rk[10] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(44,"edi"),"eax"); # rk[11] - - &cmp ("ecx",6); - &je (&label("14break")); - &inc ("ecx"); - - &mov ("edx","eax"); - &mov ("eax",&DWP(16,"edi")); # rk[4] - &movz ("esi",&LB("edx")); # rk[11]>>0 - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[11]>>8 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shr ("edx",16); - &shl ("ebx",8); - &movz ("esi",&LB("edx")); # rk[11]>>16 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[11]>>24 - &shl ("ebx",16); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shl ("ebx",24); - &xor ("eax","ebx"); - - &mov (&DWP(48,"edi"),"eax"); # rk[12] - &xor ("eax",&DWP(20,"edi")); - &mov (&DWP(52,"edi"),"eax"); # rk[13] - &xor ("eax",&DWP(24,"edi")); - &mov (&DWP(56,"edi"),"eax"); # rk[14] - &xor ("eax",&DWP(28,"edi")); - &mov (&DWP(60,"edi"),"eax"); # rk[15] - - &add ("edi",32); - &jmp (&label("14loop")); - - &set_label("14break"); - &mov (&DWP(48,"edi"),14); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("badpointer"); - &mov ("eax",-1); - &set_label("exit"); -&function_end("_x86_AES_set_encrypt_key"); - -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&function_begin_B("AES_set_encrypt_key"); - &call ("_x86_AES_set_encrypt_key"); - &ret (); -&function_end_B("AES_set_encrypt_key"); - -sub deckey() -{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_; - my $tmp = $tbl; - - &mov ($tmp,0x80808080); - &and ($tmp,$tp1); - &lea ($tp2,&DWP(0,$tp1,$tp1)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &sub ($acc,$tmp); - &and ($tp2,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp2); - &lea ($tp4,&DWP(0,$tp2,$tp2)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &sub ($acc,$tmp); - &and ($tp4,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$tp1); # tp2^tp1 - &xor ($tp4,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp4); - &lea ($tp8,&DWP(0,$tp4,$tp4)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &xor ($tp4,$tp1); # tp4^tp1 - &sub ($acc,$tmp); - &and ($tp8,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &rotl ($tp1,8); # = ROTATE(tp1,8) - &xor ($tp8,$acc); - - &mov ($tmp,&DWP(4*($i+1),$key)); # modulo-scheduled load - - &xor ($tp1,$tp2); - &xor ($tp2,$tp8); - &xor ($tp1,$tp4); - &rotl ($tp2,24); - &xor ($tp4,$tp8); - &xor ($tp1,$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1) - &rotl ($tp4,16); - &xor ($tp1,$tp2); # ^= ROTATE(tp8^tp2^tp1,24) - &rotl ($tp8,8); - &xor ($tp1,$tp4); # ^= ROTATE(tp8^tp4^tp1,16) - &mov ($tp2,$tmp); - &xor ($tp1,$tp8); # ^= ROTATE(tp8,8) - - &mov (&DWP(4*$i,$key),$tp1); -} - -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&function_begin_B("AES_set_decrypt_key"); - &call ("_x86_AES_set_encrypt_key"); - &cmp ("eax",0); - &je (&label("proceed")); - &ret (); - - &set_label("proceed"); - &push ("ebp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - - &mov ("esi",&wparam(2)); - &mov ("ecx",&DWP(240,"esi")); # pull number of rounds - &lea ("ecx",&DWP(0,"","ecx",4)); - &lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk - - &set_label("invert",4); # invert order of chunks - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(0,"edi")); - &mov ("edx",&DWP(4,"edi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(0,"esi"),"ecx"); - &mov (&DWP(4,"esi"),"edx"); - &mov ("eax",&DWP(8,"esi")); - &mov ("ebx",&DWP(12,"esi")); - &mov ("ecx",&DWP(8,"edi")); - &mov ("edx",&DWP(12,"edi")); - &mov (&DWP(8,"edi"),"eax"); - &mov (&DWP(12,"edi"),"ebx"); - &mov (&DWP(8,"esi"),"ecx"); - &mov (&DWP(12,"esi"),"edx"); - &add ("esi",16); - &sub ("edi",16); - &cmp ("esi","edi"); - &jne (&label("invert")); - - &mov ($key,&wparam(2)); - &mov ($acc,&DWP(240,$key)); # pull number of rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov (&wparam(2),$acc); - - &mov ($s0,&DWP(16,$key)); # modulo-scheduled load - &set_label("permute",4); # permute the key schedule - &add ($key,16); - &deckey (0,$key,$s0,$s1,$s2,$s3); - &deckey (1,$key,$s1,$s2,$s3,$s0); - &deckey (2,$key,$s2,$s3,$s0,$s1); - &deckey (3,$key,$s3,$s0,$s1,$s2); - &cmp ($key,&wparam(2)); - &jb (&label("permute")); - - &xor ("eax","eax"); # return success -&function_end("AES_set_decrypt_key"); -&asciz("AES for x86, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT; diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl deleted file mode 100755 index d87e201147..0000000000 --- a/crypto/aes/asm/aes-x86_64.pl +++ /dev/null @@ -1,2916 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Version 2.1. -# -# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on -# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version -# [you'll notice a lot of resemblance], such as compressed S-boxes -# in little-endian byte order, prefetch of these tables in CBC mode, -# as well as avoiding L1 cache aliasing between stack frame and key -# schedule and already mentioned tables, compressed Td4... -# -# Performance in number of cycles per processed byte for 128-bit key: -# -# ECB encrypt ECB decrypt CBC large chunk -# AMD64 33 43 13.0 -# EM64T 38 56 18.6(*) -# Core 2 30 42 14.5(*) -# Atom 65 86 32.1(*) -# -# (*) with hyper-threading off - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; -*STDOUT=*OUT; - -$verticalspin=1; # unlike 32-bit version $verticalspin performs - # ~15% better on both AMD and Intel cores -$speed_limit=512; # see aes-586.pl for details - -$code=".text\n"; - -$s0="%eax"; -$s1="%ebx"; -$s2="%ecx"; -$s3="%edx"; -$acc0="%esi"; $mask80="%rsi"; -$acc1="%edi"; $maskfe="%rdi"; -$acc2="%ebp"; $mask1b="%rbp"; -$inp="%r8"; -$out="%r9"; -$t0="%r10d"; -$t1="%r11d"; -$t2="%r12d"; -$rnds="%r13d"; -$sbox="%r14"; -$key="%r15"; - -sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } -sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; - $r =~ s/%[er]([sd]i)/%\1l/; - $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } -sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/; - $r =~ s/%r([0-9]+)/%r\1d/; $r; } -sub _data_word() -{ my $i; - while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; } -} -sub data_word() -{ my $i; - my $last=pop(@_); - $code.=".long\t"; - while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; } - $code.=sprintf"0x%08x\n",$last; -} - -sub data_byte() -{ my $i; - my $last=pop(@_); - $code.=".byte\t"; - while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; } - $code.=sprintf"0x%02x\n",$last&0xff; -} - -sub encvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - # favor 3-way issue Opteron pipeline... - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - mov 0($sbox,$acc0,8),$t0 - mov 0($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t2 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - movzb `&lo("$s3")`,$acc2 - xor 3($sbox,$acc0,8),$t0 - xor 3($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t3 - - movzb `&hi("$s3")`,$acc0 - shr \$16,$s2 - movzb `&hi("$s0")`,$acc2 - xor 3($sbox,$acc0,8),$t2 - shr \$16,$s3 - xor 3($sbox,$acc2,8),$t3 - - shr \$16,$s1 - lea 16($key),$key - shr \$16,$s0 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - xor 2($sbox,$acc0,8),$t0 - xor 2($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - movzb `&lo("$s1")`,$acc2 - xor 1($sbox,$acc0,8),$t0 - xor 1($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t3 - - mov 12($key),$s3 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - mov 0($key),$s0 - xor 1($sbox,$acc1,8),$t2 - xor 1($sbox,$acc2,8),$t3 - - mov 4($key),$s1 - mov 8($key),$s2 - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub enclastvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - movzb 2($sbox,$acc0,8),$t0 - movzb 2($sbox,$acc1,8),$t1 - movzb 2($sbox,$acc2,8),$t2 - - movzb `&lo("$s3")`,$acc0 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - movzb 2($sbox,$acc0,8),$t3 - mov 0($sbox,$acc1,8),$acc1 #$t0 - mov 0($sbox,$acc2,8),$acc2 #$t1 - - and \$0x0000ff00,$acc1 - and \$0x0000ff00,$acc2 - - xor $acc1,$t0 - xor $acc2,$t1 - shr \$16,$s2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - shr \$16,$s3 - mov 0($sbox,$acc0,8),$acc0 #$t2 - mov 0($sbox,$acc1,8),$acc1 #$t3 - - and \$0x0000ff00,$acc0 - and \$0x0000ff00,$acc1 - shr \$16,$s1 - xor $acc0,$t2 - xor $acc1,$t3 - shr \$16,$s0 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - mov 0($sbox,$acc0,8),$acc0 #$t0 - mov 0($sbox,$acc1,8),$acc1 #$t1 - mov 0($sbox,$acc2,8),$acc2 #$t2 - - and \$0x00ff0000,$acc0 - and \$0x00ff0000,$acc1 - and \$0x00ff0000,$acc2 - - xor $acc0,$t0 - xor $acc1,$t1 - xor $acc2,$t2 - - movzb `&lo("$s1")`,$acc0 - movzb `&hi("$s3")`,$acc1 - movzb `&hi("$s0")`,$acc2 - mov 0($sbox,$acc0,8),$acc0 #$t3 - mov 2($sbox,$acc1,8),$acc1 #$t0 - mov 2($sbox,$acc2,8),$acc2 #$t1 - - and \$0x00ff0000,$acc0 - and \$0xff000000,$acc1 - and \$0xff000000,$acc2 - - xor $acc0,$t3 - xor $acc1,$t0 - xor $acc2,$t1 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - mov 16+12($key),$s3 - mov 2($sbox,$acc0,8),$acc0 #$t2 - mov 2($sbox,$acc1,8),$acc1 #$t3 - mov 16+0($key),$s0 - - and \$0xff000000,$acc0 - and \$0xff000000,$acc1 - - xor $acc0,$t2 - xor $acc1,$t3 - - mov 16+4($key),$s1 - mov 16+8($key),$s2 - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub encstep() -{ my ($i, at s) = @_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - if ($i==3) { - $tmp0=$s[1]; - $tmp1=$s[2]; - $tmp2=$s[3]; - } - $code.=" movzb ".&lo($s[0]).",$out\n"; - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" lea 16($key),$key\n" if ($i==0); - - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" mov 0($sbox,$out,8),$out\n"; - - $code.=" shr \$16,$tmp1\n"; - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - $code.=" xor 3($sbox,$tmp0,8),$out\n"; - - $code.=" movzb ".&lo($tmp1).",$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - $code.=" xor 4*$i($key),$out\n"; - - $code.=" xor 2($sbox,$tmp1,8),$out\n"; - $code.=" xor 1($sbox,$tmp2,8),$out\n"; - - $code.=" mov $t0,$s[1]\n" if ($i==3); - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" mov $t2,$s[3]\n" if ($i==3); - $code.="\n"; -} - -sub enclast() -{ my ($i, at s)=@_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - if ($i==3) { - $tmp0=$s[1]; - $tmp1=$s[2]; - $tmp2=$s[3]; - } - $code.=" movzb ".&lo($s[0]).",$out\n"; - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - - $code.=" mov 2($sbox,$out,8),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $code.=" and \$0x000000ff,$out\n"; - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" movzb ".&lo($tmp1).",$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" mov 0($sbox,$tmp0,8),$tmp0\n"; - $code.=" mov 0($sbox,$tmp1,8),$tmp1\n"; - $code.=" mov 2($sbox,$tmp2,8),$tmp2\n"; - - $code.=" and \$0x0000ff00,$tmp0\n"; - $code.=" and \$0x00ff0000,$tmp1\n"; - $code.=" and \$0xff000000,$tmp2\n"; - - $code.=" xor $tmp0,$out\n"; - $code.=" mov $t0,$s[1]\n" if ($i==3); - $code.=" xor $tmp1,$out\n"; - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" xor $tmp2,$out\n"; - $code.=" mov $t2,$s[3]\n" if ($i==3); - $code.="\n"; -} - -$code.=<<___; -.type _x86_64_AES_encrypt,\@abi-omnipotent -.align 16 -_x86_64_AES_encrypt: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - - mov 240($key),$rnds # load key->rounds - sub \$1,$rnds - jmp .Lenc_loop -.align 16 -.Lenc_loop: -___ - if ($verticalspin) { &encvert(); } - else { &encstep(0,$s0,$s1,$s2,$s3); - &encstep(1,$s1,$s2,$s3,$s0); - &encstep(2,$s2,$s3,$s0,$s1); - &encstep(3,$s3,$s0,$s1,$s2); - } -$code.=<<___; - sub \$1,$rnds - jnz .Lenc_loop -___ - if ($verticalspin) { &enclastvert(); } - else { &enclast(0,$s0,$s1,$s2,$s3); - &enclast(1,$s1,$s2,$s3,$s0); - &enclast(2,$s2,$s3,$s0,$s1); - &enclast(3,$s3,$s0,$s1,$s2); - $code.=<<___; - xor 16+0($key),$s0 # xor with key - xor 16+4($key),$s1 - xor 16+8($key),$s2 - xor 16+12($key),$s3 -___ - } -$code.=<<___; - .byte 0xf3,0xc3 # rep ret -.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt -___ - -# it's possible to implement this by shifting tN by 8, filling least -# significant byte with byte load and finally bswap-ing at the end, -# but such partial register load kills Core 2... -sub enccompactvert() -{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - movzb `&lo("$s0")`,$t0 - movzb `&lo("$s1")`,$t1 - movzb `&lo("$s2")`,$t2 - movzb `&lo("$s3")`,$t3 - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - shr \$16,$s2 - movzb `&hi("$s3")`,$acc2 - movzb ($sbox,$t0,1),$t0 - movzb ($sbox,$t1,1),$t1 - movzb ($sbox,$t2,1),$t2 - movzb ($sbox,$t3,1),$t3 - - movzb ($sbox,$acc0,1),$t4 #$t0 - movzb `&hi("$s0")`,$acc0 - movzb ($sbox,$acc1,1),$t5 #$t1 - movzb `&lo("$s2")`,$acc1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - - shl \$8,$t4 - shr \$16,$s3 - shl \$8,$t5 - xor $t4,$t0 - shr \$16,$s0 - movzb `&lo("$s3")`,$t4 - shr \$16,$s1 - xor $t5,$t1 - shl \$8,$acc2 - movzb `&lo("$s0")`,$t5 - movzb ($sbox,$acc1,1),$acc1 #$t0 - xor $acc2,$t2 - - shl \$8,$acc0 - movzb `&lo("$s1")`,$acc2 - shl \$16,$acc1 - xor $acc0,$t3 - movzb ($sbox,$t4,1),$t4 #$t1 - movzb `&hi("$s3")`,$acc0 - movzb ($sbox,$t5,1),$t5 #$t2 - xor $acc1,$t0 - - shr \$8,$s2 - movzb `&hi("$s0")`,$acc1 - shl \$16,$t4 - shr \$8,$s1 - shl \$16,$t5 - xor $t4,$t1 - movzb ($sbox,$acc2,1),$acc2 #$t3 - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$acc1 #$t1 - movzb ($sbox,$s2,1),$s3 #$t3 - movzb ($sbox,$s1,1),$s2 #$t2 - - shl \$16,$acc2 - xor $t5,$t2 - shl \$24,$acc0 - xor $acc2,$t3 - shl \$24,$acc1 - xor $acc0,$t0 - shl \$24,$s3 - xor $acc1,$t1 - shl \$24,$s2 - mov $t0,$s0 - mov $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub enctransform_ref() -{ my $sn = shift; - my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - mov $sn,$acc - and \$0x80808080,$acc - mov $acc,$tmp - shr \$7,$tmp - lea ($sn,$sn),$r2 - sub $tmp,$acc - and \$0xfefefefe,$r2 - and \$0x1b1b1b1b,$acc - mov $sn,$tmp - xor $acc,$r2 - - xor $r2,$sn - rol \$24,$sn - xor $r2,$sn - ror \$16,$tmp - xor $tmp,$sn - ror \$8,$tmp - xor $tmp,$sn -___ -} - -# unlike decrypt case it does not pay off to parallelize enctransform -sub enctransform() -{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d"); - -$code.=<<___; - mov \$0x80808080,$t0 - mov \$0x80808080,$t1 - and $s0,$t0 - and $s1,$t1 - mov $t0,$acc0 - mov $t1,$acc1 - shr \$7,$t0 - lea ($s0,$s0),$r20 - shr \$7,$t1 - lea ($s1,$s1),$r21 - sub $t0,$acc0 - sub $t1,$acc1 - and \$0xfefefefe,$r20 - and \$0xfefefefe,$r21 - and \$0x1b1b1b1b,$acc0 - and \$0x1b1b1b1b,$acc1 - mov $s0,$t0 - mov $s1,$t1 - xor $acc0,$r20 - xor $acc1,$r21 - - xor $r20,$s0 - xor $r21,$s1 - mov \$0x80808080,$t2 - rol \$24,$s0 - mov \$0x80808080,$t3 - rol \$24,$s1 - and $s2,$t2 - and $s3,$t3 - xor $r20,$s0 - xor $r21,$s1 - mov $t2,$acc0 - ror \$16,$t0 - mov $t3,$acc1 - ror \$16,$t1 - lea ($s2,$s2),$r20 - shr \$7,$t2 - xor $t0,$s0 - shr \$7,$t3 - xor $t1,$s1 - ror \$8,$t0 - lea ($s3,$s3),$r21 - ror \$8,$t1 - sub $t2,$acc0 - sub $t3,$acc1 - xor $t0,$s0 - xor $t1,$s1 - - and \$0xfefefefe,$r20 - and \$0xfefefefe,$r21 - and \$0x1b1b1b1b,$acc0 - and \$0x1b1b1b1b,$acc1 - mov $s2,$t2 - mov $s3,$t3 - xor $acc0,$r20 - xor $acc1,$r21 - - ror \$16,$t2 - xor $r20,$s2 - ror \$16,$t3 - xor $r21,$s3 - rol \$24,$s2 - mov 0($sbox),$acc0 # prefetch Te4 - rol \$24,$s3 - xor $r20,$s2 - mov 64($sbox),$acc1 - xor $r21,$s3 - mov 128($sbox),$r20 - xor $t2,$s2 - ror \$8,$t2 - xor $t3,$s3 - ror \$8,$t3 - xor $t2,$s2 - mov 192($sbox),$r21 - xor $t3,$s3 -___ -} - -$code.=<<___; -.type _x86_64_AES_encrypt_compact,\@abi-omnipotent -.align 16 -_x86_64_AES_encrypt_compact: -.cfi_startproc - lea 128($sbox),$inp # size optimization - mov 0-128($inp),$acc1 # prefetch Te4 - mov 32-128($inp),$acc2 - mov 64-128($inp),$t0 - mov 96-128($inp),$t1 - mov 128-128($inp),$acc1 - mov 160-128($inp),$acc2 - mov 192-128($inp),$t0 - mov 224-128($inp),$t1 - jmp .Lenc_loop_compact -.align 16 -.Lenc_loop_compact: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - lea 16($key),$key -___ - &enccompactvert(); -$code.=<<___; - cmp 16(%rsp),$key - je .Lenc_compact_done -___ - &enctransform(); -$code.=<<___; - jmp .Lenc_loop_compact -.align 16 -.Lenc_compact_done: - xor 0($key),$s0 - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact -___ - -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); -$code.=<<___; -.globl AES_encrypt -.type AES_encrypt,\@function,3 -.align 16 -.globl asm_AES_encrypt -.hidden asm_AES_encrypt -asm_AES_encrypt: -AES_encrypt: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - # allocate frame "above" key schedule - lea -63(%rdx),%rcx # %rdx is key argument - and \$-64,%rsp - sub %rsp,%rcx - neg %rcx - and \$0x3c0,%rcx - sub %rcx,%rsp - sub \$32,%rsp - - mov %rsi,16(%rsp) # save out - mov %rax,24(%rsp) # save original stack pointer -.cfi_cfa_expression %rsp+24,deref,+8 -.Lenc_prologue: - - mov %rdx,$key - mov 240($key),$rnds # load rounds - - mov 0(%rdi),$s0 # load input vector - mov 4(%rdi),$s1 - mov 8(%rdi),$s2 - mov 12(%rdi),$s3 - - shl \$4,$rnds - lea ($key,$rnds),%rbp - mov $key,(%rsp) # key schedule - mov %rbp,8(%rsp) # end of key schedule - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - lea .LAES_Te+2048(%rip),$sbox - lea 768(%rsp),%rbp - sub $sbox,%rbp - and \$0x300,%rbp - lea ($sbox,%rbp),$sbox - - call _x86_64_AES_encrypt_compact - - mov 16(%rsp),$out # restore out - mov 24(%rsp),%rsi # restore saved stack pointer -.cfi_def_cfa %rsi,8 - mov $s0,0($out) # write output vector - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lenc_epilogue: - ret -.cfi_endproc -.size AES_encrypt,.-AES_encrypt -___ - -#------------------------------------------------------------------# - -sub decvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - # favor 3-way issue Opteron pipeline... - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - mov 0($sbox,$acc0,8),$t0 - mov 0($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - movzb `&lo("$s3")`,$acc2 - xor 3($sbox,$acc0,8),$t0 - xor 3($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t3 - - movzb `&hi("$s1")`,$acc0 - shr \$16,$s0 - movzb `&hi("$s2")`,$acc2 - xor 3($sbox,$acc0,8),$t2 - shr \$16,$s3 - xor 3($sbox,$acc2,8),$t3 - - shr \$16,$s1 - lea 16($key),$key - shr \$16,$s2 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - xor 2($sbox,$acc0,8),$t0 - xor 2($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t2 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - movzb `&lo("$s1")`,$acc2 - xor 1($sbox,$acc0,8),$t0 - xor 1($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t3 - - movzb `&hi("$s3")`,$acc0 - mov 12($key),$s3 - movzb `&hi("$s0")`,$acc2 - xor 1($sbox,$acc0,8),$t2 - mov 0($key),$s0 - xor 1($sbox,$acc2,8),$t3 - - xor $t0,$s0 - mov 4($key),$s1 - mov 8($key),$s2 - xor $t2,$s2 - xor $t1,$s1 - xor $t3,$s3 -___ -} - -sub declastvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - lea 2048($sbox),$sbox # size optimization - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - movzb ($sbox,$acc0,1),$t0 - movzb ($sbox,$acc1,1),$t1 - movzb ($sbox,$acc2,1),$t2 - - movzb `&lo("$s3")`,$acc0 - movzb `&hi("$s3")`,$acc1 - movzb `&hi("$s0")`,$acc2 - movzb ($sbox,$acc0,1),$t3 - movzb ($sbox,$acc1,1),$acc1 #$t0 - movzb ($sbox,$acc2,1),$acc2 #$t1 - - shl \$8,$acc1 - shl \$8,$acc2 - - xor $acc1,$t0 - xor $acc2,$t1 - shr \$16,$s3 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - shr \$16,$s0 - movzb ($sbox,$acc0,1),$acc0 #$t2 - movzb ($sbox,$acc1,1),$acc1 #$t3 - - shl \$8,$acc0 - shl \$8,$acc1 - shr \$16,$s1 - xor $acc0,$t2 - xor $acc1,$t3 - shr \$16,$s2 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$acc1 #$t1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - - shl \$16,$acc0 - shl \$16,$acc1 - shl \$16,$acc2 - - xor $acc0,$t0 - xor $acc1,$t1 - xor $acc2,$t2 - - movzb `&lo("$s1")`,$acc0 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - movzb ($sbox,$acc1,1),$acc1 #$t0 - movzb ($sbox,$acc2,1),$acc2 #$t1 - - shl \$16,$acc0 - shl \$24,$acc1 - shl \$24,$acc2 - - xor $acc0,$t3 - xor $acc1,$t0 - xor $acc2,$t1 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - mov 16+12($key),$s3 - movzb ($sbox,$acc0,1),$acc0 #$t2 - movzb ($sbox,$acc1,1),$acc1 #$t3 - mov 16+0($key),$s0 - - shl \$24,$acc0 - shl \$24,$acc1 - - xor $acc0,$t2 - xor $acc1,$t3 - - mov 16+4($key),$s1 - mov 16+8($key),$s2 - lea -2048($sbox),$sbox - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub decstep() -{ my ($i, at s) = @_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - $code.=" mov $s[0],$out\n" if ($i!=3); - $tmp1=$s[2] if ($i==3); - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" and \$0xFF,$out\n"; - - $code.=" mov 0($sbox,$out,8),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $tmp2=$s[3] if ($i==3); - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $tmp0=$s[1] if ($i==3); - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" and \$0xFF,$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" xor 3($sbox,$tmp0,8),$out\n"; - $code.=" xor 2($sbox,$tmp1,8),$out\n"; - $code.=" xor 1($sbox,$tmp2,8),$out\n"; - - $code.=" mov $t2,$s[1]\n" if ($i==3); - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" mov $t0,$s[3]\n" if ($i==3); - $code.="\n"; -} - -sub declast() -{ my ($i, at s)=@_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - $code.=" mov $s[0],$out\n" if ($i!=3); - $tmp1=$s[2] if ($i==3); - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" and \$0xFF,$out\n"; - - $code.=" movzb 2048($sbox,$out,1),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $tmp2=$s[3] if ($i==3); - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $tmp0=$s[1] if ($i==3); - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" and \$0xFF,$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n"; - $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n"; - $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n"; - - $code.=" shl \$8,$tmp0\n"; - $code.=" shl \$16,$tmp1\n"; - $code.=" shl \$24,$tmp2\n"; - - $code.=" xor $tmp0,$out\n"; - $code.=" mov $t2,$s[1]\n" if ($i==3); - $code.=" xor $tmp1,$out\n"; - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" xor $tmp2,$out\n"; - $code.=" mov $t0,$s[3]\n" if ($i==3); - $code.="\n"; -} - -$code.=<<___; -.type _x86_64_AES_decrypt,\@abi-omnipotent -.align 16 -_x86_64_AES_decrypt: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - - mov 240($key),$rnds # load key->rounds - sub \$1,$rnds - jmp .Ldec_loop -.align 16 -.Ldec_loop: -___ - if ($verticalspin) { &decvert(); } - else { &decstep(0,$s0,$s3,$s2,$s1); - &decstep(1,$s1,$s0,$s3,$s2); - &decstep(2,$s2,$s1,$s0,$s3); - &decstep(3,$s3,$s2,$s1,$s0); - $code.=<<___; - lea 16($key),$key - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 -___ - } -$code.=<<___; - sub \$1,$rnds - jnz .Ldec_loop -___ - if ($verticalspin) { &declastvert(); } - else { &declast(0,$s0,$s3,$s2,$s1); - &declast(1,$s1,$s0,$s3,$s2); - &declast(2,$s2,$s1,$s0,$s3); - &declast(3,$s3,$s2,$s1,$s0); - $code.=<<___; - xor 16+0($key),$s0 # xor with key - xor 16+4($key),$s1 - xor 16+8($key),$s2 - xor 16+12($key),$s3 -___ - } -$code.=<<___; - .byte 0xf3,0xc3 # rep ret -.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt -___ - -sub deccompactvert() -{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - movzb `&lo("$s0")`,$t0 - movzb `&lo("$s1")`,$t1 - movzb `&lo("$s2")`,$t2 - movzb `&lo("$s3")`,$t3 - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - shr \$16,$s3 - movzb `&hi("$s1")`,$acc2 - movzb ($sbox,$t0,1),$t0 - movzb ($sbox,$t1,1),$t1 - movzb ($sbox,$t2,1),$t2 - movzb ($sbox,$t3,1),$t3 - - movzb ($sbox,$acc0,1),$t4 #$t0 - movzb `&hi("$s2")`,$acc0 - movzb ($sbox,$acc1,1),$t5 #$t1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - - shr \$16,$s2 - shl \$8,$t5 - shl \$8,$t4 - movzb `&lo("$s2")`,$acc1 - shr \$16,$s0 - xor $t4,$t0 - shr \$16,$s1 - movzb `&lo("$s3")`,$t4 - - shl \$8,$acc2 - xor $t5,$t1 - shl \$8,$acc0 - movzb `&lo("$s0")`,$t5 - movzb ($sbox,$acc1,1),$acc1 #$t0 - xor $acc2,$t2 - movzb `&lo("$s1")`,$acc2 - - shl \$16,$acc1 - xor $acc0,$t3 - movzb ($sbox,$t4,1),$t4 #$t1 - movzb `&hi("$s1")`,$acc0 - movzb ($sbox,$acc2,1),$acc2 #$t3 - xor $acc1,$t0 - movzb ($sbox,$t5,1),$t5 #$t2 - movzb `&hi("$s2")`,$acc1 - - shl \$16,$acc2 - shl \$16,$t4 - shl \$16,$t5 - xor $acc2,$t3 - movzb `&hi("$s3")`,$acc2 - xor $t4,$t1 - shr \$8,$s0 - xor $t5,$t2 - - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$s1 #$t1 - movzb ($sbox,$acc2,1),$s2 #$t2 - movzb ($sbox,$s0,1),$s3 #$t3 - - mov $t0,$s0 - shl \$24,$acc0 - shl \$24,$s1 - shl \$24,$s2 - xor $acc0,$s0 - shl \$24,$s3 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -# parallelized version! input is pair of 64-bit values: %rax=s1.s0 -# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1, -# %ecx=s2 and %edx=s3. -sub dectransform() -{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx"); - my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx"); - my $prefetch = shift; - -$code.=<<___; - mov $mask80,$tp40 - mov $mask80,$tp48 - and $tp10,$tp40 - and $tp18,$tp48 - mov $tp40,$acc0 - mov $tp48,$acc8 - shr \$7,$tp40 - lea ($tp10,$tp10),$tp20 - shr \$7,$tp48 - lea ($tp18,$tp18),$tp28 - sub $tp40,$acc0 - sub $tp48,$acc8 - and $maskfe,$tp20 - and $maskfe,$tp28 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp20 - xor $acc8,$tp28 - mov $mask80,$tp80 - mov $mask80,$tp88 - - and $tp20,$tp80 - and $tp28,$tp88 - mov $tp80,$acc0 - mov $tp88,$acc8 - shr \$7,$tp80 - lea ($tp20,$tp20),$tp40 - shr \$7,$tp88 - lea ($tp28,$tp28),$tp48 - sub $tp80,$acc0 - sub $tp88,$acc8 - and $maskfe,$tp40 - and $maskfe,$tp48 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp40 - xor $acc8,$tp48 - mov $mask80,$tp80 - mov $mask80,$tp88 - - and $tp40,$tp80 - and $tp48,$tp88 - mov $tp80,$acc0 - mov $tp88,$acc8 - shr \$7,$tp80 - xor $tp10,$tp20 # tp2^=tp1 - shr \$7,$tp88 - xor $tp18,$tp28 # tp2^=tp1 - sub $tp80,$acc0 - sub $tp88,$acc8 - lea ($tp40,$tp40),$tp80 - lea ($tp48,$tp48),$tp88 - xor $tp10,$tp40 # tp4^=tp1 - xor $tp18,$tp48 # tp4^=tp1 - and $maskfe,$tp80 - and $maskfe,$tp88 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp80 - xor $acc8,$tp88 - - xor $tp80,$tp10 # tp1^=tp8 - xor $tp88,$tp18 # tp1^=tp8 - xor $tp80,$tp20 # tp2^tp1^=tp8 - xor $tp88,$tp28 # tp2^tp1^=tp8 - mov $tp10,$acc0 - mov $tp18,$acc8 - xor $tp80,$tp40 # tp4^tp1^=tp8 - shr \$32,$acc0 - xor $tp88,$tp48 # tp4^tp1^=tp8 - shr \$32,$acc8 - xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1 - rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8) - xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1 - rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8) - xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 - rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8) - xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 - - rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8) - xor `&LO("$tp80")`,`&LO("$tp10")` - shr \$32,$tp80 - xor `&LO("$tp88")`,`&LO("$tp18")` - shr \$32,$tp88 - xor `&LO("$tp80")`,`&LO("$acc0")` - xor `&LO("$tp88")`,`&LO("$acc8")` - - mov $tp20,$tp80 - rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24) - mov $tp28,$tp88 - rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24) - shr \$32,$tp80 - xor `&LO("$tp20")`,`&LO("$tp10")` - shr \$32,$tp88 - xor `&LO("$tp28")`,`&LO("$tp18")` - rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24) - mov $tp40,$tp20 - rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24) - mov $tp48,$tp28 - shr \$32,$tp20 - xor `&LO("$tp80")`,`&LO("$acc0")` - shr \$32,$tp28 - xor `&LO("$tp88")`,`&LO("$acc8")` - - `"mov 0($sbox),$mask80" if ($prefetch)` - rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16) - `"mov 64($sbox),$maskfe" if ($prefetch)` - rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16) - `"mov 128($sbox),$mask1b" if ($prefetch)` - rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16) - `"mov 192($sbox),$tp80" if ($prefetch)` - xor `&LO("$tp40")`,`&LO("$tp10")` - rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16) - xor `&LO("$tp48")`,`&LO("$tp18")` - `"mov 256($sbox),$tp88" if ($prefetch)` - xor `&LO("$tp20")`,`&LO("$acc0")` - xor `&LO("$tp28")`,`&LO("$acc8")` -___ -} - -$code.=<<___; -.type _x86_64_AES_decrypt_compact,\@abi-omnipotent -.align 16 -_x86_64_AES_decrypt_compact: -.cfi_startproc - lea 128($sbox),$inp # size optimization - mov 0-128($inp),$acc1 # prefetch Td4 - mov 32-128($inp),$acc2 - mov 64-128($inp),$t0 - mov 96-128($inp),$t1 - mov 128-128($inp),$acc1 - mov 160-128($inp),$acc2 - mov 192-128($inp),$t0 - mov 224-128($inp),$t1 - jmp .Ldec_loop_compact - -.align 16 -.Ldec_loop_compact: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - lea 16($key),$key -___ - &deccompactvert(); -$code.=<<___; - cmp 16(%rsp),$key - je .Ldec_compact_done - - mov 256+0($sbox),$mask80 - shl \$32,%rbx - shl \$32,%rdx - mov 256+8($sbox),$maskfe - or %rbx,%rax - or %rdx,%rcx - mov 256+16($sbox),$mask1b -___ - &dectransform(1); -$code.=<<___; - jmp .Ldec_loop_compact -.align 16 -.Ldec_compact_done: - xor 0($key),$s0 - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact -___ - -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -$code.=<<___; -.globl AES_decrypt -.type AES_decrypt,\@function,3 -.align 16 -.globl asm_AES_decrypt -.hidden asm_AES_decrypt -asm_AES_decrypt: -AES_decrypt: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - # allocate frame "above" key schedule - lea -63(%rdx),%rcx # %rdx is key argument - and \$-64,%rsp - sub %rsp,%rcx - neg %rcx - and \$0x3c0,%rcx - sub %rcx,%rsp - sub \$32,%rsp - - mov %rsi,16(%rsp) # save out - mov %rax,24(%rsp) # save original stack pointer -.cfi_cfa_expression %rsp+24,deref,+8 -.Ldec_prologue: - - mov %rdx,$key - mov 240($key),$rnds # load rounds - - mov 0(%rdi),$s0 # load input vector - mov 4(%rdi),$s1 - mov 8(%rdi),$s2 - mov 12(%rdi),$s3 - - shl \$4,$rnds - lea ($key,$rnds),%rbp - mov $key,(%rsp) # key schedule - mov %rbp,8(%rsp) # end of key schedule - - # pick Td4 copy which can't "overlap" with stack frame or key schedule - lea .LAES_Td+2048(%rip),$sbox - lea 768(%rsp),%rbp - sub $sbox,%rbp - and \$0x300,%rbp - lea ($sbox,%rbp),$sbox - shr \$3,%rbp # recall "magic" constants! - add %rbp,$sbox - - call _x86_64_AES_decrypt_compact - - mov 16(%rsp),$out # restore out - mov 24(%rsp),%rsi # restore saved stack pointer -.cfi_def_cfa %rsi,8 - mov $s0,0($out) # write output vector - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Ldec_epilogue: - ret -.cfi_endproc -.size AES_decrypt,.-AES_decrypt -___ -#------------------------------------------------------------------# - -sub enckey() -{ -$code.=<<___; - movz %dl,%esi # rk[i]>>0 - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[i]>>8 - shl \$24,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shr \$16,%edx - movz %dl,%esi # rk[i]>>16 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[i]>>24 - shl \$8,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shl \$16,%ebx - xor %ebx,%eax - - xor 1024-128(%rbp,%rcx,4),%eax # rcon -___ -} - -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -$code.=<<___; -.globl AES_set_encrypt_key -.type AES_set_encrypt_key,\@function,3 -.align 16 -AES_set_encrypt_key: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 # redundant, but allows to share -.cfi_push %r12 - push %r13 # exception handler... -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$8,%rsp -.cfi_adjust_cfa_offset 8 -.Lenc_key_prologue: - - call _x86_64_AES_set_encrypt_key - - mov 40(%rsp),%rbp -.cfi_restore %rbp - mov 48(%rsp),%rbx -.cfi_restore %rbx - add \$56,%rsp -.cfi_adjust_cfa_offset -56 -.Lenc_key_epilogue: - ret -.cfi_endproc -.size AES_set_encrypt_key,.-AES_set_encrypt_key - -.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent -.align 16 -_x86_64_AES_set_encrypt_key: -.cfi_startproc - mov %esi,%ecx # %ecx=bits - mov %rdi,%rsi # %rsi=userKey - mov %rdx,%rdi # %rdi=key - - test \$-1,%rsi - jz .Lbadpointer - test \$-1,%rdi - jz .Lbadpointer - - lea .LAES_Te(%rip),%rbp - lea 2048+128(%rbp),%rbp - - # prefetch Te4 - mov 0-128(%rbp),%eax - mov 32-128(%rbp),%ebx - mov 64-128(%rbp),%r8d - mov 96-128(%rbp),%edx - mov 128-128(%rbp),%eax - mov 160-128(%rbp),%ebx - mov 192-128(%rbp),%r8d - mov 224-128(%rbp),%edx - - cmp \$128,%ecx - je .L10rounds - cmp \$192,%ecx - je .L12rounds - cmp \$256,%ecx - je .L14rounds - mov \$-2,%rax # invalid number of bits - jmp .Lexit - -.L10rounds: - mov 0(%rsi),%rax # copy first 4 dwords - mov 8(%rsi),%rdx - mov %rax,0(%rdi) - mov %rdx,8(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L10shortcut -.align 4 -.L10loop: - mov 0(%rdi),%eax # rk[0] - mov 12(%rdi),%edx # rk[3] -.L10shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,16(%rdi) # rk[4] - xor 4(%rdi),%eax - mov %eax,20(%rdi) # rk[5] - xor 8(%rdi),%eax - mov %eax,24(%rdi) # rk[6] - xor 12(%rdi),%eax - mov %eax,28(%rdi) # rk[7] - add \$1,%ecx - lea 16(%rdi),%rdi - cmp \$10,%ecx - jl .L10loop - - movl \$10,80(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.L12rounds: - mov 0(%rsi),%rax # copy first 6 dwords - mov 8(%rsi),%rbx - mov 16(%rsi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rdx,16(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L12shortcut -.align 4 -.L12loop: - mov 0(%rdi),%eax # rk[0] - mov 20(%rdi),%edx # rk[5] -.L12shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,24(%rdi) # rk[6] - xor 4(%rdi),%eax - mov %eax,28(%rdi) # rk[7] - xor 8(%rdi),%eax - mov %eax,32(%rdi) # rk[8] - xor 12(%rdi),%eax - mov %eax,36(%rdi) # rk[9] - - cmp \$7,%ecx - je .L12break - add \$1,%ecx - - xor 16(%rdi),%eax - mov %eax,40(%rdi) # rk[10] - xor 20(%rdi),%eax - mov %eax,44(%rdi) # rk[11] - - lea 24(%rdi),%rdi - jmp .L12loop -.L12break: - movl \$12,72(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.L14rounds: - mov 0(%rsi),%rax # copy first 8 dwords - mov 8(%rsi),%rbx - mov 16(%rsi),%rcx - mov 24(%rsi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rcx,16(%rdi) - mov %rdx,24(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L14shortcut -.align 4 -.L14loop: - mov 0(%rdi),%eax # rk[0] - mov 28(%rdi),%edx # rk[4] -.L14shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,32(%rdi) # rk[8] - xor 4(%rdi),%eax - mov %eax,36(%rdi) # rk[9] - xor 8(%rdi),%eax - mov %eax,40(%rdi) # rk[10] - xor 12(%rdi),%eax - mov %eax,44(%rdi) # rk[11] - - cmp \$6,%ecx - je .L14break - add \$1,%ecx - - mov %eax,%edx - mov 16(%rdi),%eax # rk[4] - movz %dl,%esi # rk[11]>>0 - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[11]>>8 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shr \$16,%edx - shl \$8,%ebx - movz %dl,%esi # rk[11]>>16 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[11]>>24 - shl \$16,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shl \$24,%ebx - xor %ebx,%eax - - mov %eax,48(%rdi) # rk[12] - xor 20(%rdi),%eax - mov %eax,52(%rdi) # rk[13] - xor 24(%rdi),%eax - mov %eax,56(%rdi) # rk[14] - xor 28(%rdi),%eax - mov %eax,60(%rdi) # rk[15] - - lea 32(%rdi),%rdi - jmp .L14loop -.L14break: - movl \$14,48(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.Lbadpointer: - mov \$-1,%rax -.Lexit: - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key -___ - -sub deckey_ref() -{ my ($i,$ptr,$te,$td) = @_; - my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d"); -$code.=<<___; - mov $i($ptr),$tp1 - mov $tp1,$acc - and \$0x80808080,$acc - mov $acc,$tp4 - shr \$7,$tp4 - lea 0($tp1,$tp1),$tp2 - sub $tp4,$acc - and \$0xfefefefe,$tp2 - and \$0x1b1b1b1b,$acc - xor $tp2,$acc - mov $acc,$tp2 - - and \$0x80808080,$acc - mov $acc,$tp8 - shr \$7,$tp8 - lea 0($tp2,$tp2),$tp4 - sub $tp8,$acc - and \$0xfefefefe,$tp4 - and \$0x1b1b1b1b,$acc - xor $tp1,$tp2 # tp2^tp1 - xor $tp4,$acc - mov $acc,$tp4 - - and \$0x80808080,$acc - mov $acc,$tp8 - shr \$7,$tp8 - sub $tp8,$acc - lea 0($tp4,$tp4),$tp8 - xor $tp1,$tp4 # tp4^tp1 - and \$0xfefefefe,$tp8 - and \$0x1b1b1b1b,$acc - xor $acc,$tp8 - - xor $tp8,$tp1 # tp1^tp8 - rol \$8,$tp1 # ROTATE(tp1^tp8,8) - xor $tp8,$tp2 # tp2^tp1^tp8 - xor $tp8,$tp4 # tp4^tp1^tp8 - xor $tp2,$tp8 - xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2 - - xor $tp8,$tp1 - rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24) - xor $tp2,$tp1 - rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16) - xor $tp4,$tp1 - - mov $tp1,$i($ptr) -___ -} - -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -$code.=<<___; -.globl AES_set_decrypt_key -.type AES_set_decrypt_key,\@function,3 -.align 16 -AES_set_decrypt_key: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - push %rdx # save key schedule -.cfi_adjust_cfa_offset 8 -.Ldec_key_prologue: - - call _x86_64_AES_set_encrypt_key - mov (%rsp),%r8 # restore key schedule - cmp \$0,%eax - jne .Labort - - mov 240(%r8),%r14d # pull number of rounds - xor %rdi,%rdi - lea (%rdi,%r14d,4),%rcx - mov %r8,%rsi - lea (%r8,%rcx,4),%rdi # pointer to last chunk -.align 4 -.Linvert: - mov 0(%rsi),%rax - mov 8(%rsi),%rbx - mov 0(%rdi),%rcx - mov 8(%rdi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rcx,0(%rsi) - mov %rdx,8(%rsi) - lea 16(%rsi),%rsi - lea -16(%rdi),%rdi - cmp %rsi,%rdi - jne .Linvert - - lea .LAES_Te+2048+1024(%rip),%rax # rcon - - mov 40(%rax),$mask80 - mov 48(%rax),$maskfe - mov 56(%rax),$mask1b - - mov %r8,$key - sub \$1,%r14d -.align 4 -.Lpermute: - lea 16($key),$key - mov 0($key),%rax - mov 8($key),%rcx -___ - &dectransform (); -$code.=<<___; - mov %eax,0($key) - mov %ebx,4($key) - mov %ecx,8($key) - mov %edx,12($key) - sub \$1,%r14d - jnz .Lpermute - - xor %rax,%rax -.Labort: - mov 8(%rsp),%r15 -.cfi_restore %r15 - mov 16(%rsp),%r14 -.cfi_restore %r14 - mov 24(%rsp),%r13 -.cfi_restore %r13 - mov 32(%rsp),%r12 -.cfi_restore %r12 - mov 40(%rsp),%rbp -.cfi_restore %rbp - mov 48(%rsp),%rbx -.cfi_restore %rbx - add \$56,%rsp -.cfi_adjust_cfa_offset -56 -.Ldec_key_epilogue: - ret -.cfi_endproc -.size AES_set_decrypt_key,.-AES_set_decrypt_key -___ - -# void AES_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -8(%rsp) return address -my $keyp="0(%rsp)"; # one to pass as $key -my $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds]) -my $_rsp="16(%rsp)"; # saved %rsp -my $_inp="24(%rsp)"; # copy of 1st parameter, inp -my $_out="32(%rsp)"; # copy of 2nd parameter, out -my $_len="40(%rsp)"; # copy of 3rd parameter, length -my $_key="48(%rsp)"; # copy of 4th parameter, key -my $_ivp="56(%rsp)"; # copy of 5th parameter, ivp -my $ivec="64(%rsp)"; # ivec[16] -my $aes_key="80(%rsp)"; # copy of aes_key -my $mark="80+240(%rsp)"; # copy of aes_key->rounds - -$code.=<<___; -.globl AES_cbc_encrypt -.type AES_cbc_encrypt,\@function,6 -.align 16 -.extern OPENSSL_ia32cap_P -.globl asm_AES_cbc_encrypt -.hidden asm_AES_cbc_encrypt -asm_AES_cbc_encrypt: -AES_cbc_encrypt: -.cfi_startproc - cmp \$0,%rdx # check length - je .Lcbc_epilogue - pushfq -# This could be .cfi_push 49, but libunwind fails on registers it does not -# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. -.cfi_adjust_cfa_offset 8 - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lcbc_prologue: - - cld - mov %r9d,%r9d # clear upper half of enc - - lea .LAES_Te(%rip),$sbox - lea .LAES_Td(%rip),%r10 - cmp \$0,%r9 - cmoveq %r10,$sbox - -.cfi_remember_state - mov OPENSSL_ia32cap_P(%rip),%r10d - cmp \$$speed_limit,%rdx - jb .Lcbc_slow_prologue - test \$15,%rdx - jnz .Lcbc_slow_prologue - bt \$28,%r10d - jc .Lcbc_slow_prologue - - # allocate aligned stack frame... - lea -88-248(%rsp),$key - and \$-64,$key - - # ... and make sure it doesn't alias with AES_T[ed] modulo 4096 - mov $sbox,%r10 - lea 2304($sbox),%r11 - mov $key,%r12 - and \$0xFFF,%r10 # s = $sbox&0xfff - and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff - and \$0xFFF,%r12 # p = %rsp&0xfff - - cmp %r11,%r12 # if (p=>e) %rsp =- (p-e); - jb .Lcbc_te_break_out - sub %r11,%r12 - sub %r12,$key - jmp .Lcbc_te_ok -.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz - sub %r10,%r12 - and \$0xFFF,%r12 - add \$320,%r12 - sub %r12,$key -.align 4 -.Lcbc_te_ok: - - xchg %rsp,$key -.cfi_def_cfa_register $key - #add \$8,%rsp # reserve for return address! - mov $key,$_rsp # save %rsp -.cfi_cfa_expression $_rsp,deref,+64 -.Lcbc_fast_body: - mov %rdi,$_inp # save copy of inp - mov %rsi,$_out # save copy of out - mov %rdx,$_len # save copy of len - mov %rcx,$_key # save copy of key - mov %r8,$_ivp # save copy of ivp - movl \$0,$mark # copy of aes_key->rounds = 0; - mov %r8,%rbp # rearrange input arguments - mov %r9,%rbx - mov %rsi,$out - mov %rdi,$inp - mov %rcx,$key - - mov 240($key),%eax # key->rounds - # do we copy key schedule to stack? - mov $key,%r10 - sub $sbox,%r10 - and \$0xfff,%r10 - cmp \$2304,%r10 - jb .Lcbc_do_ecopy - cmp \$4096-248,%r10 - jb .Lcbc_skip_ecopy -.align 4 -.Lcbc_do_ecopy: - mov $key,%rsi - lea $aes_key,%rdi - lea $aes_key,$key - mov \$240/8,%ecx - .long 0x90A548F3 # rep movsq - mov %eax,(%rdi) # copy aes_key->rounds -.Lcbc_skip_ecopy: - mov $key,$keyp # save key pointer - - mov \$18,%ecx -.align 4 -.Lcbc_prefetch_te: - mov 0($sbox),%r10 - mov 32($sbox),%r11 - mov 64($sbox),%r12 - mov 96($sbox),%r13 - lea 128($sbox),$sbox - sub \$1,%ecx - jnz .Lcbc_prefetch_te - lea -2304($sbox),$sbox - - cmp \$0,%rbx - je .LFAST_DECRYPT - -#----------------------------- ENCRYPT -----------------------------# - mov 0(%rbp),$s0 # load iv - mov 4(%rbp),$s1 - mov 8(%rbp),$s2 - mov 12(%rbp),$s3 - -.align 4 -.Lcbc_fast_enc_loop: - xor 0($inp),$s0 - xor 4($inp),$s1 - xor 8($inp),$s2 - xor 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_encrypt - - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 - mov $s0,0($out) - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - sub \$16,%r10 - test \$-16,%r10 - mov %r10,$_len - jnz .Lcbc_fast_enc_loop - mov $_ivp,%rbp # restore ivp - mov $s0,0(%rbp) # save ivec - mov $s1,4(%rbp) - mov $s2,8(%rbp) - mov $s3,12(%rbp) - - jmp .Lcbc_fast_cleanup - -#----------------------------- DECRYPT -----------------------------# -.align 16 -.LFAST_DECRYPT: - cmp $inp,$out - je .Lcbc_fast_dec_in_place - - mov %rbp,$ivec -.align 4 -.Lcbc_fast_dec_loop: - mov 0($inp),$s0 # read input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_decrypt - - mov $ivec,%rbp # load ivp - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 # load len - xor 0(%rbp),$s0 # xor iv - xor 4(%rbp),$s1 - xor 8(%rbp),$s2 - xor 12(%rbp),$s3 - mov $inp,%rbp # current input, next iv - - sub \$16,%r10 - mov %r10,$_len # update len - mov %rbp,$ivec # update ivp - - mov $s0,0($out) # write output - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - jnz .Lcbc_fast_dec_loop - mov $_ivp,%r12 # load user ivp - mov 0(%rbp),%r10 # load iv - mov 8(%rbp),%r11 - mov %r10,0(%r12) # copy back to user - mov %r11,8(%r12) - jmp .Lcbc_fast_cleanup - -.align 16 -.Lcbc_fast_dec_in_place: - mov 0(%rbp),%r10 # copy iv to stack - mov 8(%rbp),%r11 - mov %r10,0+$ivec - mov %r11,8+$ivec -.align 4 -.Lcbc_fast_dec_in_place_loop: - mov 0($inp),$s0 # load input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_decrypt - - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 - xor 0+$ivec,$s0 - xor 4+$ivec,$s1 - xor 8+$ivec,$s2 - xor 12+$ivec,$s3 - - mov 0($inp),%r11 # load input - mov 8($inp),%r12 - sub \$16,%r10 - jz .Lcbc_fast_dec_in_place_done - - mov %r11,0+$ivec # copy input to iv - mov %r12,8+$ivec - - mov $s0,0($out) # save output [zaps input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - mov %r10,$_len - jmp .Lcbc_fast_dec_in_place_loop -.Lcbc_fast_dec_in_place_done: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0($out) # save output [zaps input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - -.align 4 -.Lcbc_fast_cleanup: - cmpl \$0,$mark # was the key schedule copied? - lea $aes_key,%rdi - je .Lcbc_exit - mov \$240/8,%ecx - xor %rax,%rax - .long 0x90AB48F3 # rep stosq - - jmp .Lcbc_exit - -#--------------------------- SLOW ROUTINE ---------------------------# -.align 16 -.Lcbc_slow_prologue: -.cfi_restore_state - # allocate aligned stack frame... - lea -88(%rsp),%rbp - and \$-64,%rbp - # ... just "above" key schedule - lea -88-63(%rcx),%r10 - sub %rbp,%r10 - neg %r10 - and \$0x3c0,%r10 - sub %r10,%rbp - - xchg %rsp,%rbp -.cfi_def_cfa_register %rbp - #add \$8,%rsp # reserve for return address! - mov %rbp,$_rsp # save %rsp -.cfi_cfa_expression $_rsp,deref,+64 -.Lcbc_slow_body: - #mov %rdi,$_inp # save copy of inp - #mov %rsi,$_out # save copy of out - #mov %rdx,$_len # save copy of len - #mov %rcx,$_key # save copy of key - mov %r8,$_ivp # save copy of ivp - mov %r8,%rbp # rearrange input arguments - mov %r9,%rbx - mov %rsi,$out - mov %rdi,$inp - mov %rcx,$key - mov %rdx,%r10 - - mov 240($key),%eax - mov $key,$keyp # save key pointer - shl \$4,%eax - lea ($key,%rax),%rax - mov %rax,$keyend - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - lea 2048($sbox),$sbox - lea 768-8(%rsp),%rax - sub $sbox,%rax - and \$0x300,%rax - lea ($sbox,%rax),$sbox - - cmp \$0,%rbx - je .LSLOW_DECRYPT - -#--------------------------- SLOW ENCRYPT ---------------------------# - test \$-16,%r10 # check upon length - mov 0(%rbp),$s0 # load iv - mov 4(%rbp),$s1 - mov 8(%rbp),$s2 - mov 12(%rbp),$s3 - jz .Lcbc_slow_enc_tail # short input... - -.align 4 -.Lcbc_slow_enc_loop: - xor 0($inp),$s0 - xor 4($inp),$s1 - xor 8($inp),$s2 - xor 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # save inp - mov $out,$_out # save out - mov %r10,$_len # save len - - call _x86_64_AES_encrypt_compact - - mov $_inp,$inp # restore inp - mov $_out,$out # restore out - mov $_len,%r10 # restore len - mov $s0,0($out) - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - sub \$16,%r10 - test \$-16,%r10 - jnz .Lcbc_slow_enc_loop - test \$15,%r10 - jnz .Lcbc_slow_enc_tail - mov $_ivp,%rbp # restore ivp - mov $s0,0(%rbp) # save ivec - mov $s1,4(%rbp) - mov $s2,8(%rbp) - mov $s3,12(%rbp) - - jmp .Lcbc_exit - -.align 4 -.Lcbc_slow_enc_tail: - mov %rax,%r11 - mov %rcx,%r12 - mov %r10,%rcx - mov $inp,%rsi - mov $out,%rdi - .long 0x9066A4F3 # rep movsb - mov \$16,%rcx # zero tail - sub %r10,%rcx - xor %rax,%rax - .long 0x9066AAF3 # rep stosb - mov $out,$inp # this is not a mistake! - mov \$16,%r10 # len=16 - mov %r11,%rax - mov %r12,%rcx - jmp .Lcbc_slow_enc_loop # one more spin... -#--------------------------- SLOW DECRYPT ---------------------------# -.align 16 -.LSLOW_DECRYPT: - shr \$3,%rax - add %rax,$sbox # recall "magic" constants! - - mov 0(%rbp),%r11 # copy iv to stack - mov 8(%rbp),%r12 - mov %r11,0+$ivec - mov %r12,8+$ivec - -.align 4 -.Lcbc_slow_dec_loop: - mov 0($inp),$s0 # load input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # save inp - mov $out,$_out # save out - mov %r10,$_len # save len - - call _x86_64_AES_decrypt_compact - - mov $_inp,$inp # restore inp - mov $_out,$out # restore out - mov $_len,%r10 - xor 0+$ivec,$s0 - xor 4+$ivec,$s1 - xor 8+$ivec,$s2 - xor 12+$ivec,$s3 - - mov 0($inp),%r11 # load input - mov 8($inp),%r12 - sub \$16,%r10 - jc .Lcbc_slow_dec_partial - jz .Lcbc_slow_dec_done - - mov %r11,0+$ivec # copy input to iv - mov %r12,8+$ivec - - mov $s0,0($out) # save output [can zap input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - jmp .Lcbc_slow_dec_loop -.Lcbc_slow_dec_done: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0($out) # save output [can zap input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - jmp .Lcbc_exit - -.align 4 -.Lcbc_slow_dec_partial: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0+$ivec # save output to stack - mov $s1,4+$ivec - mov $s2,8+$ivec - mov $s3,12+$ivec - - mov $out,%rdi - lea $ivec,%rsi - lea 16(%r10),%rcx - .long 0x9066A4F3 # rep movsb - jmp .Lcbc_exit - -.align 16 -.Lcbc_exit: - mov $_rsp,%rsi -.cfi_def_cfa %rsi,64 - mov (%rsi),%r15 -.cfi_restore %r15 - mov 8(%rsi),%r14 -.cfi_restore %r14 - mov 16(%rsi),%r13 -.cfi_restore %r13 - mov 24(%rsi),%r12 -.cfi_restore %r12 - mov 32(%rsi),%rbp -.cfi_restore %rbp - mov 40(%rsi),%rbx -.cfi_restore %rbx - lea 48(%rsi),%rsp -.cfi_def_cfa %rsp,16 -.Lcbc_popfq: - popfq -# This could be .cfi_pop 49, but libunwind fails on registers it does not -# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. -.cfi_adjust_cfa_offset -8 -.Lcbc_epilogue: - ret -.cfi_endproc -.size AES_cbc_encrypt,.-AES_cbc_encrypt -___ -} - -$code.=<<___; -.align 64 -.LAES_Te: -___ - &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); - &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); - &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); - &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); - &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); - &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); - &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); - &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); - &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); - &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); - &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); - &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); - &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); - &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); - &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); - &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); - &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); - &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); - &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); - &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); - &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); - &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); - &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); - &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); - &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); - &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); - &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); - &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); - &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); - &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); - &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); - &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); - &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); - &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); - &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); - &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); - &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); - &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); - &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); - &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); - &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); - &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); - &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); - &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); - &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); - &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); - &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); - &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); - &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); - &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); - &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); - &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); - &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); - &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); - &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); - &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); - &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); - &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); - &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); - &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); - &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); - &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); - &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); - &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); - -#Te4 # four copies of Te4 to choose from to avoid L1 aliasing - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); -#rcon: -$code.=<<___; - .long 0x00000001, 0x00000002, 0x00000004, 0x00000008 - .long 0x00000010, 0x00000020, 0x00000040, 0x00000080 - .long 0x0000001b, 0x00000036, 0x80808080, 0x80808080 - .long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b -___ -$code.=<<___; -.align 64 -.LAES_Td: -___ - &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); - &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); - &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); - &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); - &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); - &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); - &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); - &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); - &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); - &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); - &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); - &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); - &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); - &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); - &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); - &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); - &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); - &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); - &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); - &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); - &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); - &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); - &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); - &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); - &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); - &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); - &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); - &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); - &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); - &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); - &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); - &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); - &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); - &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); - &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); - &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); - &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); - &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); - &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); - &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); - &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); - &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); - &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); - &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); - &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); - &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); - &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); - &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); - &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); - &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); - &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); - &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); - &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); - &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); - &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); - &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); - &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); - &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); - &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); - &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); - &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); - &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); - &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); - &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); - -#Td4: # four copies of Td4 to choose from to avoid L1 aliasing - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -.asciz "AES for x86_64, CRYPTOGAMS by " -.align 64 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type block_se_handler,\@abi-omnipotent -.align 16 -block_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_block_prologue - - mov 24(%rax),%rax # pull saved real stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_block_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size block_se_handler,.-block_se_handler - -.type key_se_handler,\@abi-omnipotent -.align 16 -key_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_key_prologue - - lea 56(%rax),%rax - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_key_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size key_se_handler,.-key_se_handler - -.type cbc_se_handler,\@abi-omnipotent -.align 16 -cbc_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lcbc_prologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_prologue - jb .Lin_cbc_prologue - - lea .Lcbc_fast_body(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_fast_body - jb .Lin_cbc_frame_setup - - lea .Lcbc_slow_prologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_slow_prologue - jb .Lin_cbc_body - - lea .Lcbc_slow_body(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_slow_body - jb .Lin_cbc_frame_setup - -.Lin_cbc_body: - mov 152($context),%rax # pull context->Rsp - - lea .Lcbc_epilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lcbc_epilogue - jae .Lin_cbc_prologue - - lea 8(%rax),%rax - - lea .Lcbc_popfq(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lcbc_popfq - jae .Lin_cbc_prologue - - mov `16-8`(%rax),%rax # biased $_rsp - lea 56(%rax),%rax - -.Lin_cbc_frame_setup: - mov -16(%rax),%rbx - mov -24(%rax),%rbp - mov -32(%rax),%r12 - mov -40(%rax),%r13 - mov -48(%rax),%r14 - mov -56(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_cbc_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - -.Lcommon_seh_exit: - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size cbc_se_handler,.-cbc_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_AES_encrypt - .rva .LSEH_end_AES_encrypt - .rva .LSEH_info_AES_encrypt - - .rva .LSEH_begin_AES_decrypt - .rva .LSEH_end_AES_decrypt - .rva .LSEH_info_AES_decrypt - - .rva .LSEH_begin_AES_set_encrypt_key - .rva .LSEH_end_AES_set_encrypt_key - .rva .LSEH_info_AES_set_encrypt_key - - .rva .LSEH_begin_AES_set_decrypt_key - .rva .LSEH_end_AES_set_decrypt_key - .rva .LSEH_info_AES_set_decrypt_key - - .rva .LSEH_begin_AES_cbc_encrypt - .rva .LSEH_end_AES_cbc_encrypt - .rva .LSEH_info_AES_cbc_encrypt - -.section .xdata -.align 8 -.LSEH_info_AES_encrypt: - .byte 9,0,0,0 - .rva block_se_handler - .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[] -.LSEH_info_AES_decrypt: - .byte 9,0,0,0 - .rva block_se_handler - .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] -.LSEH_info_AES_set_encrypt_key: - .byte 9,0,0,0 - .rva key_se_handler - .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] -.LSEH_info_AES_set_decrypt_key: - .byte 9,0,0,0 - .rva key_se_handler - .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] -.LSEH_info_AES_cbc_encrypt: - .byte 9,0,0,0 - .rva cbc_se_handler -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT; diff --git a/crypto/aes/asm/bsaes-x86_64.pl b/crypto/aes/asm/bsaes-x86_64.pl deleted file mode 100644 index e62342729e..0000000000 --- a/crypto/aes/asm/bsaes-x86_64.pl +++ /dev/null @@ -1,3239 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -################################################################### -### AES-128 [originally in CTR mode] ### -### bitsliced implementation for Intel Core 2 processors ### -### requires support of SSE extensions up to SSSE3 ### -### Author: Emilia K?sper and Peter Schwabe ### -### Date: 2009-03-19 ### -### Public domain ### -### ### -### See http://homes.esat.kuleuven.be/~ekasper/#software for ### -### further information. ### -################################################################### -# -# September 2011. -# -# Started as transliteration to "perlasm" the original code has -# undergone following changes: -# -# - code was made position-independent; -# - rounds were folded into a loop resulting in >5x size reduction -# from 12.5KB to 2.2KB; -# - above was possibile thanks to mixcolumns() modification that -# allowed to feed its output back to aesenc[last], this was -# achieved at cost of two additional inter-registers moves; -# - some instruction reordering and interleaving; -# - this module doesn't implement key setup subroutine, instead it -# relies on conversion of "conventional" key schedule as returned -# by AES_set_encrypt_key (see discussion below); -# - first and last round keys are treated differently, which allowed -# to skip one shiftrows(), reduce bit-sliced key schedule and -# speed-up conversion by 22%; -# - support for 192- and 256-bit keys was added; -# -# Resulting performance in CPU cycles spent to encrypt one byte out -# of 4096-byte buffer with 128-bit key is: -# -# Emilia's this(*) difference -# -# Core 2 9.30 8.69 +7% -# Nehalem(**) 7.63 6.88 +11% -# Atom 17.1 16.4 +4% -# Silvermont - 12.9 -# Goldmont - 8.85 -# -# (*) Comparison is not completely fair, because "this" is ECB, -# i.e. no extra processing such as counter values calculation -# and xor-ing input as in Emilia's CTR implementation is -# performed. However, the CTR calculations stand for not more -# than 1% of total time, so comparison is *rather* fair. -# -# (**) Results were collected on Westmere, which is considered to -# be equivalent to Nehalem for this code. -# -# As for key schedule conversion subroutine. Interface to OpenSSL -# relies on per-invocation on-the-fly conversion. This naturally -# has impact on performance, especially for short inputs. Conversion -# time in CPU cycles and its ratio to CPU cycles spent in 8x block -# function is: -# -# conversion conversion/8x block -# Core 2 240 0.22 -# Nehalem 180 0.20 -# Atom 430 0.20 -# -# The ratio values mean that 128-byte blocks will be processed -# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%, -# etc. Then keep in mind that input sizes not divisible by 128 are -# *effectively* slower, especially shortest ones, e.g. consecutive -# 144-byte blocks are processed 44% slower than one would expect, -# 272 - 29%, 400 - 22%, etc. Yet, despite all these "shortcomings" -# it's still faster than ["hyper-threading-safe" code path in] -# aes-x86_64.pl on all lengths above 64 bytes... -# -# October 2011. -# -# Add decryption procedure. Performance in CPU cycles spent to decrypt -# one byte out of 4096-byte buffer with 128-bit key is: -# -# Core 2 9.98 -# Nehalem 7.80 -# Atom 17.9 -# Silvermont 14.0 -# Goldmont 10.2 -# -# November 2011. -# -# Add bsaes_xts_[en|de]crypt. Less-than-80-bytes-block performance is -# suboptimal, but XTS is meant to be used with larger blocks... -# -# - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; -*STDOUT=*OUT; - -my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx"); -my @XMM=map("%xmm$_",(15,0..14)); # best on Atom, +10% over (0..15) -my $ecb=0; # suppress unreferenced ECB subroutines, spare some space... - -{ -my ($key,$rounds,$const)=("%rax","%r10d","%r11"); - -sub Sbox { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb -my @b=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; - &InBasisChange (@b); - &Inv_GF256 (@b[6,5,0,3,7,1,4,2], at t, at s); - &OutBasisChange (@b[7,1,4,2,6,5,0,3]); -} - -sub InBasisChange { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb -my @b=@_[0..7]; -$code.=<<___; - pxor @b[6], @b[5] - pxor @b[1], @b[2] - pxor @b[0], @b[3] - pxor @b[2], @b[6] - pxor @b[0], @b[5] - - pxor @b[3], @b[6] - pxor @b[7], @b[3] - pxor @b[5], @b[7] - pxor @b[4], @b[3] - pxor @b[5], @b[4] - pxor @b[1], @b[3] - - pxor @b[7], @b[2] - pxor @b[5], @b[1] -___ -} - -sub OutBasisChange { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb -my @b=@_[0..7]; -$code.=<<___; - pxor @b[6], @b[0] - pxor @b[4], @b[1] - pxor @b[0], @b[2] - pxor @b[6], @b[4] - pxor @b[1], @b[6] - - pxor @b[5], @b[1] - pxor @b[3], @b[5] - pxor @b[7], @b[3] - pxor @b[5], @b[7] - pxor @b[5], @b[2] - - pxor @b[7], @b[4] -___ -} - -sub InvSbox { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b0, b1, b6, b4, b2, b7, b3, b5] < msb -my @b=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; - &InvInBasisChange (@b); - &Inv_GF256 (@b[5,1,2,6,3,7,0,4], at t, at s); - &InvOutBasisChange (@b[3,7,0,4,5,1,2,6]); -} - -sub InvInBasisChange { # OutBasisChange in reverse -my @b=@_[5,1,2,6,3,7,0,4]; -$code.=<<___ - pxor @b[7], @b[4] - - pxor @b[5], @b[7] - pxor @b[5], @b[2] - pxor @b[7], @b[3] - pxor @b[3], @b[5] - pxor @b[5], @b[1] - - pxor @b[1], @b[6] - pxor @b[0], @b[2] - pxor @b[6], @b[4] - pxor @b[6], @b[0] - pxor @b[4], @b[1] -___ -} - -sub InvOutBasisChange { # InBasisChange in reverse -my @b=@_[2,5,7,3,6,1,0,4]; -$code.=<<___; - pxor @b[5], @b[1] - pxor @b[7], @b[2] - - pxor @b[1], @b[3] - pxor @b[5], @b[4] - pxor @b[5], @b[7] - pxor @b[4], @b[3] - pxor @b[0], @b[5] - pxor @b[7], @b[3] - pxor @b[2], @b[6] - pxor @b[1], @b[2] - pxor @b[3], @b[6] - - pxor @b[0], @b[3] - pxor @b[6], @b[5] -___ -} - -sub Mul_GF4 { -#;************************************************************* -#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) * -#;************************************************************* -my ($x0,$x1,$y0,$y1,$t0)=@_; -$code.=<<___; - movdqa $y0, $t0 - pxor $y1, $t0 - pand $x0, $t0 - pxor $x1, $x0 - pand $y0, $x1 - pand $y1, $x0 - pxor $x1, $x0 - pxor $t0, $x1 -___ -} - -sub Mul_GF4_N { # not used, see next subroutine -# multiply and scale by N -my ($x0,$x1,$y0,$y1,$t0)=@_; -$code.=<<___; - movdqa $y0, $t0 - pxor $y1, $t0 - pand $x0, $t0 - pxor $x1, $x0 - pand $y0, $x1 - pand $y1, $x0 - pxor $x0, $x1 - pxor $t0, $x0 -___ -} - -sub Mul_GF4_N_GF4 { -# interleaved Mul_GF4_N and Mul_GF4 -my ($x0,$x1,$y0,$y1,$t0, - $x2,$x3,$y2,$y3,$t1)=@_; -$code.=<<___; - movdqa $y0, $t0 - movdqa $y2, $t1 - pxor $y1, $t0 - pxor $y3, $t1 - pand $x0, $t0 - pand $x2, $t1 - pxor $x1, $x0 - pxor $x3, $x2 - pand $y0, $x1 - pand $y2, $x3 - pand $y1, $x0 - pand $y3, $x2 - pxor $x0, $x1 - pxor $x3, $x2 - pxor $t0, $x0 - pxor $t1, $x3 -___ -} -sub Mul_GF16_2 { -my @x=@_[0..7]; -my @y=@_[8..11]; -my @t=@_[12..15]; -$code.=<<___; - movdqa @x[0], @t[0] - movdqa @x[1], @t[1] -___ - &Mul_GF4 (@x[0], @x[1], @y[0], @y[1], @t[2]); -$code.=<<___; - pxor @x[2], @t[0] - pxor @x[3], @t[1] - pxor @y[2], @y[0] - pxor @y[3], @y[1] -___ - Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], - @x[2], @x[3], @y[2], @y[3], @t[2]); -$code.=<<___; - pxor @t[0], @x[0] - pxor @t[0], @x[2] - pxor @t[1], @x[1] - pxor @t[1], @x[3] - - movdqa @x[4], @t[0] - movdqa @x[5], @t[1] - pxor @x[6], @t[0] - pxor @x[7], @t[1] -___ - &Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], - @x[6], @x[7], @y[2], @y[3], @t[2]); -$code.=<<___; - pxor @y[2], @y[0] - pxor @y[3], @y[1] -___ - &Mul_GF4 (@x[4], @x[5], @y[0], @y[1], @t[3]); -$code.=<<___; - pxor @t[0], @x[4] - pxor @t[0], @x[6] - pxor @t[1], @x[5] - pxor @t[1], @x[7] -___ -} -sub Inv_GF256 { -#;******************************************************************** -#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144) * -#;******************************************************************** -my @x=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; -# direct optimizations from hardware -$code.=<<___; - movdqa @x[4], @t[3] - movdqa @x[5], @t[2] - movdqa @x[1], @t[1] - movdqa @x[7], @s[1] - movdqa @x[0], @s[0] - - pxor @x[6], @t[3] - pxor @x[7], @t[2] - pxor @x[3], @t[1] - movdqa @t[3], @s[2] - pxor @x[6], @s[1] - movdqa @t[2], @t[0] - pxor @x[2], @s[0] - movdqa @t[3], @s[3] - - por @t[1], @t[2] - por @s[0], @t[3] - pxor @t[0], @s[3] - pand @s[0], @s[2] - pxor @t[1], @s[0] - pand @t[1], @t[0] - pand @s[0], @s[3] - movdqa @x[3], @s[0] - pxor @x[2], @s[0] - pand @s[0], @s[1] - pxor @s[1], @t[3] - pxor @s[1], @t[2] - movdqa @x[4], @s[1] - movdqa @x[1], @s[0] - pxor @x[5], @s[1] - pxor @x[0], @s[0] - movdqa @s[1], @t[1] - pand @s[0], @s[1] - por @s[0], @t[1] - pxor @s[1], @t[0] - pxor @s[3], @t[3] - pxor @s[2], @t[2] - pxor @s[3], @t[1] - movdqa @x[7], @s[0] - pxor @s[2], @t[0] - movdqa @x[6], @s[1] - pxor @s[2], @t[1] - movdqa @x[5], @s[2] - pand @x[3], @s[0] - movdqa @x[4], @s[3] - pand @x[2], @s[1] - pand @x[1], @s[2] - por @x[0], @s[3] - pxor @s[0], @t[3] - pxor @s[1], @t[2] - pxor @s[2], @t[1] - pxor @s[3], @t[0] - - #Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3 - - # new smaller inversion - - movdqa @t[3], @s[0] - pand @t[1], @t[3] - pxor @t[2], @s[0] - - movdqa @t[0], @s[2] - movdqa @s[0], @s[3] - pxor @t[3], @s[2] - pand @s[2], @s[3] - - movdqa @t[1], @s[1] - pxor @t[2], @s[3] - pxor @t[0], @s[1] - - pxor @t[2], @t[3] - - pand @t[3], @s[1] - - movdqa @s[2], @t[2] - pxor @t[0], @s[1] - - pxor @s[1], @t[2] - pxor @s[1], @t[1] - - pand @t[0], @t[2] - - pxor @t[2], @s[2] - pxor @t[2], @t[1] - - pand @s[3], @s[2] - - pxor @s[0], @s[2] -___ -# output in s3, s2, s1, t1 - -# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3 - -# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3 - &Mul_GF16_2(@x, at s[3,2,1], at t[1], at s[0], at t[0,2,3]); - -### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb -} - -# AES linear components - -sub ShiftRows { -my @x=@_[0..7]; -my $mask=pop; -$code.=<<___; - pxor 0x00($key), at x[0] - pxor 0x10($key), at x[1] - pxor 0x20($key), at x[2] - pxor 0x30($key), at x[3] - pshufb $mask, at x[0] - pshufb $mask, at x[1] - pxor 0x40($key), at x[4] - pxor 0x50($key), at x[5] - pshufb $mask, at x[2] - pshufb $mask, at x[3] - pxor 0x60($key), at x[6] - pxor 0x70($key), at x[7] - pshufb $mask, at x[4] - pshufb $mask, at x[5] - pshufb $mask, at x[6] - pshufb $mask, at x[7] - lea 0x80($key),$key -___ -} - -sub MixColumns { -# modified to emit output in order suitable for feeding back to aesenc[last] -my @x=@_[0..7]; -my @t=@_[8..15]; -my $inv=@_[16]; # optional -$code.=<<___; - pshufd \$0x93, @x[0], @t[0] # x0 <<< 32 - pshufd \$0x93, @x[1], @t[1] - pxor @t[0], @x[0] # x0 ^ (x0 <<< 32) - pshufd \$0x93, @x[2], @t[2] - pxor @t[1], @x[1] - pshufd \$0x93, @x[3], @t[3] - pxor @t[2], @x[2] - pshufd \$0x93, @x[4], @t[4] - pxor @t[3], @x[3] - pshufd \$0x93, @x[5], @t[5] - pxor @t[4], @x[4] - pshufd \$0x93, @x[6], @t[6] - pxor @t[5], @x[5] - pshufd \$0x93, @x[7], @t[7] - pxor @t[6], @x[6] - pxor @t[7], @x[7] - - pxor @x[0], @t[1] - pxor @x[7], @t[0] - pxor @x[7], @t[1] - pshufd \$0x4E, @x[0], @x[0] # (x0 ^ (x0 <<< 32)) <<< 64) - pxor @x[1], @t[2] - pshufd \$0x4E, @x[1], @x[1] - pxor @x[4], @t[5] - pxor @t[0], @x[0] - pxor @x[5], @t[6] - pxor @t[1], @x[1] - pxor @x[3], @t[4] - pshufd \$0x4E, @x[4], @t[0] - pxor @x[6], @t[7] - pshufd \$0x4E, @x[5], @t[1] - pxor @x[2], @t[3] - pshufd \$0x4E, @x[3], @x[4] - pxor @x[7], @t[3] - pshufd \$0x4E, @x[7], @x[5] - pxor @x[7], @t[4] - pshufd \$0x4E, @x[6], @x[3] - pxor @t[4], @t[0] - pshufd \$0x4E, @x[2], @x[6] - pxor @t[5], @t[1] -___ -$code.=<<___ if (!$inv); - pxor @t[3], @x[4] - pxor @t[7], @x[5] - pxor @t[6], @x[3] - movdqa @t[0], @x[2] - pxor @t[2], @x[6] - movdqa @t[1], @x[7] -___ -$code.=<<___ if ($inv); - pxor @x[4], @t[3] - pxor @t[7], @x[5] - pxor @x[3], @t[6] - movdqa @t[0], @x[3] - pxor @t[2], @x[6] - movdqa @t[6], @x[2] - movdqa @t[1], @x[7] - movdqa @x[6], @x[4] - movdqa @t[3], @x[6] -___ -} - -sub InvMixColumns_orig { -my @x=@_[0..7]; -my @t=@_[8..15]; - -$code.=<<___; - # multiplication by 0x0e - pshufd \$0x93, @x[7], @t[7] - movdqa @x[2], @t[2] - pxor @x[5], @x[7] # 7 5 - pxor @x[5], @x[2] # 2 5 - pshufd \$0x93, @x[0], @t[0] - movdqa @x[5], @t[5] - pxor @x[0], @x[5] # 5 0 [1] - pxor @x[1], @x[0] # 0 1 - pshufd \$0x93, @x[1], @t[1] - pxor @x[2], @x[1] # 1 25 - pxor @x[6], @x[0] # 01 6 [2] - pxor @x[3], @x[1] # 125 3 [4] - pshufd \$0x93, @x[3], @t[3] - pxor @x[0], @x[2] # 25 016 [3] - pxor @x[7], @x[3] # 3 75 - pxor @x[6], @x[7] # 75 6 [0] - pshufd \$0x93, @x[6], @t[6] - movdqa @x[4], @t[4] - pxor @x[4], @x[6] # 6 4 - pxor @x[3], @x[4] # 4 375 [6] - pxor @x[7], @x[3] # 375 756=36 - pxor @t[5], @x[6] # 64 5 [7] - pxor @t[2], @x[3] # 36 2 - pxor @t[4], @x[3] # 362 4 [5] - pshufd \$0x93, @t[5], @t[5] -___ - my @y = @x[7,5,0,2,1,3,4,6]; -$code.=<<___; - # multiplication by 0x0b - pxor @y[0], @y[1] - pxor @t[0], @y[0] - pxor @t[1], @y[1] - pshufd \$0x93, @t[2], @t[2] - pxor @t[5], @y[0] - pxor @t[6], @y[1] - pxor @t[7], @y[0] - pshufd \$0x93, @t[4], @t[4] - pxor @t[6], @t[7] # clobber t[7] - pxor @y[0], @y[1] - - pxor @t[0], @y[3] - pshufd \$0x93, @t[0], @t[0] - pxor @t[1], @y[2] - pxor @t[1], @y[4] - pxor @t[2], @y[2] - pshufd \$0x93, @t[1], @t[1] - pxor @t[2], @y[3] - pxor @t[2], @y[5] - pxor @t[7], @y[2] - pshufd \$0x93, @t[2], @t[2] - pxor @t[3], @y[3] - pxor @t[3], @y[6] - pxor @t[3], @y[4] - pshufd \$0x93, @t[3], @t[3] - pxor @t[4], @y[7] - pxor @t[4], @y[5] - pxor @t[7], @y[7] - pxor @t[5], @y[3] - pxor @t[4], @y[4] - pxor @t[5], @t[7] # clobber t[7] even more - - pxor @t[7], @y[5] - pshufd \$0x93, @t[4], @t[4] - pxor @t[7], @y[6] - pxor @t[7], @y[4] - - pxor @t[5], @t[7] - pshufd \$0x93, @t[5], @t[5] - pxor @t[6], @t[7] # restore t[7] - - # multiplication by 0x0d - pxor @y[7], @y[4] - pxor @t[4], @y[7] - pshufd \$0x93, @t[6], @t[6] - pxor @t[0], @y[2] - pxor @t[5], @y[7] - pxor @t[2], @y[2] - pshufd \$0x93, @t[7], @t[7] - - pxor @y[1], @y[3] - pxor @t[1], @y[1] - pxor @t[0], @y[0] - pxor @t[0], @y[3] - pxor @t[5], @y[1] - pxor @t[5], @y[0] - pxor @t[7], @y[1] - pshufd \$0x93, @t[0], @t[0] - pxor @t[6], @y[0] - pxor @y[1], @y[3] - pxor @t[1], @y[4] - pshufd \$0x93, @t[1], @t[1] - - pxor @t[7], @y[7] - pxor @t[2], @y[4] - pxor @t[2], @y[5] - pshufd \$0x93, @t[2], @t[2] - pxor @t[6], @y[2] - pxor @t[3], @t[6] # clobber t[6] - pxor @y[7], @y[4] - pxor @t[6], @y[3] - - pxor @t[6], @y[6] - pxor @t[5], @y[5] - pxor @t[4], @y[6] - pshufd \$0x93, @t[4], @t[4] - pxor @t[6], @y[5] - pxor @t[7], @y[6] - pxor @t[3], @t[6] # restore t[6] - - pshufd \$0x93, @t[5], @t[5] - pshufd \$0x93, @t[6], @t[6] - pshufd \$0x93, @t[7], @t[7] - pshufd \$0x93, @t[3], @t[3] - - # multiplication by 0x09 - pxor @y[1], @y[4] - pxor @y[1], @t[1] # t[1]=y[1] - pxor @t[5], @t[0] # clobber t[0] - pxor @t[5], @t[1] - pxor @t[0], @y[3] - pxor @y[0], @t[0] # t[0]=y[0] - pxor @t[6], @t[1] - pxor @t[7], @t[6] # clobber t[6] - pxor @t[1], @y[4] - pxor @t[4], @y[7] - pxor @y[4], @t[4] # t[4]=y[4] - pxor @t[3], @y[6] - pxor @y[3], @t[3] # t[3]=y[3] - pxor @t[2], @y[5] - pxor @y[2], @t[2] # t[2]=y[2] - pxor @t[7], @t[3] - pxor @y[5], @t[5] # t[5]=y[5] - pxor @t[6], @t[2] - pxor @t[6], @t[5] - pxor @y[6], @t[6] # t[6]=y[6] - pxor @y[7], @t[7] # t[7]=y[7] - - movdqa @t[0], at XMM[0] - movdqa @t[1], at XMM[1] - movdqa @t[2], at XMM[2] - movdqa @t[3], at XMM[3] - movdqa @t[4], at XMM[4] - movdqa @t[5], at XMM[5] - movdqa @t[6], at XMM[6] - movdqa @t[7], at XMM[7] -___ -} - -sub InvMixColumns { -my @x=@_[0..7]; -my @t=@_[8..15]; - -# Thanks to Jussi Kivilinna for providing pointer to -# -# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 | -# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 | -# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 | -# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 | - -$code.=<<___; - # multiplication by 0x05-0x00-0x04-0x00 - pshufd \$0x4E, @x[0], @t[0] - pshufd \$0x4E, @x[6], @t[6] - pxor @x[0], @t[0] - pshufd \$0x4E, @x[7], @t[7] - pxor @x[6], @t[6] - pshufd \$0x4E, @x[1], @t[1] - pxor @x[7], @t[7] - pshufd \$0x4E, @x[2], @t[2] - pxor @x[1], @t[1] - pshufd \$0x4E, @x[3], @t[3] - pxor @x[2], @t[2] - pxor @t[6], @x[0] - pxor @t[6], @x[1] - pshufd \$0x4E, @x[4], @t[4] - pxor @x[3], @t[3] - pxor @t[0], @x[2] - pxor @t[1], @x[3] - pshufd \$0x4E, @x[5], @t[5] - pxor @x[4], @t[4] - pxor @t[7], @x[1] - pxor @t[2], @x[4] - pxor @x[5], @t[5] - - pxor @t[7], @x[2] - pxor @t[6], @x[3] - pxor @t[6], @x[4] - pxor @t[3], @x[5] - pxor @t[4], @x[6] - pxor @t[7], @x[4] - pxor @t[7], @x[5] - pxor @t[5], @x[7] -___ - &MixColumns (@x, at t,1); # flipped 2<->3 and 4<->6 -} - -sub aesenc { # not used -my @b=@_[0..7]; -my @t=@_[8..15]; -$code.=<<___; - movdqa 0x30($const), at t[0] # .LSR -___ - &ShiftRows (@b, at t[0]); - &Sbox (@b, at t); - &MixColumns (@b[0,1,4,6,3,7,2,5], at t); -} - -sub aesenclast { # not used -my @b=@_[0..7]; -my @t=@_[8..15]; -$code.=<<___; - movdqa 0x40($const), at t[0] # .LSRM0 -___ - &ShiftRows (@b, at t[0]); - &Sbox (@b, at t); -$code.=<<___ - pxor 0x00($key), at b[0] - pxor 0x10($key), at b[1] - pxor 0x20($key), at b[4] - pxor 0x30($key), at b[6] - pxor 0x40($key), at b[3] - pxor 0x50($key), at b[7] - pxor 0x60($key), at b[2] - pxor 0x70($key), at b[5] -___ -} - -sub swapmove { -my ($a,$b,$n,$mask,$t)=@_; -$code.=<<___; - movdqa $b,$t - psrlq \$$n,$b - pxor $a,$b - pand $mask,$b - pxor $b,$a - psllq \$$n,$b - pxor $t,$b -___ -} -sub swapmove2x { -my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_; -$code.=<<___; - movdqa $b0,$t0 - psrlq \$$n,$b0 - movdqa $b1,$t1 - psrlq \$$n,$b1 - pxor $a0,$b0 - pxor $a1,$b1 - pand $mask,$b0 - pand $mask,$b1 - pxor $b0,$a0 - psllq \$$n,$b0 - pxor $b1,$a1 - psllq \$$n,$b1 - pxor $t0,$b0 - pxor $t1,$b1 -___ -} - -sub bitslice { -my @x=reverse(@_[0..7]); -my ($t0,$t1,$t2,$t3)=@_[8..11]; -$code.=<<___; - movdqa 0x00($const),$t0 # .LBS0 - movdqa 0x10($const),$t1 # .LBS1 -___ - &swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3); - &swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); -$code.=<<___; - movdqa 0x20($const),$t0 # .LBS2 -___ - &swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3); - &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); - - &swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3); - &swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3); -} - -$code.=<<___; -.text - -.extern asm_AES_encrypt -.extern asm_AES_decrypt - -.type _bsaes_encrypt8,\@abi-omnipotent -.align 64 -_bsaes_encrypt8: -.cfi_startproc - lea .LBS0(%rip), $const # constants table - - movdqa ($key), @XMM[9] # round 0 key - lea 0x10($key), $key - movdqa 0x50($const), @XMM[8] # .LM0SR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] -_bsaes_encrypt8_bitslice: -___ - &bitslice (@XMM[0..7, 8..11]); -$code.=<<___; - dec $rounds - jmp .Lenc_sbox -.align 16 -.Lenc_loop: -___ - &ShiftRows (@XMM[0..7, 8]); -$code.=".Lenc_sbox:\n"; - &Sbox (@XMM[0..7, 8..15]); -$code.=<<___; - dec $rounds - jl .Lenc_done -___ - &MixColumns (@XMM[0,1,4,6,3,7,2,5, 8..15]); -$code.=<<___; - movdqa 0x30($const), @XMM[8] # .LSR - jnz .Lenc_loop - movdqa 0x40($const), @XMM[8] # .LSRM0 - jmp .Lenc_loop -.align 16 -.Lenc_done: -___ - # output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb - &bitslice (@XMM[0,1,4,6,3,7,2,5, 8..11]); -$code.=<<___; - movdqa ($key), @XMM[8] # last round key - pxor @XMM[8], @XMM[4] - pxor @XMM[8], @XMM[6] - pxor @XMM[8], @XMM[3] - pxor @XMM[8], @XMM[7] - pxor @XMM[8], @XMM[2] - pxor @XMM[8], @XMM[5] - pxor @XMM[8], @XMM[0] - pxor @XMM[8], @XMM[1] - ret -.cfi_endproc -.size _bsaes_encrypt8,.-_bsaes_encrypt8 - -.type _bsaes_decrypt8,\@abi-omnipotent -.align 64 -_bsaes_decrypt8: -.cfi_startproc - lea .LBS0(%rip), $const # constants table - - movdqa ($key), @XMM[9] # round 0 key - lea 0x10($key), $key - movdqa -0x30($const), @XMM[8] # .LM0ISR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] -___ - &bitslice (@XMM[0..7, 8..11]); -$code.=<<___; - dec $rounds - jmp .Ldec_sbox -.align 16 -.Ldec_loop: -___ - &ShiftRows (@XMM[0..7, 8]); -$code.=".Ldec_sbox:\n"; - &InvSbox (@XMM[0..7, 8..15]); -$code.=<<___; - dec $rounds - jl .Ldec_done -___ - &InvMixColumns (@XMM[0,1,6,4,2,7,3,5, 8..15]); -$code.=<<___; - movdqa -0x10($const), @XMM[8] # .LISR - jnz .Ldec_loop - movdqa -0x20($const), @XMM[8] # .LISRM0 - jmp .Ldec_loop -.align 16 -.Ldec_done: -___ - &bitslice (@XMM[0,1,6,4,2,7,3,5, 8..11]); -$code.=<<___; - movdqa ($key), @XMM[8] # last round key - pxor @XMM[8], @XMM[6] - pxor @XMM[8], @XMM[4] - pxor @XMM[8], @XMM[2] - pxor @XMM[8], @XMM[7] - pxor @XMM[8], @XMM[3] - pxor @XMM[8], @XMM[5] - pxor @XMM[8], @XMM[0] - pxor @XMM[8], @XMM[1] - ret -.cfi_endproc -.size _bsaes_decrypt8,.-_bsaes_decrypt8 -___ -} -{ -my ($out,$inp,$rounds,$const)=("%rax","%rcx","%r10d","%r11"); - -sub bitslice_key { -my @x=reverse(@_[0..7]); -my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12]; - - &swapmove (@x[0,1],1,$bs0,$t2,$t3); -$code.=<<___; - #&swapmove(@x[2,3],1,$t0,$t2,$t3); - movdqa @x[0], @x[2] - movdqa @x[1], @x[3] -___ - #&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); - - &swapmove2x (@x[0,2,1,3],2,$bs1,$t2,$t3); -$code.=<<___; - #&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); - movdqa @x[0], @x[4] - movdqa @x[2], @x[6] - movdqa @x[1], @x[5] - movdqa @x[3], @x[7] -___ - &swapmove2x (@x[0,4,1,5],4,$bs2,$t2,$t3); - &swapmove2x (@x[2,6,3,7],4,$bs2,$t2,$t3); -} - -$code.=<<___; -.type _bsaes_key_convert,\@abi-omnipotent -.align 16 -_bsaes_key_convert: -.cfi_startproc - lea .Lmasks(%rip), $const - movdqu ($inp), %xmm7 # load round 0 key - lea 0x10($inp), $inp - movdqa 0x00($const), %xmm0 # 0x01... - movdqa 0x10($const), %xmm1 # 0x02... - movdqa 0x20($const), %xmm2 # 0x04... - movdqa 0x30($const), %xmm3 # 0x08... - movdqa 0x40($const), %xmm4 # .LM0 - pcmpeqd %xmm5, %xmm5 # .LNOT - - movdqu ($inp), %xmm6 # load round 1 key - movdqa %xmm7, ($out) # save round 0 key - lea 0x10($out), $out - dec $rounds - jmp .Lkey_loop -.align 16 -.Lkey_loop: - pshufb %xmm4, %xmm6 # .LM0 - - movdqa %xmm0, %xmm8 - movdqa %xmm1, %xmm9 - - pand %xmm6, %xmm8 - pand %xmm6, %xmm9 - movdqa %xmm2, %xmm10 - pcmpeqb %xmm0, %xmm8 - psllq \$4, %xmm0 # 0x10... - movdqa %xmm3, %xmm11 - pcmpeqb %xmm1, %xmm9 - psllq \$4, %xmm1 # 0x20... - - pand %xmm6, %xmm10 - pand %xmm6, %xmm11 - movdqa %xmm0, %xmm12 - pcmpeqb %xmm2, %xmm10 - psllq \$4, %xmm2 # 0x40... - movdqa %xmm1, %xmm13 - pcmpeqb %xmm3, %xmm11 - psllq \$4, %xmm3 # 0x80... - - movdqa %xmm2, %xmm14 - movdqa %xmm3, %xmm15 - pxor %xmm5, %xmm8 # "pnot" - pxor %xmm5, %xmm9 - - pand %xmm6, %xmm12 - pand %xmm6, %xmm13 - movdqa %xmm8, 0x00($out) # write bit-sliced round key - pcmpeqb %xmm0, %xmm12 - psrlq \$4, %xmm0 # 0x01... - movdqa %xmm9, 0x10($out) - pcmpeqb %xmm1, %xmm13 - psrlq \$4, %xmm1 # 0x02... - lea 0x10($inp), $inp - - pand %xmm6, %xmm14 - pand %xmm6, %xmm15 - movdqa %xmm10, 0x20($out) - pcmpeqb %xmm2, %xmm14 - psrlq \$4, %xmm2 # 0x04... - movdqa %xmm11, 0x30($out) - pcmpeqb %xmm3, %xmm15 - psrlq \$4, %xmm3 # 0x08... - movdqu ($inp), %xmm6 # load next round key - - pxor %xmm5, %xmm13 # "pnot" - pxor %xmm5, %xmm14 - movdqa %xmm12, 0x40($out) - movdqa %xmm13, 0x50($out) - movdqa %xmm14, 0x60($out) - movdqa %xmm15, 0x70($out) - lea 0x80($out),$out - dec $rounds - jnz .Lkey_loop - - movdqa 0x50($const), %xmm7 # .L63 - #movdqa %xmm6, ($out) # don't save last round key - ret -.cfi_endproc -.size _bsaes_key_convert,.-_bsaes_key_convert -___ -} - -if (0 && !$win64) { # following four functions are unsupported interface - # used for benchmarking... -$code.=<<___; -.globl bsaes_enc_key_convert -.type bsaes_enc_key_convert,\@function,2 -.align 16 -bsaes_enc_key_convert: - mov 240($inp),%r10d # pass rounds - mov $inp,%rcx # pass key - mov $out,%rax # pass key schedule - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - ret -.size bsaes_enc_key_convert,.-bsaes_enc_key_convert - -.globl bsaes_encrypt_128 -.type bsaes_encrypt_128,\@function,4 -.align 16 -bsaes_encrypt_128: -.Lenc128_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - movdqu 0x60($inp), @XMM[6] - movdqu 0x70($inp), @XMM[7] - mov $key, %rax # pass the $key - lea 0x80($inp), $inp - mov \$10,%r10d - - call _bsaes_encrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$0x80,$len - ja .Lenc128_loop - ret -.size bsaes_encrypt_128,.-bsaes_encrypt_128 - -.globl bsaes_dec_key_convert -.type bsaes_dec_key_convert,\@function,2 -.align 16 -bsaes_dec_key_convert: - mov 240($inp),%r10d # pass rounds - mov $inp,%rcx # pass key - mov $out,%rax # pass key schedule - call _bsaes_key_convert - pxor ($out),%xmm7 # fix up round 0 key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,($out) - ret -.size bsaes_dec_key_convert,.-bsaes_dec_key_convert - -.globl bsaes_decrypt_128 -.type bsaes_decrypt_128,\@function,4 -.align 16 -bsaes_decrypt_128: -.Ldec128_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - movdqu 0x60($inp), @XMM[6] - movdqu 0x70($inp), @XMM[7] - mov $key, %rax # pass the $key - lea 0x80($inp), $inp - mov \$10,%r10d - - call _bsaes_decrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$0x80,$len - ja .Ldec128_loop - ret -.size bsaes_decrypt_128,.-bsaes_decrypt_128 -___ -} -{ -###################################################################### -# -# OpenSSL interface -# -my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64 ? ("%rcx","%rdx","%r8","%r9","%r10","%r11d") - : ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d"); -my ($inp,$out,$len,$key)=("%r12","%r13","%r14","%r15"); - -if ($ecb) { -$code.=<<___; -.globl bsaes_ecb_encrypt_blocks -.type bsaes_ecb_encrypt_blocks,\@abi-omnipotent -.align 16 -bsaes_ecb_encrypt_blocks: -.cfi_startproc - mov %rsp, %rax -.Lecb_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp),%rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lecb_enc_body: -___ -$code.=<<___; - mov %rsp,%rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4),%eax # rounds - mov $arg1,$inp # backup arguments - mov $arg2,$out - mov $arg3,$len - mov $arg4,$key - cmp \$8,$arg3 - jb .Lecb_enc_short - - mov %eax,%ebx # backup rounds - shl \$7,%rax # 128 bytes per inner round key - sub \$`128-32`,%rax # size of bit-sliced key schedule - sub %rax,%rsp - mov %rsp,%rax # pass key schedule - mov $key,%rcx # pass key - mov %ebx,%r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - - sub \$8,$len -.Lecb_enc_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %ebx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - lea 0x80($inp), $inp - - call _bsaes_encrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lecb_enc_loop - - add \$8,$len - jz .Lecb_enc_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %ebx,%r10d # pass rounds - cmp \$2,$len - jb .Lecb_enc_one - movdqu 0x10($inp), @XMM[1] - je .Lecb_enc_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lecb_enc_three - movdqu 0x30($inp), @XMM[3] - je .Lecb_enc_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lecb_enc_five - movdqu 0x50($inp), @XMM[5] - je .Lecb_enc_six - movdqu 0x60($inp), @XMM[6] - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_six: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_five: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_four: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_three: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_two: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_one: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_short: - lea ($inp), $arg1 - lea ($out), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt - lea 16($inp), $inp - lea 16($out), $out - dec $len - jnz .Lecb_enc_short - -.Lecb_enc_done: - lea (%rsp),%rax - pxor %xmm0, %xmm0 -.Lecb_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - jb .Lecb_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lecb_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lecb_enc_epilogue: - ret -.cfi_endproc -.size bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks - -.globl bsaes_ecb_decrypt_blocks -.type bsaes_ecb_decrypt_blocks,\@abi-omnipotent -.align 16 -bsaes_ecb_decrypt_blocks: -.cfi_startproc - mov %rsp, %rax -.Lecb_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp),%rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lecb_dec_body: -___ -$code.=<<___; - mov %rsp,%rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4),%eax # rounds - mov $arg1,$inp # backup arguments - mov $arg2,$out - mov $arg3,$len - mov $arg4,$key - cmp \$8,$arg3 - jb .Lecb_dec_short - - mov %eax,%ebx # backup rounds - shl \$7,%rax # 128 bytes per inner round key - sub \$`128-32`,%rax # size of bit-sliced key schedule - sub %rax,%rsp - mov %rsp,%rax # pass key schedule - mov $key,%rcx # pass key - mov %ebx,%r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp),%xmm7 # fix up 0 round key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,(%rsp) - - sub \$8,$len -.Lecb_dec_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %ebx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - lea 0x80($inp), $inp - - call _bsaes_decrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lecb_dec_loop - - add \$8,$len - jz .Lecb_dec_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %ebx,%r10d # pass rounds - cmp \$2,$len - jb .Lecb_dec_one - movdqu 0x10($inp), @XMM[1] - je .Lecb_dec_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lecb_dec_three - movdqu 0x30($inp), @XMM[3] - je .Lecb_dec_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lecb_dec_five - movdqu 0x50($inp), @XMM[5] - je .Lecb_dec_six - movdqu 0x60($inp), @XMM[6] - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_six: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_five: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_four: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_three: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_two: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_one: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_short: - lea ($inp), $arg1 - lea ($out), $arg2 - lea ($key), $arg3 - call asm_AES_decrypt - lea 16($inp), $inp - lea 16($out), $out - dec $len - jnz .Lecb_dec_short - -.Lecb_dec_done: - lea (%rsp),%rax - pxor %xmm0, %xmm0 -.Lecb_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - jb .Lecb_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lecb_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lecb_dec_epilogue: - ret -.cfi_endproc -.size bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks -___ -} -$code.=<<___; -.extern asm_AES_cbc_encrypt -.globl bsaes_cbc_encrypt -.type bsaes_cbc_encrypt,\@abi-omnipotent -.align 16 -bsaes_cbc_encrypt: -.cfi_startproc -___ -$code.=<<___ if ($win64); - mov 48(%rsp),$arg6 # pull direction flag -___ -$code.=<<___; - cmp \$0,$arg6 - jne asm_AES_cbc_encrypt - cmp \$128,$arg3 - jb asm_AES_cbc_encrypt - - mov %rsp, %rax -.Lcbc_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lcbc_dec_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4), %eax # rounds - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - mov $arg5, %rbx - shr \$4, $len # bytes to blocks - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp),%xmm7 # fix up 0 round key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,(%rsp) - - movdqu (%rbx), @XMM[15] # load IV - sub \$8,$len -.Lcbc_dec_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %edx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - movdqa @XMM[15], 0x20(%rbp) # put aside IV - - call _bsaes_decrypt8 - - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[13] - pxor @XMM[12], @XMM[7] - movdqu 0x60($inp), @XMM[14] - pxor @XMM[13], @XMM[3] - movdqu 0x70($inp), @XMM[15] # IV - pxor @XMM[14], @XMM[5] - movdqu @XMM[0], 0x00($out) # write output - lea 0x80($inp), $inp - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lcbc_dec_loop - - add \$8,$len - jz .Lcbc_dec_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %edx, %r10d # pass rounds - cmp \$2,$len - jb .Lcbc_dec_one - movdqu 0x10($inp), @XMM[1] - je .Lcbc_dec_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lcbc_dec_three - movdqu 0x30($inp), @XMM[3] - je .Lcbc_dec_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lcbc_dec_five - movdqu 0x50($inp), @XMM[5] - je .Lcbc_dec_six - movdqu 0x60($inp), @XMM[6] - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[13] - pxor @XMM[12], @XMM[7] - movdqu 0x60($inp), @XMM[15] # IV - pxor @XMM[13], @XMM[3] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_six: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[15] # IV - pxor @XMM[12], @XMM[7] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_five: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[15] # IV - pxor @XMM[11], @XMM[2] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_four: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[15] # IV - pxor @XMM[10], @XMM[4] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_three: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[15] # IV - pxor @XMM[9], @XMM[6] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_two: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[15] # IV - pxor @XMM[8], @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_one: - lea ($inp), $arg1 - lea 0x20(%rbp), $arg2 # buffer output - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[15] # ^= IV - movdqu @XMM[15], ($out) # write output - movdqa @XMM[0], @XMM[15] # IV - -.Lcbc_dec_done: - movdqu @XMM[15], (%rbx) # return IV - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lcbc_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lcbc_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lcbc_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lcbc_dec_epilogue: - ret -.cfi_endproc -.size bsaes_cbc_encrypt,.-bsaes_cbc_encrypt - -.globl bsaes_ctr32_encrypt_blocks -.type bsaes_ctr32_encrypt_blocks,\@abi-omnipotent -.align 16 -bsaes_ctr32_encrypt_blocks: -.cfi_startproc - mov %rsp, %rax -.Lctr_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lctr_enc_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - movdqu ($arg5), %xmm0 # load counter - mov 240($arg4), %eax # rounds - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - movdqa %xmm0, 0x20(%rbp) # copy counter - cmp \$8, $arg3 - jb .Lctr_enc_short - - mov %eax, %ebx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %ebx, %r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - - movdqa (%rsp), @XMM[9] # load round0 key - lea .LADD1(%rip), %r11 - movdqa 0x20(%rbp), @XMM[0] # counter copy - movdqa -0x20(%r11), @XMM[8] # .LSWPUP - pshufb @XMM[8], @XMM[9] # byte swap upper part - pshufb @XMM[8], @XMM[0] - movdqa @XMM[9], (%rsp) # save adjusted round0 key - jmp .Lctr_enc_loop -.align 16 -.Lctr_enc_loop: - movdqa @XMM[0], 0x20(%rbp) # save counter - movdqa @XMM[0], @XMM[1] # prepare 8 counter values - movdqa @XMM[0], @XMM[2] - paddd 0x00(%r11), @XMM[1] # .LADD1 - movdqa @XMM[0], @XMM[3] - paddd 0x10(%r11), @XMM[2] # .LADD2 - movdqa @XMM[0], @XMM[4] - paddd 0x20(%r11), @XMM[3] # .LADD3 - movdqa @XMM[0], @XMM[5] - paddd 0x30(%r11), @XMM[4] # .LADD4 - movdqa @XMM[0], @XMM[6] - paddd 0x40(%r11), @XMM[5] # .LADD5 - movdqa @XMM[0], @XMM[7] - paddd 0x50(%r11), @XMM[6] # .LADD6 - paddd 0x60(%r11), @XMM[7] # .LADD7 - - # Borrow prologue from _bsaes_encrypt8 to use the opportunity - # to flip byte order in 32-bit counter - movdqa (%rsp), @XMM[9] # round 0 key - lea 0x10(%rsp), %rax # pass key schedule - movdqa -0x10(%r11), @XMM[8] # .LSWPUPM0SR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] - lea .LBS0(%rip), %r11 # constants table - mov %ebx,%r10d # pass rounds - - call _bsaes_encrypt8_bitslice - - sub \$8,$len - jc .Lctr_enc_loop_done - - movdqu 0x00($inp), @XMM[8] # load input - movdqu 0x10($inp), @XMM[9] - movdqu 0x20($inp), @XMM[10] - movdqu 0x30($inp), @XMM[11] - movdqu 0x40($inp), @XMM[12] - movdqu 0x50($inp), @XMM[13] - movdqu 0x60($inp), @XMM[14] - movdqu 0x70($inp), @XMM[15] - lea 0x80($inp),$inp - pxor @XMM[0], @XMM[8] - movdqa 0x20(%rbp), @XMM[0] # load counter - pxor @XMM[9], @XMM[1] - movdqu @XMM[8], 0x00($out) # write output - pxor @XMM[10], @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor @XMM[11], @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor @XMM[12], @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor @XMM[13], @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor @XMM[14], @XMM[2] - movdqu @XMM[7], 0x50($out) - pxor @XMM[15], @XMM[5] - movdqu @XMM[2], 0x60($out) - lea .LADD1(%rip), %r11 - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - paddd 0x70(%r11), @XMM[0] # .LADD8 - jnz .Lctr_enc_loop - - jmp .Lctr_enc_done -.align 16 -.Lctr_enc_loop_done: - add \$8, $len - movdqu 0x00($inp), @XMM[8] # load input - pxor @XMM[8], @XMM[0] - movdqu @XMM[0], 0x00($out) # write output - cmp \$2,$len - jb .Lctr_enc_done - movdqu 0x10($inp), @XMM[9] - pxor @XMM[9], @XMM[1] - movdqu @XMM[1], 0x10($out) - je .Lctr_enc_done - movdqu 0x20($inp), @XMM[10] - pxor @XMM[10], @XMM[4] - movdqu @XMM[4], 0x20($out) - cmp \$4,$len - jb .Lctr_enc_done - movdqu 0x30($inp), @XMM[11] - pxor @XMM[11], @XMM[6] - movdqu @XMM[6], 0x30($out) - je .Lctr_enc_done - movdqu 0x40($inp), @XMM[12] - pxor @XMM[12], @XMM[3] - movdqu @XMM[3], 0x40($out) - cmp \$6,$len - jb .Lctr_enc_done - movdqu 0x50($inp), @XMM[13] - pxor @XMM[13], @XMM[7] - movdqu @XMM[7], 0x50($out) - je .Lctr_enc_done - movdqu 0x60($inp), @XMM[14] - pxor @XMM[14], @XMM[2] - movdqu @XMM[2], 0x60($out) - jmp .Lctr_enc_done - -.align 16 -.Lctr_enc_short: - lea 0x20(%rbp), $arg1 - lea 0x30(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt - movdqu ($inp), @XMM[1] - lea 16($inp), $inp - mov 0x2c(%rbp), %eax # load 32-bit counter - bswap %eax - pxor 0x30(%rbp), @XMM[1] - inc %eax # increment - movdqu @XMM[1], ($out) - bswap %eax - lea 16($out), $out - mov %eax, 0x2c(%rsp) # save 32-bit counter - dec $len - jnz .Lctr_enc_short - -.Lctr_enc_done: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lctr_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lctr_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lctr_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lctr_enc_epilogue: - ret -.cfi_endproc -.size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks -___ -###################################################################### -# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, -# const unsigned char iv[16]); -# -my ($twmask,$twres,$twtmp)=@XMM[13..15]; -$arg6=~s/d$//; - -$code.=<<___; -.globl bsaes_xts_encrypt -.type bsaes_xts_encrypt,\@abi-omnipotent -.align 16 -bsaes_xts_encrypt: -.cfi_startproc - mov %rsp, %rax -.Lxts_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull key2 - mov 0xa8(%rsp),$arg6 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lxts_enc_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - - lea ($arg6), $arg1 - lea 0x20(%rbp), $arg2 - lea ($arg5), $arg3 - call asm_AES_encrypt # generate initial tweak - - mov 240($key), %eax # rounds - mov $len, %rbx # backup $len - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6, %xmm7 # fix up last round key - movdqa %xmm7, (%rax) # save last round key - - and \$-16, $len - sub \$0x80, %rsp # place for tweak[8] - movdqa 0x20(%rbp), @XMM[7] # initial tweak - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - - sub \$0x80, $len - jc .Lxts_enc_short - jmp .Lxts_enc_loop - -.align 16 -.Lxts_enc_loop: -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqu 0x70($inp), @XMM[8+7] - lea 0x80($inp), $inp - movdqa @XMM[7], 0x70(%rsp) - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - pxor @XMM[8+7], @XMM[7] - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor 0x60(%rsp), @XMM[2] - movdqu @XMM[7], 0x50($out) - pxor 0x70(%rsp), @XMM[5] - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - - movdqa 0x70(%rsp), @XMM[7] # prepare next iteration tweak - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] - - sub \$0x80,$len - jnc .Lxts_enc_loop - -.Lxts_enc_short: - add \$0x80, $len - jz .Lxts_enc_done -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] - cmp \$`0x10*$i`,$len - je .Lxts_enc_$i -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqa @XMM[7], 0x70(%rsp) - lea 0x70($inp), $inp - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor 0x60(%rsp), @XMM[2] - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - lea 0x70($out), $out - - movdqa 0x70(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_6: - pxor @XMM[8+4], @XMM[4] - lea 0x60($inp), $inp - pxor @XMM[8+5], @XMM[5] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - lea 0x60($out), $out - - movdqa 0x60(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_5: - pxor @XMM[8+3], @XMM[3] - lea 0x50($inp), $inp - pxor @XMM[8+4], @XMM[4] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - lea 0x50($out), $out - - movdqa 0x50(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_4: - pxor @XMM[8+2], @XMM[2] - lea 0x40($inp), $inp - pxor @XMM[8+3], @XMM[3] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - lea 0x40($out), $out - - movdqa 0x40(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_3: - pxor @XMM[8+1], @XMM[1] - lea 0x30($inp), $inp - pxor @XMM[8+2], @XMM[2] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - lea 0x30($out), $out - - movdqa 0x30(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_2: - pxor @XMM[8+0], @XMM[0] - lea 0x20($inp), $inp - pxor @XMM[8+1], @XMM[1] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - lea 0x20($out), $out - - movdqa 0x20(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_1: - pxor @XMM[0], @XMM[8] - lea 0x10($inp), $inp - movdqa @XMM[8], 0x20(%rbp) - lea 0x20(%rbp), $arg1 - lea 0x20(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[0] # ^= tweak[] - #pxor @XMM[8], @XMM[0] - #lea 0x80(%rsp), %rax # pass key schedule - #mov %edx, %r10d # pass rounds - #call _bsaes_encrypt8 - #pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - movdqu @XMM[0], 0x00($out) # write output - lea 0x10($out), $out - - movdqa 0x10(%rsp), @XMM[7] # next iteration tweak - -.Lxts_enc_done: - and \$15, %ebx - jz .Lxts_enc_ret - mov $out, %rdx - -.Lxts_enc_steal: - movzb ($inp), %eax - movzb -16(%rdx), %ecx - lea 1($inp), $inp - mov %al, -16(%rdx) - mov %cl, 0(%rdx) - lea 1(%rdx), %rdx - sub \$1,%ebx - jnz .Lxts_enc_steal - - movdqu -16($out), @XMM[0] - lea 0x20(%rbp), $arg1 - pxor @XMM[7], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_encrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[7] - movdqu @XMM[7], -16($out) - -.Lxts_enc_ret: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lxts_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lxts_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lxts_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lxts_enc_epilogue: - ret -.cfi_endproc -.size bsaes_xts_encrypt,.-bsaes_xts_encrypt - -.globl bsaes_xts_decrypt -.type bsaes_xts_decrypt,\@abi-omnipotent -.align 16 -bsaes_xts_decrypt: -.cfi_startproc - mov %rsp, %rax -.Lxts_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull key2 - mov 0xa8(%rsp),$arg6 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lxts_dec_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - - lea ($arg6), $arg1 - lea 0x20(%rbp), $arg2 - lea ($arg5), $arg3 - call asm_AES_encrypt # generate initial tweak - - mov 240($key), %eax # rounds - mov $len, %rbx # backup $len - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp), %xmm7 # fix up round 0 key - movdqa %xmm6, (%rax) # save last round key - movdqa %xmm7, (%rsp) - - xor %eax, %eax # if ($len%16) len-=16; - and \$-16, $len - test \$15, %ebx - setnz %al - shl \$4, %rax - sub %rax, $len - - sub \$0x80, %rsp # place for tweak[8] - movdqa 0x20(%rbp), @XMM[7] # initial tweak - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - - sub \$0x80, $len - jc .Lxts_dec_short - jmp .Lxts_dec_loop - -.align 16 -.Lxts_dec_loop: -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqu 0x70($inp), @XMM[8+7] - lea 0x80($inp), $inp - movdqa @XMM[7], 0x70(%rsp) - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - pxor @XMM[8+7], @XMM[7] - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - pxor 0x60(%rsp), @XMM[3] - movdqu @XMM[7], 0x50($out) - pxor 0x70(%rsp), @XMM[5] - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - - movdqa 0x70(%rsp), @XMM[7] # prepare next iteration tweak - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] - - sub \$0x80,$len - jnc .Lxts_dec_loop - -.Lxts_dec_short: - add \$0x80, $len - jz .Lxts_dec_done -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] - cmp \$`0x10*$i`,$len - je .Lxts_dec_$i -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqa @XMM[7], 0x70(%rsp) - lea 0x70($inp), $inp - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - pxor 0x60(%rsp), @XMM[3] - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - lea 0x70($out), $out - - movdqa 0x70(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_6: - pxor @XMM[8+4], @XMM[4] - lea 0x60($inp), $inp - pxor @XMM[8+5], @XMM[5] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - lea 0x60($out), $out - - movdqa 0x60(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_5: - pxor @XMM[8+3], @XMM[3] - lea 0x50($inp), $inp - pxor @XMM[8+4], @XMM[4] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - lea 0x50($out), $out - - movdqa 0x50(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_4: - pxor @XMM[8+2], @XMM[2] - lea 0x40($inp), $inp - pxor @XMM[8+3], @XMM[3] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - lea 0x40($out), $out - - movdqa 0x40(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_3: - pxor @XMM[8+1], @XMM[1] - lea 0x30($inp), $inp - pxor @XMM[8+2], @XMM[2] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - lea 0x30($out), $out - - movdqa 0x30(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_2: - pxor @XMM[8+0], @XMM[0] - lea 0x20($inp), $inp - pxor @XMM[8+1], @XMM[1] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - lea 0x20($out), $out - - movdqa 0x20(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_1: - pxor @XMM[0], @XMM[8] - lea 0x10($inp), $inp - movdqa @XMM[8], 0x20(%rbp) - lea 0x20(%rbp), $arg1 - lea 0x20(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[0] # ^= tweak[] - #pxor @XMM[8], @XMM[0] - #lea 0x80(%rsp), %rax # pass key schedule - #mov %edx, %r10d # pass rounds - #call _bsaes_decrypt8 - #pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - movdqu @XMM[0], 0x00($out) # write output - lea 0x10($out), $out - - movdqa 0x10(%rsp), @XMM[7] # next iteration tweak - -.Lxts_dec_done: - and \$15, %ebx - jz .Lxts_dec_ret - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - movdqa @XMM[7], @XMM[6] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - movdqu ($inp), @XMM[0] - pxor $twres, @XMM[7] - - lea 0x20(%rbp), $arg1 - pxor @XMM[7], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[7] - mov $out, %rdx - movdqu @XMM[7], ($out) - -.Lxts_dec_steal: - movzb 16($inp), %eax - movzb (%rdx), %ecx - lea 1($inp), $inp - mov %al, (%rdx) - mov %cl, 16(%rdx) - lea 1(%rdx), %rdx - sub \$1,%ebx - jnz .Lxts_dec_steal - - movdqu ($out), @XMM[0] - lea 0x20(%rbp), $arg1 - pxor @XMM[6], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[6] - movdqu @XMM[6], ($out) - -.Lxts_dec_ret: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lxts_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lxts_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lxts_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lxts_dec_epilogue: - ret -.cfi_endproc -.size bsaes_xts_decrypt,.-bsaes_xts_decrypt -___ -} -$code.=<<___; -.type _bsaes_const,\@object -.align 64 -_bsaes_const: -.LM0ISR: # InvShiftRows constants - .quad 0x0a0e0206070b0f03, 0x0004080c0d010509 -.LISRM0: - .quad 0x01040b0e0205080f, 0x0306090c00070a0d -.LISR: - .quad 0x0504070602010003, 0x0f0e0d0c080b0a09 -.LBS0: # bit-slice constants - .quad 0x5555555555555555, 0x5555555555555555 -.LBS1: - .quad 0x3333333333333333, 0x3333333333333333 -.LBS2: - .quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f -.LSR: # shiftrows constants - .quad 0x0504070600030201, 0x0f0e0d0c0a09080b -.LSRM0: - .quad 0x0304090e00050a0f, 0x01060b0c0207080d -.LM0SR: - .quad 0x0a0e02060f03070b, 0x0004080c05090d01 -.LSWPUP: # byte-swap upper dword - .quad 0x0706050403020100, 0x0c0d0e0f0b0a0908 -.LSWPUPM0SR: - .quad 0x0a0d02060c03070b, 0x0004080f05090e01 -.LADD1: # counter increment constants - .quad 0x0000000000000000, 0x0000000100000000 -.LADD2: - .quad 0x0000000000000000, 0x0000000200000000 -.LADD3: - .quad 0x0000000000000000, 0x0000000300000000 -.LADD4: - .quad 0x0000000000000000, 0x0000000400000000 -.LADD5: - .quad 0x0000000000000000, 0x0000000500000000 -.LADD6: - .quad 0x0000000000000000, 0x0000000600000000 -.LADD7: - .quad 0x0000000000000000, 0x0000000700000000 -.LADD8: - .quad 0x0000000000000000, 0x0000000800000000 -.Lxts_magic: - .long 0x87,0,1,0 -.Lmasks: - .quad 0x0101010101010101, 0x0101010101010101 - .quad 0x0202020202020202, 0x0202020202020202 - .quad 0x0404040404040404, 0x0404040404040404 - .quad 0x0808080808080808, 0x0808080808080808 -.LM0: - .quad 0x02060a0e03070b0f, 0x0004080c0105090d -.L63: - .quad 0x6363636363636363, 0x6363636363636363 -.asciz "Bit-sliced AES for x86_64/SSSE3, Emilia K?sper, Peter Schwabe, Andy Polyakov" -.align 64 -.size _bsaes_const,.-_bsaes_const -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->Rip<=prologue label - jbe .Lin_prologue - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=tail label - jae .Lin_tail - - mov 160($context),%rax # pull context->Rbp - - lea 0x40(%rax),%rsi # %xmm save area - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - lea 0xa0+0x78(%rax),%rax # adjust stack pointer - -.Lin_tail: - mov -48(%rax),%rbp - mov -40(%rax),%rbx - mov -32(%rax),%r12 - mov -24(%rax),%r13 - mov -16(%rax),%r14 - mov -8(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov %rax,152($context) # restore context->Rsp - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 -___ -$code.=<<___ if ($ecb); - .rva .Lecb_enc_prologue - .rva .Lecb_enc_epilogue - .rva .Lecb_enc_info - - .rva .Lecb_dec_prologue - .rva .Lecb_dec_epilogue - .rva .Lecb_dec_info -___ -$code.=<<___; - .rva .Lcbc_dec_prologue - .rva .Lcbc_dec_epilogue - .rva .Lcbc_dec_info - - .rva .Lctr_enc_prologue - .rva .Lctr_enc_epilogue - .rva .Lctr_enc_info - - .rva .Lxts_enc_prologue - .rva .Lxts_enc_epilogue - .rva .Lxts_enc_info - - .rva .Lxts_dec_prologue - .rva .Lxts_dec_epilogue - .rva .Lxts_dec_info - -.section .xdata -.align 8 -___ -$code.=<<___ if ($ecb); -.Lecb_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lecb_enc_body,.Lecb_enc_epilogue # HandlerData[] - .rva .Lecb_enc_tail - .long 0 -.Lecb_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lecb_dec_body,.Lecb_dec_epilogue # HandlerData[] - .rva .Lecb_dec_tail - .long 0 -___ -$code.=<<___; -.Lcbc_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lcbc_dec_body,.Lcbc_dec_epilogue # HandlerData[] - .rva .Lcbc_dec_tail - .long 0 -.Lctr_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lctr_enc_body,.Lctr_enc_epilogue # HandlerData[] - .rva .Lctr_enc_tail - .long 0 -.Lxts_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[] - .rva .Lxts_enc_tail - .long 0 -.Lxts_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[] - .rva .Lxts_dec_tail - .long 0 -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 90a410b00d..1db346fc86 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter) # define HWAES_xts_decrypt aes_p8_xts_decrypt #endif -#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ +#if !defined(OPENSSL_NO_ASM) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ defined(__x86_64) || defined(__x86_64__) || \ From builds at travis-ci.org Sat Sep 7 08:46:05 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 07 Sep 2019 08:46:05 +0000 Subject: Still Failing: openssl/openssl#27979 (OpenSSL_1_1_1-stable - 87bea65) In-Reply-To: Message-ID: <5d736e4da92bc_43ffcee4175f02367ee@becb2af6-5dff-41a7-b629-21bb6ee59d9e.mail> Build Update for openssl/openssl ------------------------------------- Build: #27979 Status: Still Failing Duration: 16 mins and 52 secs Commit: 87bea65 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Remove x86/x86_64 BSAES and AES_ASM support This leaves VPAES and AESNI support. The VPAES performance is comparable but BSAES is not completely constant time. There are table lookups using secret key data in AES_set_encrypt/decrypt_key and in ctr mode short data uses the non-constant time AES_encrypt function instead of bit-slicing. Furthermore the AES_ASM is by far outperformed by recent GCC versions. Since BSAES calls back to AES_ASM for short data blocks the performance on those is also worse than the pure software implementaion. Fixes: #9640 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9675) View the changeset: https://github.com/openssl/openssl/compare/a6186f39802f...87bea6550ae0 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/581987755?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Sat Sep 7 09:50:23 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sat, 07 Sep 2019 09:50:23 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1567849823.695916.26841.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via c31be97c64ab61d44d80fccce4deff976d4f9bbb (commit) via 7c1709c2da5414f5b6133d00a03fc8c5bf996c7a (commit) from 207a56437916a715bcf6e299c868c75a17ad8fc0 (commit) - Log ----------------------------------------------------------------- commit c31be97c64ab61d44d80fccce4deff976d4f9bbb Author: Billy Brumley Date: Fri Sep 6 20:11:32 2019 +0300 [test/recipes/30-test_evp_data] computing ECC cofactors: regression test Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9795) commit 7c1709c2da5414f5b6133d00a03fc8c5bf996c7a Author: Billy Brumley Date: Fri Sep 6 19:34:53 2019 +0300 [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it The cofactor argument to EC_GROUP_set_generator is optional, and SCA mitigations for ECC currently use it. So the library currently falls back to very old SCA-vulnerable code if the cofactor is not present. This PR allows EC_GROUP_set_generator to compute the cofactor for all curves of cryptographic interest. Steering scalar multiplication to more SCA-robust code. This issue affects persisted private keys in explicit parameter form, where the (optional) cofactor field is zero or absent. It also affects curves not built-in to the library, but constructed programatically with explicit parameters, then calling EC_GROUP_set_generator with a nonsensical value (NULL, zero). The very old scalar multiplication code is known to be vulnerable to local uarch attacks, outside of the OpenSSL threat model. New results suggest the code path is also vulnerable to traditional wall clock timing attacks. CVE-2019-1547 Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9795) ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++- crypto/ec/ec_err.c | 1 + crypto/ec/ec_lib.c | 103 ++++++++++++++++++++++++++++-- include/openssl/ec.h | 1 + test/recipes/30-test_evp_data/evppkey.txt | 50 +++++++++++++++ 5 files changed, 155 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 2c89717497..1b6c1830e8 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.1.0k and 1.1.0l [xx XXX xxxx] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before + this change, EC_GROUP_set_generator would accept order and/or cofactor as + NULL. After this change, only the cofactor parameter can be NULL. It also + does some minimal sanity checks on the passed order. + (CVE-2019-1547) + [Billy Bob Brumley] + *) Use Windows installation paths in the mingw builds Mingw isn't a POSIX environment per se, which means that Windows @@ -16,7 +23,6 @@ (CVE-2019-1552) [Richard Levitte] - Changes between 1.1.0j and 1.1.0k [28 May 2019] *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024. diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index aeee2e8f4c..fe747d8cde 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -273,6 +273,7 @@ static ERR_STRING_DATA EC_str_reasons[] = { {ERR_REASON(EC_R_SLOT_FULL), "slot full"}, {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"}, {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"}, + {ERR_REASON(EC_R_UNKNOWN_COFACTOR), "unknown cofactor"}, {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"}, {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"}, {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"}, diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index a7be03b627..eaf44ccef9 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -257,6 +257,67 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth) return meth->field_type; } +/*- + * Try computing cofactor from the generator order (n) and field cardinality (q). + * This works for all curves of cryptographic interest. + * + * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q) + * h_min = (q + 1 - 2*sqrt(q))/n + * h_max = (q + 1 + 2*sqrt(q))/n + * h_max - h_min = 4*sqrt(q)/n + * So if n > 4*sqrt(q) holds, there is only one possible value for h: + * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil + * + * Otherwise, zero cofactor and return success. + */ +static int ec_guess_cofactor(EC_GROUP *group) { + int ret = 0; + BN_CTX *ctx = NULL; + BIGNUM *q = NULL; + + /*- + * If the cofactor is too large, we cannot guess it. + * The RHS of below is a strict overestimate of lg(4 * sqrt(q)) + */ + if (BN_num_bits(group->order) <= (BN_num_bits(group->field) + 1) / 2 + 3) { + /* default to 0 */ + BN_zero(group->cofactor); + /* return success */ + return 1; + } + + if ((ctx = BN_CTX_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; + + /* set q = 2**m for binary fields; q = p otherwise */ + if (group->meth->field_type == NID_X9_62_characteristic_two_field) { + BN_zero(q); + if (!BN_set_bit(q, BN_num_bits(group->field) - 1)) + goto err; + } else { + if (!BN_copy(q, group->field)) + goto err; + } + + /* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor */ + if (!BN_rshift1(group->cofactor, group->order) /* n/2 */ + || !BN_add(group->cofactor, group->cofactor, q) /* q + n/2 */ + /* q + 1 + n/2 */ + || !BN_add(group->cofactor, group->cofactor, BN_value_one()) + /* (q + 1 + n/2)/n */ + || !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx)) + goto err; + ret = 1; + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { @@ -265,6 +326,34 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, return 0; } + /* require group->field >= 1 */ + if (group->field == NULL || BN_is_zero(group->field) + || BN_is_negative(group->field)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD); + return 0; + } + + /*- + * - require order >= 1 + * - enforce upper bound due to Hasse thm: order can be no more than one bit + * longer than field cardinality + */ + if (order == NULL || BN_is_zero(order) || BN_is_negative(order) + || BN_num_bits(order) > BN_num_bits(group->field) + 1) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_GROUP_ORDER); + return 0; + } + + /*- + * Unfortunately the cofactor is an optional field in many standards. + * Internally, the lib uses 0 cofactor as a marker for "unknown cofactor". + * So accept cofactor == NULL or cofactor >= 0. + */ + if (cofactor != NULL && BN_is_negative(cofactor)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_UNKNOWN_COFACTOR); + return 0; + } + if (group->generator == NULL) { group->generator = EC_POINT_new(group); if (group->generator == NULL) @@ -273,17 +362,17 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, if (!EC_POINT_copy(group->generator, generator)) return 0; - if (order != NULL) { - if (!BN_copy(group->order, order)) - return 0; - } else - BN_zero(group->order); + if (!BN_copy(group->order, order)) + return 0; - if (cofactor != NULL) { + /* Either take the provided positive cofactor, or try to compute it */ + if (cofactor != NULL && !BN_is_zero(cofactor)) { if (!BN_copy(group->cofactor, cofactor)) return 0; - } else + } else if (!ec_guess_cofactor(group)) { BN_zero(group->cofactor); + return 0; + } /* * Some groups have an order with diff --git a/include/openssl/ec.h b/include/openssl/ec.h index bea6b8c372..c4aeaed5c1 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1568,6 +1568,7 @@ int ERR_load_EC_strings(void); # define EC_R_SLOT_FULL 108 # define EC_R_UNDEFINED_GENERATOR 113 # define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 # define EC_R_UNKNOWN_GROUP 129 # define EC_R_UNKNOWN_ORDER 114 # define EC_R_UNSUPPORTED_FIELD 131 diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index e0d8b4ff10..061ecb22ed 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -16147,3 +16147,53 @@ Result = KEYPAIR_MISMATCH PrivPubKeyPair = DSA-1024-BIS:DSA-1024-PUBLIC Result = KEYPAIR_MISMATCH +# Title=explicit parameters with no cofactor test + +PrivateKey=P256_explicit +-----BEGIN PRIVATE KEY----- +MIIBMAIBADCCAQAGByqGSM49AgEwgfQCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAA +AAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXY +qjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR +8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBo +N79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8YyVRBCcwJQIBAQQgya+p2EW6dRZr +XCFXZ7HWk05Qw9s26JsSe4piKxIPZyE= +-----END PRIVATE KEY----- + +PublicKey=P256_explicit_PUB +-----BEGIN PUBLIC KEY----- +MIIBSDCCAQAGByqGSM49AgEwgfQCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA +////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT +57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEs +Qkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R +9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8YyVRA0IABGD+1LolWp0xyWHrdMY1bWjA +SbiSO2H6bOZpYi5g8p+2eQP+EAi4vJmkGunpVii8ZPLxsgwtfp9Rd6PClNRGIpk= +-----END PUBLIC KEY----- + +PrivPubKeyPair=P256_explicit:P256_explicit_PUB + +PrivateKey=P384_explicit +-----BEGIN PRIVATE KEY----- +MIIBoQIBADCCAWEGByqGSM49AgEwggFUAgEBMDwGByqGSM49AQECMQD///////////////////// +/////////////////////v////8AAAAAAAAAAP////8wewQw//////////////////////////// +//////////////7/////AAAAAAAAAAD////8BDCzMS+n4j7n5JiOBWvj+C0ZGB2cbv6BQRIDFAiP +UBOHWsZWOY2KLtGdKoXI7dPsKu8DFQCjNZJqoxmieh0AiWpnc6SCes2scwRhBKqHyiK+iwU3jrHH +HvMgrXRuHTtii6ebmFn3QeCCVCo4VQLyXb9VKWw6VF44cnYKtzYX3kqWJixvXZ6Yv5KS3Cn49B29 +KJoUfOnaMRO18LjACmCxzh1+gZ16Qx18kOoOXwIxAP///////////////////////////////8dj +TYH0Ny3fWBoNskiwp3rs7BlqzMUpcwQ3MDUCAQEEMGudPa0uG4wcBbGYdbZln03iPDtme/KXupqk +d0B4cTfYltVyTkxwqCX4csnqYNLt9Q== +-----END PRIVATE KEY----- + +PublicKey=P384_explicit_PUB +-----BEGIN PUBLIC KEY----- +MIIByTCCAWEGByqGSM49AgEwggFUAgEBMDwGByqGSM49AQECMQD///////////////////////// +/////////////////v////8AAAAAAAAAAP////8wewQw//////////////////////////////// +//////////7/////AAAAAAAAAAD////8BDCzMS+n4j7n5JiOBWvj+C0ZGB2cbv6BQRIDFAiPUBOH +WsZWOY2KLtGdKoXI7dPsKu8DFQCjNZJqoxmieh0AiWpnc6SCes2scwRhBKqHyiK+iwU3jrHHHvMg +rXRuHTtii6ebmFn3QeCCVCo4VQLyXb9VKWw6VF44cnYKtzYX3kqWJixvXZ6Yv5KS3Cn49B29KJoU +fOnaMRO18LjACmCxzh1+gZ16Qx18kOoOXwIxAP///////////////////////////////8djTYH0 +Ny3fWBoNskiwp3rs7BlqzMUpcwNiAATsOk5BW04ZpFaGGAKfQn+l2pqLxK6S4C4GquUoazAMZN74 +8OqQVYZgZKJUUVSAvBOAFdm3LX1XJE6o75rAxiGJZwilk2f537n1TKhLPxydsSiLIxw64NT+c0T9 +JTMmRyA= +-----END PUBLIC KEY----- + +PrivPubKeyPair=P384_explicit:P384_explicit_PUB From nic.tuv at gmail.com Sat Sep 7 12:39:00 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sat, 07 Sep 2019 12:39:00 +0000 Subject: [openssl] master update Message-ID: <1567859940.466550.5673.nullmailer@dev.openssl.org> The branch master has been updated via a1a0e6f28580d6a79762188128e23cca559993a8 (commit) via 5041ea38c96c9c8d7fc207a7fd25969f167f0f76 (commit) from e97bab6929bbbc5b8364b25ca2ef4fcb02dd6e2a (commit) - Log ----------------------------------------------------------------- commit a1a0e6f28580d6a79762188128e23cca559993a8 Author: Billy Brumley Date: Fri Sep 6 17:26:40 2019 +0300 CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it This is a forward port from https://github.com/openssl/openssl/pull/9781 of the CHANGES entry for the functionality added in https://github.com/openssl/openssl/pull/9727 (cherry picked from commit 4b965086cb56c24cb5d2197fc04869b95f209a11) Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9797) commit 5041ea38c96c9c8d7fc207a7fd25969f167f0f76 Author: Billy Brumley Date: Fri Sep 6 17:26:08 2019 +0300 [test] computing ECC cofactors: regression test This is a forward port from https://github.com/openssl/openssl/pull/9781 for the test logic introduced by https://github.com/openssl/openssl/pull/9727 As @mattcaswell commented (https://github.com/openssl/openssl/pull/9781#discussion_r321621541): > These `TEST_true` calls should be `!TEST_false` because we are > *expecting* a failure. > The difference is that the test framework will print error details if > the test doesn't give the expected answer. > So by using `TEST_true` instead of `!TEST_false` we'll get error > details printed, but the test will succeed anyway. (cherry picked from commit e8aafc891d9bd7fa1cce0401d858ef842f09b49e) Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9797) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ test/ectest.c | 10 +++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 369b32756c..9599c64545 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before + this change, EC_GROUP_set_generator would accept order and/or cofactor as + NULL. After this change, only the cofactor parameter can be NULL. It also + does some minimal sanity checks on the passed order. + (CVE-2019-1547) + [Billy Bob Brumley] + *) Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. The RAND subsystem will wait for /dev/random to be producing output before seeding from /dev/urandom. diff --git a/test/ectest.c b/test/ectest.c index 2cbbd4e340..b51a3b1207 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1914,19 +1914,19 @@ static int cardinality_test(int n) /* negative test for invalid cofactor */ || !TEST_true(BN_set_word(g2_cf, 0)) || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) - || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf)) /* negative test for NULL order */ - || TEST_true(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL)) /* negative test for zero order */ || !TEST_true(BN_set_word(g1_order, 0)) - || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) /* negative test for negative order */ || !TEST_true(BN_set_word(g2_cf, 0)) || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one())) - || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)) /* negative test for too large order */ || !TEST_true(BN_lshift(g1_order, g1_p, 2)) - || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) + || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))) goto err; ret = 1; err: From nic.tuv at gmail.com Sat Sep 7 12:46:39 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sat, 07 Sep 2019 12:46:39 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567860399.657566.439.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 95803917ad1f4e719212cb59d44be2e547b6d8c8 (commit) from 87bea6550ae0dda7c40937cff2e86cc2b0b09491 (commit) - Log ----------------------------------------------------------------- commit 95803917ad1f4e719212cb59d44be2e547b6d8c8 Author: Nicola Tuveri Date: Sat Sep 7 12:10:24 2019 +0300 Append CVE-2019-1547 to related CHANGES entry This amends the entry added in a6186f39802f94937a46f7a41ef0c86b6334b592 with the relevant CVE. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9800) ----------------------------------------------------------------------- Summary of changes: CHANGES | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES b/CHANGES index d34bba83fe..1c8716074b 100644 --- a/CHANGES +++ b/CHANGES @@ -13,6 +13,7 @@ this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. It also does some minimal sanity checks on the passed order. + (CVE-2019-1547) [Billy Bob Brumley] *) Early start up entropy quality from the DEVRANDOM seed source has been From builds at travis-ci.org Sat Sep 7 13:00:10 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 07 Sep 2019 13:00:10 +0000 Subject: Failed: openssl/openssl#27986 (master - a1a0e6f) In-Reply-To: Message-ID: <5d73a9da79a8e_43f942cd4dd9811792@21b50513-c52c-4673-b4e9-715730783089.mail> Build Update for openssl/openssl ------------------------------------- Build: #27986 Status: Failed Duration: 20 mins and 26 secs Commit: a1a0e6f (master) Author: Billy Brumley Message: CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it This is a forward port from https://github.com/openssl/openssl/pull/9781 of the CHANGES entry for the functionality added in https://github.com/openssl/openssl/pull/9727 (cherry picked from commit 4b965086cb56c24cb5d2197fc04869b95f209a11) Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9797) View the changeset: https://github.com/openssl/openssl/compare/e97bab6929bb...a1a0e6f28580 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582037956?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sat Sep 7 13:15:27 2019 From: builds at travis-ci.org (Travis CI) Date: Sat, 07 Sep 2019 13:15:27 +0000 Subject: Still Failing: openssl/openssl#27988 (OpenSSL_1_1_1-stable - 9580391) In-Reply-To: Message-ID: <5d73ad6f78958_43fc62e5182d445128@1f5dbae4-2df4-4592-a243-d1000230deaa.mail> Build Update for openssl/openssl ------------------------------------- Build: #27988 Status: Still Failing Duration: 18 mins and 0 secs Commit: 9580391 (OpenSSL_1_1_1-stable) Author: Nicola Tuveri Message: Append CVE-2019-1547 to related CHANGES entry This amends the entry added in a6186f39802f94937a46f7a41ef0c86b6334b592 with the relevant CVE. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9800) View the changeset: https://github.com/openssl/openssl/compare/87bea6550ae0...95803917ad1f View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582039400?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Sep 7 13:43:19 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 07 Sep 2019 13:43:19 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.27414 Message-ID: <20190907134319.1.6727F80994212372@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Sep 7 14:26:34 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 07 Sep 2019 14:26:34 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.27415 Message-ID: <20190907142634.1.71DA1753EBC506E7@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Sep 7 21:34:24 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 07 Sep 2019 21:34:24 +0000 Subject: Build failed: openssl OpenSSL_1_1_1-stable.27419 Message-ID: <20190907213424.1.E252771336F6EDFE@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Sep 8 07:45:23 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 08 Sep 2019 07:45:23 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5d74b193762eb_2c142ae0c3490f4c877ed@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEvyxzJHSwEoiXkZglM3WeHA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3IcRmpgxfj2ZOPNEfzq323kScWJagCFapR-2F0zyvNRTS8YroXd-2F5azslE911BlHt0QigaZYMB0jRzbAH6yLu3Mzcnqpfvm8ZfJxu-2BzNumtuW5tAH22dsCUaSvn-2FAk4eEyF-2BIPpwgfyrTUJve1L0A5dx6WE9Gr0GMJqGtEOw0MhAGRuNAKn9n4ZQOkYRiH1JG-2Fw-3D Build ID: 271845 Analysis Summary: New defects found: 14 Defects eliminated: 4 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6zzUI-2FRfbrE6mNOeeukHUQw-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3IcRmpgxfj2ZOPNEfzq323kScWJagCFapR-2F0zyvNRTS0ex25o8kA-2BGmPHrr6WQyNx8FGrHMmL8BKyUR5OSOH48frbLDlIMvtFneYPJh0ieBD7PoMfMeYVntS-2BGowN8JS28LKdDL4Sx-2BPCNgHwF-2BZJtPoR2BdWI2GmAepe3s3TQLgcqeCJxGlpWS06RRAja45g-3D From scan-admin at coverity.com Sun Sep 8 07:50:09 2019 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 08 Sep 2019 07:50:09 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5d74b2b166be5_2f822ae0c3490f4c877c8@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEOo3rtGjiQZqYPGgcjfkiXQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I25DevWS1QsKCJFv0c28MOm0byaDhqb8SA1L7m5G3PmoXKDofGtBKwWasvMaPiLM3I0frzXIrj6y6Qnc39josEIhwj6JLKBiDVjh-2FPwtuyWM5kXWbEvDdQXnpX-2B2Te7tYF-2Fxt2SPDrFEkOB4CEDb-2FmDMqRcFr5zVOPE7rV4P3EzCkz8Xso1AI3IpQ0NI6JHOLs-3D Build ID: 271847 Analysis Summary: New defects found: 0 Defects eliminated: 0 From matthias.st.pierre at ncp-e.com Sun Sep 8 08:55:08 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 08 Sep 2019 08:55:08 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1567932908.458810.9414.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 6a7bad0fd7a2125d075e459b33145d4ce5ee0de9 (commit) from 920e37e3a7d6bb935dba446eb80cacb4c34e7488 (commit) - Log ----------------------------------------------------------------- commit 6a7bad0fd7a2125d075e459b33145d4ce5ee0de9 Author: Dr. Matthias St. Pierre Date: Tue Jul 23 20:18:43 2019 +0200 Configure: clang: add -Wno-unknown-warning-option Fixes travis build errors due to clang error: unknown warning option '-Wno-extended-offsetof' It seems like '-Wextended-offsetof' was removed from clang in version 6.0.0, (see [1], [2]). While gcc ignores unknown options of the type '-Wno-xxx', clang by default issues a warning [-Wunknown-warning-option] (see [3]), which together with '-Werror' causes the build to fail. This commit adds the '-Wno-unknown-warning-option' option to make clang behave more relaxed like gcc. [1] https://reviews.llvm.org/D40267 [2] https://github.com/llvm/llvm-project/commit/52a3ca9e2909 [3] https://clang.llvm.org/docs/DiagnosticsReference.html#wunknown-warning-option [extended tests] Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9446) ----------------------------------------------------------------------- Summary of changes: Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 3846c9133a..494e0b3d24 100755 --- a/Configure +++ b/Configure @@ -118,7 +118,7 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare # -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token # -Wextended-offsetof -my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; +my $clang_disabled_warnings = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the @@ -128,7 +128,7 @@ my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initiali # -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token # -Wextended-offsetof -my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; +my $clang_devteam_warn = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; # Warn that "make depend" should be run? my $warn_make_depend = 0; From matthias.st.pierre at ncp-e.com Sun Sep 8 08:57:39 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 08 Sep 2019 08:57:39 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1567933059.860655.10416.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via d374a61bb702a8ae13699dfbdcbd819c78095cd5 (commit) from c31be97c64ab61d44d80fccce4deff976d4f9bbb (commit) - Log ----------------------------------------------------------------- commit d374a61bb702a8ae13699dfbdcbd819c78095cd5 Author: Dr. Matthias St. Pierre Date: Tue Jul 23 20:54:03 2019 +0200 Configure: clang: add -Wno-unknown-warning-option Fixes travis build errors due to clang error: unknown warning option '-Wno-extended-offsetof' It seems like '-Wextended-offsetof' was removed from clang in version 6.0.0, (see [1], [2]). While gcc ignores unknown options of the type '-Wno-xxx', clang by default issues a warning [-Wunknown-warning-option] (see [3]), which together with '-Werror' causes the build to fail. This commit adds the '-Wno-unknown-warning-option' option to make clang behave more relaxed like gcc. [1] https://reviews.llvm.org/D40267 [2] https://github.com/llvm/llvm-project/commit/52a3ca9e2909 [3] https://clang.llvm.org/docs/DiagnosticsReference.html#wunknown-warning-option [extended tests] Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9804) ----------------------------------------------------------------------- Summary of changes: Configure | 1 + 1 file changed, 1 insertion(+) diff --git a/Configure b/Configure index a1ce65239e..cf5a8bec59 100755 --- a/Configure +++ b/Configure @@ -142,6 +142,7 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code my $clang_devteam_warn = "" + . " -Wno-unknown-warning-option" . " -Qunused-arguments" . " -Wno-language-extension-token" . " -Wno-extended-offsetof" From matthias.st.pierre at ncp-e.com Sun Sep 8 09:01:01 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 08 Sep 2019 09:01:01 +0000 Subject: [openssl] master update Message-ID: <1567933261.822552.11548.nullmailer@dev.openssl.org> The branch master has been updated via 03e5668343078b963cc6544ad7270743de13e514 (commit) from a1a0e6f28580d6a79762188128e23cca559993a8 (commit) - Log ----------------------------------------------------------------- commit 03e5668343078b963cc6544ad7270743de13e514 Author: Dr. Matthias St. Pierre Date: Tue Jul 23 20:54:03 2019 +0200 Configure: clang: move -Wno-unknown-warning-option to the front While gcc ignores unknown options of the type '-Wno-xxx', clang by default issues a warning [-Wunknown-warning-option] (see [3]), which together with '-Werror' causes the build to fail. This turned out to be a problem on the 1.0.2 stable branch in the case of the '-Wextended-offsetof' option, which was removed in version 6.0.0, but needs to be kept here in order to support older clang versions, too (see #9446). Incidentally, master and 1.1.1 branch already contained the -Wno-unknown-warning-option option. Due to its special role and its importance, this commit adds an explaining commit message and moves the option to the front. [extended tests] Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9447) ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 21bd348d52..a5b56a0d20 100755 --- a/Configure +++ b/Configure @@ -144,13 +144,13 @@ my @gcc_devteam_warn = qw( # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code my @clang_devteam_warn = qw( + -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers - -Wno-unknown-warning-option -Wmissing-variable-declarations ); From matthias.st.pierre at ncp-e.com Sun Sep 8 09:02:43 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 08 Sep 2019 09:02:43 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1567933363.092323.13501.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ad9c296c529d3eba67a51118c8e5d875d17f6d07 (commit) from 95803917ad1f4e719212cb59d44be2e547b6d8c8 (commit) - Log ----------------------------------------------------------------- commit ad9c296c529d3eba67a51118c8e5d875d17f6d07 Author: Dr. Matthias St. Pierre Date: Tue Jul 23 20:54:03 2019 +0200 Configure: clang: move -Wno-unknown-warning-option to the front While gcc ignores unknown options of the type '-Wno-xxx', clang by default issues a warning [-Wunknown-warning-option] (see [3]), which together with '-Werror' causes the build to fail. This turned out to be a problem on the 1.0.2 stable branch in the case of the '-Wextended-offsetof' option, which was removed in version 6.0.0, but needs to be kept here in order to support older clang versions, too (see #9446). Incidentally, master and 1.1.1 branch already contained the -Wno-unknown-warning-option option. Due to its special role and its importance, this commit adds an explaining commit message and moves the option to the front. [extended tests] Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9447) (cherry picked from commit 03e5668343078b963cc6544ad7270743de13e514) ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 8f41096c18..5a699836f3 100755 --- a/Configure +++ b/Configure @@ -142,13 +142,13 @@ my @gcc_devteam_warn = qw( # -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc # -Wextended-offsetof -- no, needed in CMS ASN1 code my @clang_devteam_warn = qw( + -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers - -Wno-unknown-warning-option -Wmissing-variable-declarations ); From builds at travis-ci.org Sun Sep 8 09:28:12 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 08 Sep 2019 09:28:12 +0000 Subject: Still Failing: openssl/openssl#28009 (master - 03e5668) In-Reply-To: Message-ID: <5d74c9ac185e4_43fd79cab22602093a5@f6b95167-1a32-4910-a0c9-85ecead87ebf.mail> Build Update for openssl/openssl ------------------------------------- Build: #28009 Status: Still Failing Duration: 25 mins and 21 secs Commit: 03e5668 (master) Author: Dr. Matthias St. Pierre Message: Configure: clang: move -Wno-unknown-warning-option to the front While gcc ignores unknown options of the type '-Wno-xxx', clang by default issues a warning [-Wunknown-warning-option] (see [3]), which together with '-Werror' causes the build to fail. This turned out to be a problem on the 1.0.2 stable branch in the case of the '-Wextended-offsetof' option, which was removed in version 6.0.0, but needs to be kept here in order to support older clang versions, too (see #9446). Incidentally, master and 1.1.1 branch already contained the -Wno-unknown-warning-option option. Due to its special role and its importance, this commit adds an explaining commit message and moves the option to the front. [extended tests] Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9447) View the changeset: https://github.com/openssl/openssl/compare/a1a0e6f28580...03e566834307 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582268784?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Sun Sep 8 09:37:33 2019 From: builds at travis-ci.org (Travis CI) Date: Sun, 08 Sep 2019 09:37:33 +0000 Subject: Still Failing: openssl/openssl#28010 (OpenSSL_1_1_1-stable - ad9c296) In-Reply-To: Message-ID: <5d74cbdcd4b7e_43fb9b17db7ac1876bc@eeb6dfc4-8c9f-42db-b069-562ea8e8ec6e.mail> Build Update for openssl/openssl ------------------------------------- Build: #28010 Status: Still Failing Duration: 24 mins and 23 secs Commit: ad9c296 (OpenSSL_1_1_1-stable) Author: Dr. Matthias St. Pierre Message: Configure: clang: move -Wno-unknown-warning-option to the front While gcc ignores unknown options of the type '-Wno-xxx', clang by default issues a warning [-Wunknown-warning-option] (see [3]), which together with '-Werror' causes the build to fail. This turned out to be a problem on the 1.0.2 stable branch in the case of the '-Wextended-offsetof' option, which was removed in version 6.0.0, but needs to be kept here in order to support older clang versions, too (see #9446). Incidentally, master and 1.1.1 branch already contained the -Wno-unknown-warning-option option. Due to its special role and its importance, this commit adds an explaining commit message and moves the option to the front. [extended tests] Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9447) (cherry picked from commit 03e5668343078b963cc6544ad7270743de13e514) View the changeset: https://github.com/openssl/openssl/compare/95803917ad1f...ad9c296c529d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582269016?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Sep 8 13:30:09 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 08 Sep 2019 13:30:09 +0000 Subject: Build failed: openssl master.27440 Message-ID: <20190908133009.1.13CAF173E649C300@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Sep 8 13:51:02 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 08 Sep 2019 13:51:02 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.27441 Message-ID: <20190908135102.1.EEC6E49A70F6A665@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Sep 8 22:38:34 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 08 Sep 2019 22:38:34 +0000 Subject: Build failed: openssl master.27444 Message-ID: <20190908223834.1.6ACFFE1AE6EF4B67@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sun Sep 8 23:00:19 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 08 Sep 2019 23:00:19 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1567983619.751059.9541.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 03e5668343 Configure: clang: move -Wno-unknown-warning-option to the front a1a0e6f285 CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it 5041ea38c9 [test] computing ECC cofactors: regression test e97bab6929 Use common digest getter for X942 KDF a1de4680fb Use common digest getter for SSH KDF 0f0db4dc25 Use common digest getter for TLS1 PRF 7e149b3928 Use common digest getter for single step KDF e957226a0c Use common digest getter for PBKDF2 86f17ed64c Use common digest getter for HKDF cb74317b4f Use common define for properties, engine, cipher and digest params c69561de00 Add 'engine' param to KDFs 96d7e2733e KMAC using common digest get code 103d8b0be4 HMAC using common digest get code 76497acf52 GMAC using common cipher get code 1dcc7ee6cf CMAC using common cipher get code 2f17cc493c Unify the digest getting code inside providers. 4fe2ee3a44 [ec/ecp_nistp*.c] restyle: use {} around `else` too e0b660c27d [ec/ecp_nistp*.c] remove flip_endian() 1b338abe3a Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations 8b44198b91 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME 805315d3a2 Fix a SCA leak using BN_bn2bin() 31ca19403d Fix a SCA leak in BN_generate_dsa_nonce d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. c7bfb138ac libcrypto.num entries for KDFs ad1700c706 Move OSSL_OP_KDF into its rightful place amongst the other OSSL_OP_ definitions d4496dc129 Remove reference to legacy aliases for MAC and KDF f575bd2af7 Clear collected_seed after freeing it 232ac89ce2 Lowercase command line 'N' argument since params have lower case names 65ce7e6553 Update KDF documentation (section 3) b4dca02940 Update KDF documentation (section 1) ccd7115a41 Update KDF documentation (section 7) 53598b2298 Deal with BUF_MEM_grow ambiguity ea643c959f crypto/evp/pkey_kdf.c: further special treatment of "seed" and "info" ff756eedb3 More KDF cleanup b1f1512993 PBKDF2 implementation: refactor to avoid memleak df2f8af4cb Fix memleaks in KDF implementations a941920514 crypto/evp/pkey_kdf.c: Redo parameter processing 6d1c31540f crypto/evp/kdf_meth.c: Add the reset function to the method 1f9eac279b Update private.num for KDFs/PRFs 185ce3d93e ossl_provider_library_context(NULL) returns NULL. 9d8e1569aa Params from text to allow zero length value fields d6c5d7f3de Update EVP test data for KDFs and PRFs. 59cba5ac85 KDF error codes reworked a308acb2c2 Cleanse KDF missing crypto files fe6ec26b20 Cleanse KDF error files 37ed621071 Cleanse crypto/kdf directory fb9e6dd6f8 KDF/PRF updates to libcrypto 55accfd2f1 App updates for KDF provider conversion. f05b53a368 KDF provider conversion error updates - generated 2f7557016c KDF additons to names and numbers bf5739a026 Test updates in light of the KDF switchover 492939e5ef Documentation updates in light of the KDF conversion e3405a4a9a Add KDFs to providers 7707526b8d Fix users of KDFs to use params not ctls b50ca330cb Remove old KDF initialisation ce3b1bb481 Fix TLS/SSL PRF usages. 5eb43d382b Move KDFs to the provider. dc5bcb88d8 Teach TLSProxy how to parse CertificateRequest messages debb64a0ca Don't send a status_request extension in a CertificateRequest message Build log ended with (last 100 lines): ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 7 Non-zero exit status: 1 ../../openssl/test/recipes/30-test_evp_extra.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 ../../openssl/test/recipes/30-test_pkey_meth_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=176, Tests=1462, 657 wallclock secs ( 1.12 usr 0.43 sys + 583.94 cusr 71.42 csys = 656.91 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Sun Sep 8 23:04:03 2019 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 08 Sep 2019 23:04:03 +0000 Subject: Build completed: openssl master.27445 Message-ID: <20190908230403.1.FFE972AFDC6B1D63@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Sep 9 02:02:17 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 02:02:17 +0000 Subject: Build failed: openssl OpenSSL_1_0_2-stable.27453 Message-ID: <20190909020217.1.36D509528F469D32@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Sep 9 02:28:07 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 02:28:07 +0000 Subject: Build completed: openssl master.27454 Message-ID: <20190909022807.1.A41E460C350CB4C7@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Sep 9 03:43:05 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 09 Sep 2019 03:43:05 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1568000585.145064.14898.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 03e5668343 Configure: clang: move -Wno-unknown-warning-option to the front a1a0e6f285 CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it 5041ea38c9 [test] computing ECC cofactors: regression test e97bab6929 Use common digest getter for X942 KDF a1de4680fb Use common digest getter for SSH KDF 0f0db4dc25 Use common digest getter for TLS1 PRF 7e149b3928 Use common digest getter for single step KDF e957226a0c Use common digest getter for PBKDF2 86f17ed64c Use common digest getter for HKDF cb74317b4f Use common define for properties, engine, cipher and digest params c69561de00 Add 'engine' param to KDFs 96d7e2733e KMAC using common digest get code 103d8b0be4 HMAC using common digest get code 76497acf52 GMAC using common cipher get code 1dcc7ee6cf CMAC using common cipher get code 2f17cc493c Unify the digest getting code inside providers. 4fe2ee3a44 [ec/ecp_nistp*.c] restyle: use {} around `else` too e0b660c27d [ec/ecp_nistp*.c] remove flip_endian() 1b338abe3a Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations 8b44198b91 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME 805315d3a2 Fix a SCA leak using BN_bn2bin() 31ca19403d Fix a SCA leak in BN_generate_dsa_nonce d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. c7bfb138ac libcrypto.num entries for KDFs ad1700c706 Move OSSL_OP_KDF into its rightful place amongst the other OSSL_OP_ definitions d4496dc129 Remove reference to legacy aliases for MAC and KDF f575bd2af7 Clear collected_seed after freeing it 232ac89ce2 Lowercase command line 'N' argument since params have lower case names 65ce7e6553 Update KDF documentation (section 3) b4dca02940 Update KDF documentation (section 1) ccd7115a41 Update KDF documentation (section 7) 53598b2298 Deal with BUF_MEM_grow ambiguity ea643c959f crypto/evp/pkey_kdf.c: further special treatment of "seed" and "info" ff756eedb3 More KDF cleanup b1f1512993 PBKDF2 implementation: refactor to avoid memleak df2f8af4cb Fix memleaks in KDF implementations a941920514 crypto/evp/pkey_kdf.c: Redo parameter processing 6d1c31540f crypto/evp/kdf_meth.c: Add the reset function to the method 1f9eac279b Update private.num for KDFs/PRFs 185ce3d93e ossl_provider_library_context(NULL) returns NULL. 9d8e1569aa Params from text to allow zero length value fields d6c5d7f3de Update EVP test data for KDFs and PRFs. 59cba5ac85 KDF error codes reworked a308acb2c2 Cleanse KDF missing crypto files fe6ec26b20 Cleanse KDF error files 37ed621071 Cleanse crypto/kdf directory fb9e6dd6f8 KDF/PRF updates to libcrypto 55accfd2f1 App updates for KDF provider conversion. f05b53a368 KDF provider conversion error updates - generated 2f7557016c KDF additons to names and numbers bf5739a026 Test updates in light of the KDF switchover 492939e5ef Documentation updates in light of the KDF conversion e3405a4a9a Add KDFs to providers 7707526b8d Fix users of KDFs to use params not ctls b50ca330cb Remove old KDF initialisation ce3b1bb481 Fix TLS/SSL PRF usages. 5eb43d382b Move KDFs to the provider. dc5bcb88d8 Teach TLSProxy how to parse CertificateRequest messages debb64a0ca Don't send a status_request extension in a CertificateRequest message Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_crld.d.tmp -MT crypto/x509/libcrypto-lib-v3_crld.o -c -o crypto/x509/libcrypto-lib-v3_crld.o ../openssl/crypto/x509/v3_crld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509/libcrypto-lib-v3_enum.o -c -o crypto/x509/libcrypto-lib-v3_enum.o ../openssl/crypto/x509/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509/libcrypto-lib-v3_extku.o -c -o crypto/x509/libcrypto-lib-v3_extku.o ../openssl/crypto/x509/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509/libcrypto-lib-v3_genn.o -c -o crypto/x509/libcrypto-lib-v3_genn.o ../openssl/crypto/x509/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509/libcrypto-lib-v3_ia5.o -c -o crypto/x509/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_info.d.tmp -MT crypto/x509/libcrypto-lib-v3_info.o -c -o crypto/x509/libcrypto-lib-v3_info.o ../openssl/crypto/x509/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_int.d.tmp -MT crypto/x509/libcrypto-lib-v3_int.o -c -o crypto/x509/libcrypto-lib-v3_int.o ../openssl/crypto/x509/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509/libcrypto-lib-v3_lib.o -c -o crypto/x509/libcrypto-lib-v3_lib.o ../openssl/crypto/x509/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509/libcrypto-lib-v3_ncons.o -c -o crypto/x509/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509/libcrypto-lib-v3_pci.o -c -o crypto/x509/libcrypto-lib-v3_pci.o ../openssl/crypto/x509/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcia.o -c -o crypto/x509/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcons.o -c -o crypto/x509/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509/libcrypto-lib-v3_pku.o -c -o crypto/x509/libcrypto-lib-v3_pku.o ../openssl/crypto/x509/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-cmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-cmac_prov.o -c -o providers/common/macs/libcrypto-lib-cmac_prov.o ../openssl/providers/common/macs/cmac_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-gmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-gmac_prov.o -c -o providers/common/macs/libcrypto-lib-gmac_prov.o ../openssl/providers/common/macs/gmac_prov.c ../openssl/providers/common/provider_util.c:52:9: error: implicit declaration of function 'ENGINE_finish' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ENGINE_finish(*engine); ^ ../openssl/providers/common/provider_util.c:52:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:19: error: implicit declaration of function 'ENGINE_by_id' is invalid in C99 [-Werror,-Wimplicit-function-declaration] *engine = ENGINE_by_id(p->data); ^ clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-hmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-hmac_prov.o -c -o providers/common/macs/libcrypto-lib-hmac_prov.o ../openssl/providers/common/macs/hmac_prov.c ../openssl/providers/common/provider_util.c:53:19: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:17: error: incompatible integer to pointer conversion assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int' [-Werror,-Wint-conversion] *engine = ENGINE_by_id(p->data); ^ ~~~~~~~~~~~~~~~~~~~~~ 5 errors generated. Makefile:12245: recipe for target 'providers/common/libcrypto-lib-provider_util.o' failed make[1]: *** [providers/common/libcrypto-lib-provider_util.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-engine' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Mon Sep 9 03:44:00 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 09 Sep 2019 03:44:00 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine no-shared Message-ID: <1568000640.502911.20101.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine no-shared Commit log since last time: 03e5668343 Configure: clang: move -Wno-unknown-warning-option to the front a1a0e6f285 CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it 5041ea38c9 [test] computing ECC cofactors: regression test e97bab6929 Use common digest getter for X942 KDF a1de4680fb Use common digest getter for SSH KDF 0f0db4dc25 Use common digest getter for TLS1 PRF 7e149b3928 Use common digest getter for single step KDF e957226a0c Use common digest getter for PBKDF2 86f17ed64c Use common digest getter for HKDF cb74317b4f Use common define for properties, engine, cipher and digest params c69561de00 Add 'engine' param to KDFs 96d7e2733e KMAC using common digest get code 103d8b0be4 HMAC using common digest get code 76497acf52 GMAC using common cipher get code 1dcc7ee6cf CMAC using common cipher get code 2f17cc493c Unify the digest getting code inside providers. 4fe2ee3a44 [ec/ecp_nistp*.c] restyle: use {} around `else` too e0b660c27d [ec/ecp_nistp*.c] remove flip_endian() 1b338abe3a Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations 8b44198b91 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME 805315d3a2 Fix a SCA leak using BN_bn2bin() 31ca19403d Fix a SCA leak in BN_generate_dsa_nonce d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. c7bfb138ac libcrypto.num entries for KDFs ad1700c706 Move OSSL_OP_KDF into its rightful place amongst the other OSSL_OP_ definitions d4496dc129 Remove reference to legacy aliases for MAC and KDF f575bd2af7 Clear collected_seed after freeing it 232ac89ce2 Lowercase command line 'N' argument since params have lower case names 65ce7e6553 Update KDF documentation (section 3) b4dca02940 Update KDF documentation (section 1) ccd7115a41 Update KDF documentation (section 7) 53598b2298 Deal with BUF_MEM_grow ambiguity ea643c959f crypto/evp/pkey_kdf.c: further special treatment of "seed" and "info" ff756eedb3 More KDF cleanup b1f1512993 PBKDF2 implementation: refactor to avoid memleak df2f8af4cb Fix memleaks in KDF implementations a941920514 crypto/evp/pkey_kdf.c: Redo parameter processing 6d1c31540f crypto/evp/kdf_meth.c: Add the reset function to the method 1f9eac279b Update private.num for KDFs/PRFs 185ce3d93e ossl_provider_library_context(NULL) returns NULL. 9d8e1569aa Params from text to allow zero length value fields d6c5d7f3de Update EVP test data for KDFs and PRFs. 59cba5ac85 KDF error codes reworked a308acb2c2 Cleanse KDF missing crypto files fe6ec26b20 Cleanse KDF error files 37ed621071 Cleanse crypto/kdf directory fb9e6dd6f8 KDF/PRF updates to libcrypto 55accfd2f1 App updates for KDF provider conversion. f05b53a368 KDF provider conversion error updates - generated 2f7557016c KDF additons to names and numbers bf5739a026 Test updates in light of the KDF switchover 492939e5ef Documentation updates in light of the KDF conversion e3405a4a9a Add KDFs to providers 7707526b8d Fix users of KDFs to use params not ctls b50ca330cb Remove old KDF initialisation ce3b1bb481 Fix TLS/SSL PRF usages. 5eb43d382b Move KDFs to the provider. dc5bcb88d8 Teach TLSProxy how to parse CertificateRequest messages debb64a0ca Don't send a status_request extension in a CertificateRequest message Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_conf.d.tmp -MT crypto/x509/libcrypto-lib-v3_conf.o -c -o crypto/x509/libcrypto-lib-v3_conf.o ../openssl/crypto/x509/v3_conf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_cpols.d.tmp -MT crypto/x509/libcrypto-lib-v3_cpols.o -c -o crypto/x509/libcrypto-lib-v3_cpols.o ../openssl/crypto/x509/v3_cpols.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_crld.d.tmp -MT crypto/x509/libcrypto-lib-v3_crld.o -c -o crypto/x509/libcrypto-lib-v3_crld.o ../openssl/crypto/x509/v3_crld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509/libcrypto-lib-v3_enum.o -c -o crypto/x509/libcrypto-lib-v3_enum.o ../openssl/crypto/x509/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509/libcrypto-lib-v3_extku.o -c -o crypto/x509/libcrypto-lib-v3_extku.o ../openssl/crypto/x509/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509/libcrypto-lib-v3_genn.o -c -o crypto/x509/libcrypto-lib-v3_genn.o ../openssl/crypto/x509/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509/libcrypto-lib-v3_ia5.o -c -o crypto/x509/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_info.d.tmp -MT crypto/x509/libcrypto-lib-v3_info.o -c -o crypto/x509/libcrypto-lib-v3_info.o ../openssl/crypto/x509/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_int.d.tmp -MT crypto/x509/libcrypto-lib-v3_int.o -c -o crypto/x509/libcrypto-lib-v3_int.o ../openssl/crypto/x509/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509/libcrypto-lib-v3_lib.o -c -o crypto/x509/libcrypto-lib-v3_lib.o ../openssl/crypto/x509/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509/libcrypto-lib-v3_ncons.o -c -o crypto/x509/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509/libcrypto-lib-v3_pci.o -c -o crypto/x509/libcrypto-lib-v3_pci.o ../openssl/crypto/x509/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcia.o -c -o crypto/x509/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcons.o -c -o crypto/x509/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509/libcrypto-lib-v3_pku.o -c -o crypto/x509/libcrypto-lib-v3_pku.o ../openssl/crypto/x509/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-cmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-cmac_prov.o -c -o providers/common/macs/libcrypto-lib-cmac_prov.o ../openssl/providers/common/macs/cmac_prov.c ../openssl/providers/common/provider_util.c:52:9: error: implicit declaration of function 'ENGINE_finish' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ENGINE_finish(*engine); ^ ../openssl/providers/common/provider_util.c:52:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:19: error: implicit declaration of function 'ENGINE_by_id' is invalid in C99 [-Werror,-Wimplicit-function-declaration] *engine = ENGINE_by_id(p->data); ^ ../openssl/providers/common/provider_util.c:53:19: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:17: error: incompatible integer to pointer conversion assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int' [-Werror,-Wint-conversion] *engine = ENGINE_by_id(p->data); ^ ~~~~~~~~~~~~~~~~~~~~~ 5 errors generated. Makefile:6447: recipe for target 'providers/common/libcrypto-lib-provider_util.o' failed make[1]: *** [providers/common/libcrypto-lib-provider_util.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-engine_no-shared' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Mon Sep 9 06:52:09 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 06:52:09 +0000 Subject: Build failed: openssl master.27465 Message-ID: <20190909065209.1.9696AA43A9EF4EFD@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Sep 9 07:19:49 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Sep 2019 07:19:49 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568013589.544740.11564.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via adaebd81a01e2926a3106feec0476db7c8d7b362 (commit) from 6a7bad0fd7a2125d075e459b33145d4ce5ee0de9 (commit) - Log ----------------------------------------------------------------- commit adaebd81a01e2926a3106feec0476db7c8d7b362 Author: Cesar Pereida Garcia Date: Thu Sep 5 17:47:40 2019 +0300 [crypto/rsa] Fix multiple SCA vulnerabilities during RSA key validation. This commit addresses multiple side-channel vulnerabilities present during RSA key validation. Private key parameters are re-computed using variable-time functions. This issue was discovered and reported by the NISEC group at TAU Finland. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9785) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_chk.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 475dfc5628..3ea4e02974 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -63,6 +63,10 @@ int RSA_check_key(const RSA *key) return 0; } + /* Set consant-time flag on private parameters */ + BN_set_flags(key->p, BN_FLG_CONSTTIME); + BN_set_flags(key->q, BN_FLG_CONSTTIME); + BN_set_flags(key->d, BN_FLG_CONSTTIME); i = BN_new(); j = BN_new(); k = BN_new(); @@ -141,6 +145,10 @@ int RSA_check_key(const RSA *key) } if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { + /* Set consant-time flag on CRT parameters */ + BN_set_flags(key->dmp1, BN_FLG_CONSTTIME); + BN_set_flags(key->dmq1, BN_FLG_CONSTTIME); + BN_set_flags(key->iqmp, BN_FLG_CONSTTIME); /* dmp1 = d mod (p-1)? */ if (!BN_sub(i, key->p, BN_value_one())) { ret = -1; From matt at openssl.org Mon Sep 9 07:37:31 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Sep 2019 07:37:31 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568014651.478179.14329.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 21c856b75d81eff61aa63b4f036bb64a85bf6d46 (commit) from adaebd81a01e2926a3106feec0476db7c8d7b362 (commit) - Log ----------------------------------------------------------------- commit 21c856b75d81eff61aa63b4f036bb64a85bf6d46 Author: Billy Brumley Date: Sat Sep 7 10:50:58 2019 +0300 [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it The cofactor argument to EC_GROUP_set_generator is optional, and SCA mitigations for ECC currently use it. So the library currently falls back to very old SCA-vulnerable code if the cofactor is not present. This PR allows EC_GROUP_set_generator to compute the cofactor for all curves of cryptographic interest. Steering scalar multiplication to more SCA-robust code. This issue affects persisted private keys in explicit parameter form, where the (optional) cofactor field is zero or absent. It also affects curves not built-in to the library, but constructed programatically with explicit parameters, then calling EC_GROUP_set_generator with a nonsensical value (NULL, zero). The very old scalar multiplication code is known to be vulnerable to local uarch attacks, outside of the OpenSSL threat model. New results suggest the code path is also vulnerable to traditional wall clock timing attacks. CVE-2019-1547 Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9799) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 ++++ crypto/ec/ec.h | 6 ++-- crypto/ec/ec_err.c | 3 +- crypto/ec/ec_lib.c | 102 +++++++++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 108 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index d804f325b4..ee272f2266 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.0.2s and 1.0.2t [xx XXX xxxx] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before + this change, EC_GROUP_set_generator would accept order and/or cofactor as + NULL. After this change, only the cofactor parameter can be NULL. It also + does some minimal sanity checks on the passed order. + (CVE-2019-1547) + [Billy Bob Brumley] + *) Document issue with installation paths in diverse Windows builds '/usr/local/ssl' is an unsafe prefix for location to install OpenSSL diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 81e6faf6c5..b62613da55 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -1073,6 +1073,7 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ + void ERR_load_EC_strings(void); /* Error codes for the EC functions. */ @@ -1270,13 +1271,14 @@ void ERR_load_EC_strings(void); # define EC_R_SLOT_FULL 108 # define EC_R_UNDEFINED_GENERATOR 113 # define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 152 # define EC_R_UNKNOWN_GROUP 129 # define EC_R_UNKNOWN_ORDER 114 # define EC_R_UNSUPPORTED_FIELD 131 # define EC_R_WRONG_CURVE_PARAMETERS 145 # define EC_R_WRONG_ORDER 130 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 6fe5baafd4..220541161e 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -310,6 +310,7 @@ static ERR_STRING_DATA EC_str_reasons[] = { {ERR_REASON(EC_R_SLOT_FULL), "slot full"}, {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"}, {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"}, + {ERR_REASON(EC_R_UNKNOWN_COFACTOR), "unknown cofactor"}, {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"}, {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"}, {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"}, diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index cd2c420176..15302322f7 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -294,6 +294,67 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth) return meth->field_type; } +/*- + * Try computing cofactor from the generator order (n) and field cardinality (q). + * This works for all curves of cryptographic interest. + * + * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q) + * h_min = (q + 1 - 2*sqrt(q))/n + * h_max = (q + 1 + 2*sqrt(q))/n + * h_max - h_min = 4*sqrt(q)/n + * So if n > 4*sqrt(q) holds, there is only one possible value for h: + * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil + * + * Otherwise, zero cofactor and return success. + */ +static int ec_guess_cofactor(EC_GROUP *group) { + int ret = 0; + BN_CTX *ctx = NULL; + BIGNUM *q = NULL; + + /*- + * If the cofactor is too large, we cannot guess it. + * The RHS of below is a strict overestimate of lg(4 * sqrt(q)) + */ + if (BN_num_bits(&group->order) <= (BN_num_bits(&group->field) + 1) / 2 + 3) { + /* default to 0 */ + BN_zero(&group->cofactor); + /* return success */ + return 1; + } + + if ((ctx = BN_CTX_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; + + /* set q = 2**m for binary fields; q = p otherwise */ + if (group->meth->field_type == NID_X9_62_characteristic_two_field) { + BN_zero(q); + if (!BN_set_bit(q, BN_num_bits(&group->field) - 1)) + goto err; + } else { + if (!BN_copy(q, &group->field)) + goto err; + } + + /* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor */ + if (!BN_rshift1(&group->cofactor, &group->order) /* n/2 */ + || !BN_add(&group->cofactor, &group->cofactor, q) /* q + n/2 */ + /* q + 1 + n/2 */ + || !BN_add(&group->cofactor, &group->cofactor, BN_value_one()) + /* (q + 1 + n/2)/n */ + || !BN_div(&group->cofactor, NULL, &group->cofactor, &group->order, ctx)) + goto err; + ret = 1; + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { @@ -302,6 +363,33 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, return 0; } + /* require group->field >= 1 */ + if (BN_is_zero(&group->field) || BN_is_negative(&group->field)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD); + return 0; + } + + /*- + * - require order >= 1 + * - enforce upper bound due to Hasse thm: order can be no more than one bit + * longer than field cardinality + */ + if (order == NULL || BN_is_zero(order) || BN_is_negative(order) + || BN_num_bits(order) > BN_num_bits(&group->field) + 1) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_GROUP_ORDER); + return 0; + } + + /*- + * Unfortunately the cofactor is an optional field in many standards. + * Internally, the lib uses 0 cofactor as a marker for "unknown cofactor". + * So accept cofactor == NULL or cofactor >= 0. + */ + if (cofactor != NULL && BN_is_negative(cofactor)) { + ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_UNKNOWN_COFACTOR); + return 0; + } + if (group->generator == NULL) { group->generator = EC_POINT_new(group); if (group->generator == NULL) @@ -310,17 +398,17 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, if (!EC_POINT_copy(group->generator, generator)) return 0; - if (order != NULL) { - if (!BN_copy(&group->order, order)) - return 0; - } else - BN_zero(&group->order); + if (!BN_copy(&group->order, order)) + return 0; - if (cofactor != NULL) { + /* Either take the provided positive cofactor, or try to compute it */ + if (cofactor != NULL && !BN_is_zero(cofactor)) { if (!BN_copy(&group->cofactor, cofactor)) return 0; - } else + } else if (!ec_guess_cofactor(group)) { BN_zero(&group->cofactor); + return 0; + } /*- * Access to the `mont_data` field of an EC_GROUP struct should always be From no-reply at appveyor.com Mon Sep 9 07:58:29 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 07:58:29 +0000 Subject: Build completed: openssl master.27466 Message-ID: <20190909075829.1.B91DA2C2B210DDA3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Sep 9 08:24:45 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 08:24:45 +0000 Subject: Build failed: openssl master.27467 Message-ID: <20190909082445.1.27A45C8B83F80265@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Sep 9 09:55:05 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 09:55:05 +0000 Subject: Build failed: openssl master.27472 Message-ID: <20190909095505.1.AA85F77AE66F6898@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Sep 9 10:06:52 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Sep 2019 10:06:52 +0000 Subject: [openssl] master update Message-ID: <1568023612.128847.24835.nullmailer@dev.openssl.org> The branch master has been updated via bd9faf117db1e53b2ad2ee9cbfe8def8c98ecb7b (commit) from 03e5668343078b963cc6544ad7270743de13e514 (commit) - Log ----------------------------------------------------------------- commit bd9faf117db1e53b2ad2ee9cbfe8def8c98ecb7b Author: Richard Levitte Date: Mon Sep 9 02:41:26 2019 +0200 Do no mention private headers in public headers Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9812) ----------------------------------------------------------------------- Summary of changes: include/openssl/bio.h | 2 +- include/openssl/ct.h | 2 -- include/openssl/dtls1.h | 2 +- include/openssl/evp.h | 2 +- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 2312ca647c..3e4fbd35b0 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -142,7 +142,7 @@ extern "C" { # define BIO_CTRL_DGRAM_SET_PEEK_MODE 71 /* - * internal BIO see include/internal/bio.h: + * internal BIO: * # define BIO_CTRL_SET_KTLS_SEND 72 * # define BIO_CTRL_SET_KTLS_SEND_CTRL_MSG 74 * # define BIO_CTRL_CLEAR_KTLS_CTRL_MSG 75 diff --git a/include/openssl/ct.h b/include/openssl/ct.h index 334e1aff55..76f566304e 100644 --- a/include/openssl/ct.h +++ b/include/openssl/ct.h @@ -463,8 +463,6 @@ __owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); /* * Loads the default CT log list into a |store|. - * See internal/cryptlib.h for the environment variable and file path that are - * consulted to find the default file. * Returns 1 if loading is successful, or 0 otherwise. */ __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index f717afbe51..ef01d8b9db 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -47,7 +47,7 @@ extern "C" { # define DTLS1_AL_HEADER_LENGTH 2 -/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +/* Timeout multipliers */ # define DTLS1_TMO_READ_COUNT 2 # define DTLS1_TMO_WRITE_COUNT 2 diff --git a/include/openssl/evp.h b/include/openssl/evp.h index a0733b9697..d1bd0b69d0 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -186,7 +186,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, * if the following flag is set. */ # define EVP_MD_CTX_FLAG_FINALISE 0x0200 -/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */ +/* NOTE: 0x0400 is reserved for internal usage */ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); From no-reply at appveyor.com Mon Sep 9 10:23:20 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 10:23:20 +0000 Subject: Build completed: openssl master.27473 Message-ID: <20190909102320.1.F929EB00B5ABD4AC@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Sep 9 10:45:57 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 10:45:57 +0000 Subject: Still Failing: openssl/openssl#28055 (master - bd9faf1) In-Reply-To: Message-ID: <5d762d65924e6_43fa2ce4a57f82501f7@e58dbfa8-c41b-4575-82c1-669c0e635b7a.mail> Build Update for openssl/openssl ------------------------------------- Build: #28055 Status: Still Failing Duration: 24 mins and 51 secs Commit: bd9faf1 (master) Author: Richard Levitte Message: Do no mention private headers in public headers Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9812) View the changeset: https://github.com/openssl/openssl/compare/03e566834307...bd9faf117db1 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582609906?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Mon Sep 9 11:06:59 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 09 Sep 2019 11:06:59 +0000 Subject: [openssl] master update Message-ID: <1568027219.277315.2565.nullmailer@dev.openssl.org> The branch master has been updated via bacaa618c26411d212015493d0eb82076a3e76a1 (commit) from bd9faf117db1e53b2ad2ee9cbfe8def8c98ecb7b (commit) - Log ----------------------------------------------------------------- commit bacaa618c26411d212015493d0eb82076a3e76a1 Author: Nicola Tuveri Date: Sat Sep 7 18:05:31 2019 +0300 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Description ----------- Upon `EC_GROUP_new_from_ecparameters()` check if the parameters match any of the built-in curves. If that is the case, return a new `EC_GROUP_new_by_curve_name()` object instead of the explicit parameters `EC_GROUP`. This affects all users of `EC_GROUP_new_from_ecparameters()`: - direct calls to `EC_GROUP_new_from_ecparameters()` - direct calls to `EC_GROUP_new_from_ecpkparameters()` with an explicit parameters argument - ASN.1 parsing of explicit parameters keys (as it eventually ends up calling `EC_GROUP_new_from_ecpkparameters()`) A parsed explicit parameter key will still be marked with the `OPENSSL_EC_EXPLICIT_CURVE` ASN.1 flag on load, so, unless programmatically forced otherwise, if the key is eventually serialized the output will still be encoded with explicit parameters, even if internally it is treated as a named curve `EC_GROUP`. Before this change, creating any `EC_GROUP` object using `EC_GROUP_new_from_ecparameters()`, yielded an object associated with the default generic `EC_METHOD`, but this was never guaranteed in the documentation. After this commit, users of the library that intentionally want to create an `EC_GROUP` object using a specific `EC_METHOD` can still explicitly call `EC_GROUP_new(foo_method)` and then manually set the curve parameters using `EC_GROUP_set_*()`. Motivation ---------- This has obvious performance benefits for the built-in curves with specialized `EC_METHOD`s and subtle but important security benefits: - the specialized methods have better security hardening than the generic implementations - optional fields in the parameter encoding, like the `cofactor`, cannot be leveraged by an attacker to force execution of the less secure code-paths for single point scalar multiplication - in general, this leads to reducing the attack surface Check the manuscript at https://arxiv.org/abs/1909.01785 for an in depth analysis of the issues related to this commit. It should be noted that `libssl` does not allow to negotiate explicit parameters (as per RFC 8422), so it is not directly affected by the consequences of using explicit parameters that this commit fixes. On the other hand, we detected external applications and users in the wild that use explicit parameters by default (and sometimes using 0 as the cofactor value, which is technically not a valid value per the specification, but is tolerated by parsers for wider compatibility given that the field is optional). These external users of `libcrypto` are exposed to these vulnerabilities and their security will benefit from this commit. Related commits --------------- While this commit is beneficial for users using built-in curves and explicit parameters encoding for serialized keys, commit b783beeadf6b80bc431e6f3230b5d5585c87ef87 (and its equivalents for the 1.0.2, 1.1.0 and 1.1.1 stable branches) fixes the consequences of the invalid cofactor values more in general also for other curves (CVE-2019-1547). The following list covers commits in `master` that are related to the vulnerabilities presented in the manuscript motivating this commit: - d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too - 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. - b783beeadf [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it - 724339ff44 Fix SCA vulnerability when using PVK and MSBLOB key formats Note that the PRs that contributed the listed commits also include other commits providing related testing and documentation, in addition to links to PRs and commits backporting the fixes to the 1.0.2, 1.1.0 and 1.1.1 branches. Responsible Disclosure ---------------------- This and the other issues presented in https://arxiv.org/abs/1909.01785 were reported by Cesar Pereida Garc?a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya and Billy Bob Brumley from the NISEC group at Tampere University, FINLAND. The OpenSSL Security Team evaluated the security risk for this vulnerability as low, and encouraged to propose fixes using public Pull Requests. _______________________________________________________________________________ Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9808) ----------------------------------------------------------------------- Summary of changes: CHANGES | 11 +++ crypto/ec/ec_asn1.c | 71 +++++++++++++- test/ectest.c | 267 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 345 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 9599c64545..3d2f94303a 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,17 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters, when loading a serialized key + or calling `EC_GROUP_new_from_ecpkparameters()`/ + `EC_GROUP_new_from_ecparameters()`. + This prevents bypass of security hardening and performance gains, + especially for curves with specialized EC_METHODs. + By default, if a key encoded with explicit parameters is loaded and later + serialized, the output is still encoded with explicit parameters, even if + internally a "named" EC_GROUP is used for computation. + [Nicola Tuveri] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. It also diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 3a8128b755..e0d02bb01a 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -571,10 +571,12 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) { int ok = 0, tmp; - EC_GROUP *ret = NULL; + EC_GROUP *ret = NULL, *dup = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; EC_POINT *point = NULL; long field_bits; + int curve_name = NID_undef; + BN_CTX *ctx = NULL; if (!params->fieldID || !params->fieldID->fieldType || !params->fieldID->p.ptr) { @@ -792,18 +794,79 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) goto err; } + /* + * Check if the explicit parameters group just created matches one of the + * built-in curves. + * + * We create a copy of the group just built, so that we can remove optional + * fields for the lookup: we do this to avoid the possibility that one of + * the optional parameters is used to force the library into using a less + * performant and less secure EC_METHOD instead of the specialized one. + * In any case, `seed` is not really used in any computation, while a + * cofactor different from the one in the built-in table is just + * mathematically wrong anyway and should not be used. + */ + if ((ctx = BN_CTX_new()) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB); + goto err; + } + if ((dup = EC_GROUP_dup(ret)) == NULL + || EC_GROUP_set_seed(dup, NULL, 0) != 1 + || !EC_GROUP_set_generator(dup, point, a, NULL)) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } + if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) { + /* + * The input explicit parameters successfully matched one of the + * built-in curves: often for built-in curves we have specialized + * methods with better performance and hardening. + * + * In this case we replace the `EC_GROUP` created through explicit + * parameters with one created from a named group. + */ + EC_GROUP *named_group = NULL; + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + /* + * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for + * the same curve, we prefer the SECP nid when matching explicit + * parameters as that is associated with a specialized EC_METHOD. + */ + if (curve_name == NID_wap_wsg_idm_ecid_wtls12) + curve_name = NID_secp224r1; +#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } + EC_GROUP_free(ret); + ret = named_group; + + /* + * Set the flag so that EC_GROUPs created from explicit parameters are + * serialized using explicit parameters by default. + */ + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); + } + ok = 1; err: if (!ok) { - EC_GROUP_clear_free(ret); + EC_GROUP_free(ret); ret = NULL; } + EC_GROUP_free(dup); BN_free(p); BN_free(a); BN_free(b); EC_POINT_free(point); + + BN_CTX_free(ctx); + return ret; } @@ -864,7 +927,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) } if (a) { - EC_GROUP_clear_free(*a); + EC_GROUP_free(*a); *a = group; } @@ -912,7 +975,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret = *a; if (priv_key->parameters) { - EC_GROUP_clear_free(ret->group); + EC_GROUP_free(ret->group); ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); } diff --git a/test/ectest.c b/test/ectest.c index b51a3b1207..e0081c8866 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1812,6 +1812,272 @@ static int check_named_curve_lookup_test(int id) return ret; } +/* + * Sometime we cannot compare nids for equality, as the built-in curve table + * includes aliases with different names for the same curve. + * + * This function returns TRUE (1) if the checked nids are identical, or if they + * alias to the same curve. FALSE (0) otherwise. + */ +static ossl_inline +int are_ec_nids_compatible(int n1d, int n2d) +{ + int ret = 0; + switch (n1d) { +# ifndef OPENSSL_NO_EC2M + case NID_sect113r1: + case NID_wap_wsg_idm_ecid_wtls4: + ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); + break; + case NID_sect163k1: + case NID_wap_wsg_idm_ecid_wtls3: + ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3); + break; + case NID_sect233k1: + case NID_wap_wsg_idm_ecid_wtls10: + ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10); + break; + case NID_sect233r1: + case NID_wap_wsg_idm_ecid_wtls11: + ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11); + break; + case NID_X9_62_c2pnb163v1: + case NID_wap_wsg_idm_ecid_wtls5: + ret = (n2d == NID_X9_62_c2pnb163v1 + || n2d == NID_wap_wsg_idm_ecid_wtls5); + break; +# endif /* OPENSSL_NO_EC2M */ + case NID_secp112r1: + case NID_wap_wsg_idm_ecid_wtls6: + ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); + break; + case NID_secp160r2: + case NID_wap_wsg_idm_ecid_wtls7: + ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); + break; +# ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 + case NID_secp224r1: + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); + break; +# else + /* + * For SEC P-224 we want to ensure that the SECP nid is returned, as + * that is associated with a specialized method. + */ + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1); + break; +# endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + default: + ret = (n1d == n2d); + } + return ret; +} + +/* + * This checks that EC_GROUP_bew_from_ecparameters() returns a "named" + * EC_GROUP for built-in curves. + * + * Note that it is possible to retrieve an alternative alias that does not match + * the original nid. + * + * Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. + */ +static int check_named_curve_from_ecparameters(int id) +{ + int ret = 0, nid, tnid; + EC_GROUP *group = NULL, *tgroup = NULL, *tmpg = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_gen_x = NULL, *other_gen_y = NULL; + const BIGNUM *group_order = NULL; + BIGNUM *other_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + ECPARAMETERS *params = NULL, *other_params = NULL; + EC_GROUP *g_ary[8] = {NULL}; + EC_GROUP **g_next = &g_ary[0]; + ECPARAMETERS *p_ary[8] = {NULL}; + ECPARAMETERS **p_next = &p_ary[0]; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(bn_ctx = BN_CTX_new())) + return ret; + BN_CTX_start(bn_ctx); + + if (/* Allocations */ + !TEST_ptr(group_cofactor = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_x = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_y = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_order = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_cofactor = BN_CTX_get(bn_ctx)) + /* Generate reference group and params */ + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(params = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + /* compute `other_*` values */ + || !TEST_ptr(tmpg = EC_GROUP_dup(group)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen, + other_gen_x, other_gen_y, bn_ctx)) + || !TEST_true(BN_copy(other_order, group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_true(BN_copy(other_cofactor, group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + EC_POINT_free(other_gen); + other_gen = NULL; + + if (!TEST_ptr(other_gen = EC_POINT_new(tmpg)) + || !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen, + other_gen_x, other_gen_y, + bn_ctx))) + goto err; + + /* + * ########################### + * # Actual tests start here # + * ########################### + */ + + /* + * Creating a group from built-in explicit parameters returns a + * "named" EC_GROUP + */ + if (!TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)) + goto err; + /* + * We cannot always guarantee the names match, as the built-in table + * contains aliases for the same curve with different names. + */ + if (!TEST_true(are_ec_nids_compatible(nid, tnid))) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + /* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. */ + if (!TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + /* + * An invalid seed in the parameters should be ignored: expect a "named" + * group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len), + invalid_seed_len) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * A null seed in the parameters should be ignored, as it is optional: + * expect a "named" group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * Check that changing any of the generator parameters does not yield a + * match with the built-in curves + */ + if (/* Other gen, same group order & cofactor */ + !TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* Same gen & cofactor, different order */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* The order is not an optional field, so this should fail */ + || !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL, + group_cofactor)) + /* Check that a wrong cofactor is ignored, and we still match */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + other_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* Check that if the cofactor is not set then it still matches */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + NULL)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + ret = 1; +err: + for (g_next = &g_ary[0]; g_next < g_ary + OSSL_NELEM(g_ary); g_next++) + EC_GROUP_free(*g_next); + for (p_next = &p_ary[0]; p_next < p_ary + OSSL_NELEM(g_ary); p_next++) + ECPARAMETERS_free(*p_next); + ECPARAMETERS_free(params); + EC_POINT_free(other_gen); + EC_GROUP_free(tmpg); + EC_GROUP_free(group); + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); + return ret; +} + + static int parameter_test(void) { EC_GROUP *group = NULL, *group2 = NULL; @@ -2019,6 +2285,7 @@ int setup_tests(void) ADD_ALL_TESTS(check_named_curve_test, crv_len); ADD_ALL_TESTS(check_named_curve_lookup_test, crv_len); ADD_ALL_TESTS(check_ec_key_field_public_range_test, crv_len); + ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); #endif /* OPENSSL_NO_EC */ return 1; } From levitte at openssl.org Mon Sep 9 11:19:29 2019 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Sep 2019 11:19:29 +0000 Subject: [openssl] master update Message-ID: <1568027969.483335.31594.nullmailer@dev.openssl.org> The branch master has been updated via 3f37050e33c47b246b530ef01f0b0bda9126581c (commit) from bacaa618c26411d212015493d0eb82076a3e76a1 (commit) - Log ----------------------------------------------------------------- commit 3f37050e33c47b246b530ef01f0b0bda9126581c Author: Jakub Zelenka Date: Sun Sep 8 17:32:07 2019 +0100 Fix typos in the OSSL_METHOD_STORE doc Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9825) ----------------------------------------------------------------------- Summary of changes: doc/internal/man3/OSSL_METHOD_STORE.pod | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/internal/man3/OSSL_METHOD_STORE.pod b/doc/internal/man3/OSSL_METHOD_STORE.pod index afd1dd5982..f178a0ee75 100644 --- a/doc/internal/man3/OSSL_METHOD_STORE.pod +++ b/doc/internal/man3/OSSL_METHOD_STORE.pod @@ -76,7 +76,7 @@ the B. ossl_method_store_remove() removes the B identified by B from the B. -ossl_method_store_fetch() queries B for an method identified by B +ossl_method_store_fetch() queries B for a method identified by B that matches the property query B. The result, if any, is returned in B. @@ -88,24 +88,24 @@ and the ones passed to the ossl_method_store_free(). =head2 Cache Functions ossl_method_store_cache_get() queries the cache associated with the B -for an method identified by B that matches the property query +for a method identified by B that matches the property query B. The result, if any, is returned in B. ossl_method_store_cache_set() sets a cache entry identified by B with the property query B in the B. -Future cache gets will return the specified B. +Future calls to ossl_method_store_cache_get() will return the specified B. =head1 RETURN VALUES -ossl_method_store_new() a new method store object or B on failure. +ossl_method_store_new() returns a new method store object or B on failure. ossl_method_store_free(), ossl_method_store_add(), ossl_method_store_remove(), ossl_method_store_fetch(), ossl_method_store_set_global_properties(), ossl_method_store_cache_get() and ossl_method_store_cache_set() return B<1> on success and B<0> on error. -ossl_method_store_free() and ossl_method_store_cleanup() do not return values. +ossl_method_store_free() and ossl_method_store_cleanup() do not return any value. =head1 HISTORY From nic.tuv at gmail.com Mon Sep 9 11:24:56 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 09 Sep 2019 11:24:56 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568028296.359733.26768.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 9a43a733801bd788848c9a8374305bcaed555019 (commit) from ad9c296c529d3eba67a51118c8e5d875d17f6d07 (commit) - Log ----------------------------------------------------------------- commit 9a43a733801bd788848c9a8374305bcaed555019 Author: Nicola Tuveri Date: Sat Sep 7 18:05:31 2019 +0300 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Description ----------- Upon `EC_GROUP_new_from_ecparameters()` check if the parameters match any of the built-in curves. If that is the case, return a new `EC_GROUP_new_by_curve_name()` object instead of the explicit parameters `EC_GROUP`. This affects all users of `EC_GROUP_new_from_ecparameters()`: - direct calls to `EC_GROUP_new_from_ecparameters()` - direct calls to `EC_GROUP_new_from_ecpkparameters()` with an explicit parameters argument - ASN.1 parsing of explicit parameters keys (as it eventually ends up calling `EC_GROUP_new_from_ecpkparameters()`) A parsed explicit parameter key will still be marked with the `OPENSSL_EC_EXPLICIT_CURVE` ASN.1 flag on load, so, unless programmatically forced otherwise, if the key is eventually serialized the output will still be encoded with explicit parameters, even if internally it is treated as a named curve `EC_GROUP`. Before this change, creating any `EC_GROUP` object using `EC_GROUP_new_from_ecparameters()`, yielded an object associated with the default generic `EC_METHOD`, but this was never guaranteed in the documentation. After this commit, users of the library that intentionally want to create an `EC_GROUP` object using a specific `EC_METHOD` can still explicitly call `EC_GROUP_new(foo_method)` and then manually set the curve parameters using `EC_GROUP_set_*()`. Motivation ---------- This has obvious performance benefits for the built-in curves with specialized `EC_METHOD`s and subtle but important security benefits: - the specialized methods have better security hardening than the generic implementations - optional fields in the parameter encoding, like the `cofactor`, cannot be leveraged by an attacker to force execution of the less secure code-paths for single point scalar multiplication - in general, this leads to reducing the attack surface Check the manuscript at https://arxiv.org/abs/1909.01785 for an in depth analysis of the issues related to this commit. It should be noted that `libssl` does not allow to negotiate explicit parameters (as per RFC 8422), so it is not directly affected by the consequences of using explicit parameters that this commit fixes. On the other hand, we detected external applications and users in the wild that use explicit parameters by default (and sometimes using 0 as the cofactor value, which is technically not a valid value per the specification, but is tolerated by parsers for wider compatibility given that the field is optional). These external users of `libcrypto` are exposed to these vulnerabilities and their security will benefit from this commit. Related commits --------------- While this commit is beneficial for users using built-in curves and explicit parameters encoding for serialized keys, commit b783beeadf6b80bc431e6f3230b5d5585c87ef87 (and its equivalents for the 1.0.2, 1.1.0 and 1.1.1 stable branches) fixes the consequences of the invalid cofactor values more in general also for other curves (CVE-2019-1547). The following list covers commits in `master` that are related to the vulnerabilities presented in the manuscript motivating this commit: - d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too - 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. - b783beeadf [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it - 724339ff44 Fix SCA vulnerability when using PVK and MSBLOB key formats Note that the PRs that contributed the listed commits also include other commits providing related testing and documentation, in addition to links to PRs and commits backporting the fixes to the 1.0.2, 1.1.0 and 1.1.1 branches. This commit includes a partial backport of https://github.com/openssl/openssl/pull/8555 (commit 8402cd5f75f8c2f60d8bd39775b24b03dd8b3b38) for which the main author is Shane Lontis. Responsible Disclosure ---------------------- This and the other issues presented in https://arxiv.org/abs/1909.01785 were reported by Cesar Pereida Garc?a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya and Billy Bob Brumley from the NISEC group at Tampere University, FINLAND. The OpenSSL Security Team evaluated the security risk for this vulnerability as low, and encouraged to propose fixes using public Pull Requests. _______________________________________________________________________________ Co-authored-by: Shane Lontis (Backport from https://github.com/openssl/openssl/pull/9808) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9809) ----------------------------------------------------------------------- Summary of changes: CHANGES | 11 +++ crypto/ec/ec_asn1.c | 71 +++++++++++++- crypto/ec/ec_curve.c | 112 +++++++++++++++++++++ crypto/ec/ec_lcl.h | 2 + test/ectest.c | 269 ++++++++++++++++++++++++++++++++++++++++++++++++++- 5 files changed, 460 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 1c8716074b..f422f5025e 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,17 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters, when loading a serialized key + or calling `EC_GROUP_new_from_ecpkparameters()`/ + `EC_GROUP_new_from_ecparameters()`. + This prevents bypass of security hardening and performance gains, + especially for curves with specialized EC_METHODs. + By default, if a key encoded with explicit parameters is loaded and later + serialized, the output is still encoded with explicit parameters, even if + internally a "named" EC_GROUP is used for computation. + [Nicola Tuveri] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. It also diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 13c56a621d..8d8dc95e45 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -568,10 +568,12 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) { int ok = 0, tmp; - EC_GROUP *ret = NULL; + EC_GROUP *ret = NULL, *dup = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; EC_POINT *point = NULL; long field_bits; + int curve_name = NID_undef; + BN_CTX *ctx = NULL; if (!params->fieldID || !params->fieldID->fieldType || !params->fieldID->p.ptr) { @@ -789,18 +791,79 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) goto err; } + /* + * Check if the explicit parameters group just created matches one of the + * built-in curves. + * + * We create a copy of the group just built, so that we can remove optional + * fields for the lookup: we do this to avoid the possibility that one of + * the optional parameters is used to force the library into using a less + * performant and less secure EC_METHOD instead of the specialized one. + * In any case, `seed` is not really used in any computation, while a + * cofactor different from the one in the built-in table is just + * mathematically wrong anyway and should not be used. + */ + if ((ctx = BN_CTX_new()) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB); + goto err; + } + if ((dup = EC_GROUP_dup(ret)) == NULL + || EC_GROUP_set_seed(dup, NULL, 0) != 1 + || !EC_GROUP_set_generator(dup, point, a, NULL)) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } + if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) { + /* + * The input explicit parameters successfully matched one of the + * built-in curves: often for built-in curves we have specialized + * methods with better performance and hardening. + * + * In this case we replace the `EC_GROUP` created through explicit + * parameters with one created from a named group. + */ + EC_GROUP *named_group = NULL; + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + /* + * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for + * the same curve, we prefer the SECP nid when matching explicit + * parameters as that is associated with a specialized EC_METHOD. + */ + if (curve_name == NID_wap_wsg_idm_ecid_wtls12) + curve_name = NID_secp224r1; +#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } + EC_GROUP_free(ret); + ret = named_group; + + /* + * Set the flag so that EC_GROUPs created from explicit parameters are + * serialized using explicit parameters by default. + */ + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); + } + ok = 1; err: if (!ok) { - EC_GROUP_clear_free(ret); + EC_GROUP_free(ret); ret = NULL; } + EC_GROUP_free(dup); BN_free(p); BN_free(a); BN_free(b); EC_POINT_free(point); + + BN_CTX_free(ctx); + return ret; } @@ -861,7 +924,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) } if (a) { - EC_GROUP_clear_free(*a); + EC_GROUP_free(*a); *a = group; } @@ -909,7 +972,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret = *a; if (priv_key->parameters) { - EC_GROUP_clear_free(ret->group); + EC_GROUP_free(ret->group); ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index bb1ce196d0..07acf2652c 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3197,3 +3197,115 @@ int EC_curve_nist2nid(const char *name) } return NID_undef; } + +#define NUM_BN_FIELDS 6 +/* + * Validates EC domain parameter data for known named curves. + * This can be used when a curve is loaded explicitly (without a curve + * name) or to validate that domain parameters have not been modified. + * + * Returns: The nid associated with the found named curve, or NID_undef + * if not found. If there was an error it returns -1. + */ +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) +{ + int ret = -1, nid, len, field_type, param_len; + size_t i, seed_len; + const unsigned char *seed, *params_seed, *params; + unsigned char *param_bytes = NULL; + const EC_CURVE_DATA *data; + const EC_POINT *generator = NULL; + const EC_METHOD *meth; + const BIGNUM *cofactor = NULL; + /* An array of BIGNUMs for (p, a, b, x, y, order) */ + BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + + meth = EC_GROUP_method_of(group); + if (meth == NULL) + return -1; + /* Use the optional named curve nid as a search field */ + nid = EC_GROUP_get_curve_name(group); + field_type = EC_METHOD_get_field_type(meth); + seed_len = EC_GROUP_get_seed_len(group); + seed = EC_GROUP_get0_seed(group); + cofactor = EC_GROUP_get0_cofactor(group); + + BN_CTX_start(ctx); + + /* + * The built-in curves contains data fields (p, a, b, x, y, order) that are + * all zero-padded to be the same size. The size of the padding is + * determined by either the number of bytes in the field modulus (p) or the + * EC group order, whichever is larger. + */ + param_len = BN_num_bytes(group->order); + len = BN_num_bytes(group->field); + if (len > param_len) + param_len = len; + + /* Allocate space to store the padded data for (p, a, b, x, y, order) */ + param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); + if (param_bytes == NULL) + goto end; + + /* Create the bignums */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if ((bn[i] = BN_CTX_get(ctx)) == NULL) + goto end; + } + /* + * Fill in the bn array with the same values as the internal curves + * i.e. the values are p, a, b, x, y, order. + */ + /* Get p, a & b */ + if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) + goto end; + + /* + * Convert the bignum array to bytes that are joined together to form + * a single buffer that contains data for all fields. + * (p, a, b, x, y, order) are all zero padded to be the same size. + */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + goto end; + } + + for (i = 0; i < curve_list_length; i++) { + const ec_list_element curve = curve_list[i]; + + data = curve.data; + /* Get the raw order byte data */ + params_seed = (const unsigned char *)(data + 1); /* skip header */ + params = params_seed + data->seed_len; + + /* Look for unique fields in the fixed curve data */ + if (data->field_type == field_type + && param_len == data->param_len + && (nid <= 0 || nid == curve.nid) + /* check the optional cofactor (ignore if its zero) */ + && (BN_is_zero(cofactor) + || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) + /* Check the optional seed (ignore if its not set) */ + && (data->seed_len == 0 || seed_len == 0 + || ((size_t)data->seed_len == seed_len + && memcmp(params_seed, seed, seed_len) == 0)) + /* Check that the groups params match the built-in curve params */ + && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) + == 0) { + ret = curve.nid; + goto end; + } + } + /* Gets here if the group was not found */ + ret = NID_undef; +end: + OPENSSL_free(param_bytes); + BN_CTX_end(ctx); + return ret; +} diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index e4189d7328..fbdb04ea3a 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -595,6 +595,8 @@ int ec_key_simple_generate_key(EC_KEY *eckey); int ec_key_simple_generate_public_key(EC_KEY *eckey); int ec_key_simple_check_key(const EC_KEY *eckey); +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); + /* EC_METHOD definitions */ struct ec_key_method_st { diff --git a/test/ectest.c b/test/ectest.c index ddc4ea11d6..ebd831ca40 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1519,6 +1519,271 @@ static const unsigned char p521_explicit[] = { 0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01, }; +/* + * Sometime we cannot compare nids for equality, as the built-in curve table + * includes aliases with different names for the same curve. + * + * This function returns TRUE (1) if the checked nids are identical, or if they + * alias to the same curve. FALSE (0) otherwise. + */ +static ossl_inline +int are_ec_nids_compatible(int n1d, int n2d) +{ + int ret = 0; + switch (n1d) { +# ifndef OPENSSL_NO_EC2M + case NID_sect113r1: + case NID_wap_wsg_idm_ecid_wtls4: + ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4); + break; + case NID_sect163k1: + case NID_wap_wsg_idm_ecid_wtls3: + ret = (n2d == NID_sect163k1 || n2d == NID_wap_wsg_idm_ecid_wtls3); + break; + case NID_sect233k1: + case NID_wap_wsg_idm_ecid_wtls10: + ret = (n2d == NID_sect233k1 || n2d == NID_wap_wsg_idm_ecid_wtls10); + break; + case NID_sect233r1: + case NID_wap_wsg_idm_ecid_wtls11: + ret = (n2d == NID_sect233r1 || n2d == NID_wap_wsg_idm_ecid_wtls11); + break; + case NID_X9_62_c2pnb163v1: + case NID_wap_wsg_idm_ecid_wtls5: + ret = (n2d == NID_X9_62_c2pnb163v1 + || n2d == NID_wap_wsg_idm_ecid_wtls5); + break; +# endif /* OPENSSL_NO_EC2M */ + case NID_secp112r1: + case NID_wap_wsg_idm_ecid_wtls6: + ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6); + break; + case NID_secp160r2: + case NID_wap_wsg_idm_ecid_wtls7: + ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7); + break; +# ifdef OPENSSL_NO_EC_NISTP_64_GCC_128 + case NID_secp224r1: + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12); + break; +# else + /* + * For SEC P-224 we want to ensure that the SECP nid is returned, as + * that is associated with a specialized method. + */ + case NID_wap_wsg_idm_ecid_wtls12: + ret = (n2d == NID_secp224r1); + break; +# endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + default: + ret = (n1d == n2d); + } + return ret; +} + +/* + * This checks that EC_GROUP_bew_from_ecparameters() returns a "named" + * EC_GROUP for built-in curves. + * + * Note that it is possible to retrieve an alternative alias that does not match + * the original nid. + * + * Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. + */ +static int check_named_curve_from_ecparameters(int id) +{ + int ret = 0, nid, tnid; + EC_GROUP *group = NULL, *tgroup = NULL, *tmpg = NULL; + const EC_POINT *group_gen = NULL; + EC_POINT *other_gen = NULL; + BIGNUM *group_cofactor = NULL, *other_cofactor = NULL; + BIGNUM *other_gen_x = NULL, *other_gen_y = NULL; + const BIGNUM *group_order = NULL; + BIGNUM *other_order = NULL; + BN_CTX *bn_ctx = NULL; + static const unsigned char invalid_seed[] = "THIS IS NOT A VALID SEED"; + static size_t invalid_seed_len = sizeof(invalid_seed); + ECPARAMETERS *params = NULL, *other_params = NULL; + EC_GROUP *g_ary[8] = {NULL}; + EC_GROUP **g_next = &g_ary[0]; + ECPARAMETERS *p_ary[8] = {NULL}; + ECPARAMETERS **p_next = &p_ary[0]; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(bn_ctx = BN_CTX_new())) + return ret; + BN_CTX_start(bn_ctx); + + if (/* Allocations */ + !TEST_ptr(group_cofactor = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_x = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_gen_y = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_order = BN_CTX_get(bn_ctx)) + || !TEST_ptr(other_cofactor = BN_CTX_get(bn_ctx)) + /* Generate reference group and params */ + || !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)) + || !TEST_ptr(params = EC_GROUP_get_ecparameters(group, NULL)) + || !TEST_ptr(group_gen = EC_GROUP_get0_generator(group)) + || !TEST_ptr(group_order = EC_GROUP_get0_order(group)) + || !TEST_true(EC_GROUP_get_cofactor(group, group_cofactor, NULL)) + /* compute `other_*` values */ + || !TEST_ptr(tmpg = EC_GROUP_dup(group)) + || !TEST_ptr(other_gen = EC_POINT_dup(group_gen, group)) + || !TEST_true(EC_POINT_add(group, other_gen, group_gen, group_gen, NULL)) + || !TEST_true(EC_POINT_get_affine_coordinates(group, other_gen, + other_gen_x, other_gen_y, bn_ctx)) + || !TEST_true(BN_copy(other_order, group_order)) + || !TEST_true(BN_add_word(other_order, 1)) + || !TEST_true(BN_copy(other_cofactor, group_cofactor)) + || !TEST_true(BN_add_word(other_cofactor, 1))) + goto err; + + EC_POINT_free(other_gen); + other_gen = NULL; + + if (!TEST_ptr(other_gen = EC_POINT_new(tmpg)) + || !TEST_true(EC_POINT_set_affine_coordinates(tmpg, other_gen, + other_gen_x, other_gen_y, + bn_ctx))) + goto err; + + /* + * ########################### + * # Actual tests start here # + * ########################### + */ + + /* + * Creating a group from built-in explicit parameters returns a + * "named" EC_GROUP + */ + if (!TEST_ptr(tgroup = *g_next++ = EC_GROUP_new_from_ecparameters(params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef)) + goto err; + /* + * We cannot always guarantee the names match, as the built-in table + * contains aliases for the same curve with different names. + */ + if (!TEST_true(are_ec_nids_compatible(nid, tnid))) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + /* Ensure that the OPENSSL_EC_EXPLICIT_CURVE ASN1 flag is set. */ + if (!TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + /* + * An invalid seed in the parameters should be ignored: expect a "named" + * group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, invalid_seed, invalid_seed_len), + invalid_seed_len) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * A null seed in the parameters should be ignored, as it is optional: + * expect a "named" group. + */ + if (!TEST_int_eq(EC_GROUP_set_seed(tmpg, NULL, 0), 1) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) { + TEST_info("nid = %s, tnid = %s", OBJ_nid2sn(nid), OBJ_nid2sn(tnid)); + goto err; + } + + /* + * Check that changing any of the generator parameters does not yield a + * match with the built-in curves + */ + if (/* Other gen, same group order & cofactor */ + !TEST_true(EC_GROUP_set_generator(tmpg, other_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* Same gen & cofactor, different order */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, other_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_eq((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + /* The order is not an optional field, so this should fail */ + || !TEST_false(EC_GROUP_set_generator(tmpg, group_gen, NULL, + group_cofactor)) + /* Check that a wrong cofactor is ignored, and we still match */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + other_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* Check that if the cofactor is not set then it still matches */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + NULL)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE) + /* check that restoring the generator passes */ + || !TEST_true(EC_GROUP_set_generator(tmpg, group_gen, group_order, + group_cofactor)) + || !TEST_ptr(other_params = *p_next++ = + EC_GROUP_get_ecparameters(tmpg, NULL)) + || !TEST_ptr(tgroup = *g_next++ = + EC_GROUP_new_from_ecparameters(other_params)) + || !TEST_int_ne((tnid = EC_GROUP_get_curve_name(tgroup)), NID_undef) + || !TEST_true(are_ec_nids_compatible(nid, tnid)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(tgroup), + OPENSSL_EC_EXPLICIT_CURVE)) + goto err; + + ret = 1; +err: + for (g_next = &g_ary[0]; g_next < g_ary + OSSL_NELEM(g_ary); g_next++) + EC_GROUP_free(*g_next); + for (p_next = &p_ary[0]; p_next < p_ary + OSSL_NELEM(g_ary); p_next++) + ECPARAMETERS_free(*p_next); + ECPARAMETERS_free(params); + EC_POINT_free(other_gen); + EC_GROUP_free(tmpg); + EC_GROUP_free(group); + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); + return ret; +} + static int parameter_test(void) { EC_GROUP *group = NULL, *group2 = NULL; @@ -1667,7 +1932,9 @@ int setup_tests(void) # endif ADD_ALL_TESTS(internal_curve_test, crv_len); ADD_ALL_TESTS(internal_curve_test_method, crv_len); -#endif + + ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); +#endif /* OPENSSL_NO_EC */ return 1; } From builds at travis-ci.org Mon Sep 9 11:27:36 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 11:27:36 +0000 Subject: Still Failing: openssl/openssl#28059 (master - bacaa61) In-Reply-To: Message-ID: <5d763727e4cec_43fde9f4b7c9827024e@da1e1ee4-2580-4b25-9e3c-02e5972e8674.mail> Build Update for openssl/openssl ------------------------------------- Build: #28059 Status: Still Failing Duration: 19 mins and 46 secs Commit: bacaa61 (master) Author: Nicola Tuveri Message: [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Description ----------- Upon `EC_GROUP_new_from_ecparameters()` check if the parameters match any of the built-in curves. If that is the case, return a new `EC_GROUP_new_by_curve_name()` object instead of the explicit parameters `EC_GROUP`. This affects all users of `EC_GROUP_new_from_ecparameters()`: - direct calls to `EC_GROUP_new_from_ecparameters()` - direct calls to `EC_GROUP_new_from_ecpkparameters()` with an explicit parameters argument - ASN.1 parsing of explicit parameters keys (as it eventually ends up calling `EC_GROUP_new_from_ecpkparameters()`) A parsed explicit parameter key will still be marked with the `OPENSSL_EC_EXPLICIT_CURVE` ASN.1 flag on load, so, unless programmatically forced otherwise, if the key is eventually serialized the output will still be encoded with explicit parameters, even if internally it is treated as a named curve `EC_GROUP`. Before this change, creating any `EC_GROUP` object using `EC_GROUP_new_from_ecparameters()`, yielded an object associated with the default generic `EC_METHOD`, but this was never guaranteed in the documentation. After this commit, users of the library that intentionally want to create an `EC_GROUP` object using a specific `EC_METHOD` can still explicitly call `EC_GROUP_new(foo_method)` and then manually set the curve parameters using `EC_GROUP_set_*()`. Motivation ---------- This has obvious performance benefits for the built-in curves with specialized `EC_METHOD`s and subtle but important security benefits: - the specialized methods have better security hardening than the generic implementations - optional fields in the parameter encoding, like the `cofactor`, cannot be leveraged by an attacker to force execution of the less secure code-paths for single point scalar multiplication - in general, this leads to reducing the attack surface Check the manuscript at https://arxiv.org/abs/1909.01785 for an in depth analysis of the issues related to this commit. It should be noted that `libssl` does not allow to negotiate explicit parameters (as per RFC 8422), so it is not directly affected by the consequences of using explicit parameters that this commit fixes. On the other hand, we detected external applications and users in the wild that use explicit parameters by default (and sometimes using 0 as the cofactor value, which is technically not a valid value per the specification, but is tolerated by parsers for wider compatibility given that the field is optional). These external users of `libcrypto` are exposed to these vulnerabilities and their security will benefit from this commit. Related commits --------------- While this commit is beneficial for users using built-in curves and explicit parameters encoding for serialized keys, commit b783beeadf6b80bc431e6f3230b5d5585c87ef87 (and its equivalents for the 1.0.2, 1.1.0 and 1.1.1 stable branches) fixes the consequences of the invalid cofactor values more in general also for other curves (CVE-2019-1547). The following list covers commits in `master` that are related to the vulnerabilities presented in the manuscript motivating this commit: - d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too - 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. - b783beeadf [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it - 724339ff44 Fix SCA vulnerability when using PVK and MSBLOB key formats Note that the PRs that contributed the listed commits also include other commits providing related testing and documentation, in addition to links to PRs and commits backporting the fixes to the 1.0.2, 1.1.0 and 1.1.1 branches. Responsible Disclosure ---------------------- This and the other issues presented in https://arxiv.org/abs/1909.01785 were reported by Cesar Pereida Garc?a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya and Billy Bob Brumley from the NISEC group at Tampere University, FINLAND. The OpenSSL Security Team evaluated the security risk for this vulnerability as low, and encouraged to propose fixes using public Pull Requests. _______________________________________________________________________________ Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9808) View the changeset: https://github.com/openssl/openssl/compare/bd9faf117db1...bacaa618c264 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582632271?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Mon Sep 9 11:38:08 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 09 Sep 2019 11:38:08 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1568029088.215015.22442.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via d4a5dac9f9242c580fb9d0a4389440eccd3494a7 (commit) from d374a61bb702a8ae13699dfbdcbd819c78095cd5 (commit) - Log ----------------------------------------------------------------- commit d4a5dac9f9242c580fb9d0a4389440eccd3494a7 Author: Nicola Tuveri Date: Sat Sep 7 18:05:31 2019 +0300 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Description ----------- Upon `EC_GROUP_new_from_ecparameters()` check if the parameters match any of the built-in curves. If that is the case, return a new `EC_GROUP_new_by_curve_name()` object instead of the explicit parameters `EC_GROUP`. This affects all users of `EC_GROUP_new_from_ecparameters()`: - direct calls to `EC_GROUP_new_from_ecparameters()` - direct calls to `EC_GROUP_new_from_ecpkparameters()` with an explicit parameters argument - ASN.1 parsing of explicit parameters keys (as it eventually ends up calling `EC_GROUP_new_from_ecpkparameters()`) A parsed explicit parameter key will still be marked with the `OPENSSL_EC_EXPLICIT_CURVE` ASN.1 flag on load, so, unless programmatically forced otherwise, if the key is eventually serialized the output will still be encoded with explicit parameters, even if internally it is treated as a named curve `EC_GROUP`. Before this change, creating any `EC_GROUP` object using `EC_GROUP_new_from_ecparameters()`, yielded an object associated with the default generic `EC_METHOD`, but this was never guaranteed in the documentation. After this commit, users of the library that intentionally want to create an `EC_GROUP` object using a specific `EC_METHOD` can still explicitly call `EC_GROUP_new(foo_method)` and then manually set the curve parameters using `EC_GROUP_set_*()`. Motivation ---------- This has obvious performance benefits for the built-in curves with specialized `EC_METHOD`s and subtle but important security benefits: - the specialized methods have better security hardening than the generic implementations - optional fields in the parameter encoding, like the `cofactor`, cannot be leveraged by an attacker to force execution of the less secure code-paths for single point scalar multiplication - in general, this leads to reducing the attack surface Check the manuscript at https://arxiv.org/abs/1909.01785 for an in depth analysis of the issues related to this commit. It should be noted that `libssl` does not allow to negotiate explicit parameters (as per RFC 8422), so it is not directly affected by the consequences of using explicit parameters that this commit fixes. On the other hand, we detected external applications and users in the wild that use explicit parameters by default (and sometimes using 0 as the cofactor value, which is technically not a valid value per the specification, but is tolerated by parsers for wider compatibility given that the field is optional). These external users of `libcrypto` are exposed to these vulnerabilities and their security will benefit from this commit. Related commits --------------- While this commit is beneficial for users using built-in curves and explicit parameters encoding for serialized keys, commit b783beeadf6b80bc431e6f3230b5d5585c87ef87 (and its equivalents for the 1.0.2, 1.1.0 and 1.1.1 stable branches) fixes the consequences of the invalid cofactor values more in general also for other curves (CVE-2019-1547). The following list covers commits in `master` that are related to the vulnerabilities presented in the manuscript motivating this commit: - d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too - 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. - b783beeadf [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it - 724339ff44 Fix SCA vulnerability when using PVK and MSBLOB key formats Note that the PRs that contributed the listed commits also include other commits providing related testing and documentation, in addition to links to PRs and commits backporting the fixes to the 1.0.2, 1.1.0 and 1.1.1 branches. This commit includes a partial backport of https://github.com/openssl/openssl/pull/8555 (commit 8402cd5f75f8c2f60d8bd39775b24b03dd8b3b38) for which the main author is Shane Lontis. Responsible Disclosure ---------------------- This and the other issues presented in https://arxiv.org/abs/1909.01785 were reported by Cesar Pereida Garc?a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya and Billy Bob Brumley from the NISEC group at Tampere University, FINLAND. The OpenSSL Security Team evaluated the security risk for this vulnerability as low, and encouraged to propose fixes using public Pull Requests. _______________________________________________________________________________ Co-authored-by: Shane Lontis (Backport from https://github.com/openssl/openssl/pull/9808) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9810) ----------------------------------------------------------------------- Summary of changes: CHANGES | 11 ++++ crypto/ec/ec_asn1.c | 73 ++++++++++++++++++++++-- crypto/ec/ec_curve.c | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++ crypto/ec/ec_lcl.h | 2 + 4 files changed, 236 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 1b6c1830e8..3277a0dbd4 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,17 @@ Changes between 1.1.0k and 1.1.0l [xx XXX xxxx] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters, when loading a serialized key + or calling `EC_GROUP_new_from_ecpkparameters()`/ + `EC_GROUP_new_from_ecparameters()`. + This prevents bypass of security hardening and performance gains, + especially for curves with specialized EC_METHODs. + By default, if a key encoded with explicit parameters is loaded and later + serialized, the output is still encoded with explicit parameters, even if + internally a "named" EC_GROUP is used for computation. + [Nicola Tuveri] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. It also diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 271178f82e..9ea7ff193a 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -599,10 +599,12 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) { int ok = 0, tmp; - EC_GROUP *ret = NULL; + EC_GROUP *ret = NULL, *dup = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; EC_POINT *point = NULL; long field_bits; + int curve_name = NID_undef; + BN_CTX *ctx = NULL; if (!params->fieldID || !params->fieldID->fieldType || !params->fieldID->p.ptr) { @@ -815,19 +817,80 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) goto err; } + /* + * Check if the explicit parameters group just created matches one of the + * built-in curves. + * + * We create a copy of the group just built, so that we can remove optional + * fields for the lookup: we do this to avoid the possibility that one of + * the optional parameters is used to force the library into using a less + * performant and less secure EC_METHOD instead of the specialized one. + * In any case, `seed` is not really used in any computation, while a + * cofactor different from the one in the built-in table is just + * mathematically wrong anyway and should not be used. + */ + if ((ctx = BN_CTX_new()) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB); + goto err; + } + if ((dup = EC_GROUP_dup(ret)) == NULL + || EC_GROUP_set_seed(dup, NULL, 0) != 1 + || !EC_GROUP_set_generator(dup, point, a, NULL)) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } + if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) { + /* + * The input explicit parameters successfully matched one of the + * built-in curves: often for built-in curves we have specialized + * methods with better performance and hardening. + * + * In this case we replace the `EC_GROUP` created through explicit + * parameters with one created from a named group. + */ + EC_GROUP *named_group = NULL; + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + /* + * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for + * the same curve, we prefer the SECP nid when matching explicit + * parameters as that is associated with a specialized EC_METHOD. + */ + if (curve_name == NID_wap_wsg_idm_ecid_wtls12) + curve_name = NID_secp224r1; +#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB); + goto err; + } + EC_GROUP_free(ret); + ret = named_group; + + /* + * Set the flag so that EC_GROUPs created from explicit parameters are + * serialized using explicit parameters by default. + */ + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); + } + ok = 1; err: if (!ok) { - EC_GROUP_clear_free(ret); + EC_GROUP_free(ret); ret = NULL; } + EC_GROUP_free(dup); BN_free(p); BN_free(a); BN_free(b); EC_POINT_free(point); - return (ret); + + BN_CTX_free(ctx); + + return ret; } EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) @@ -887,7 +950,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) } if (a) { - EC_GROUP_clear_free(*a); + EC_GROUP_free(*a); *a = group; } @@ -935,7 +998,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret = *a; if (priv_key->parameters) { - EC_GROUP_clear_free(ret->group); + EC_GROUP_free(ret->group); ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index b022528be2..6559e28a6f 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3167,3 +3167,158 @@ int EC_curve_nist2nid(const char *name) } return NID_undef; } + +static ossl_inline +int ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx) +{ + int field_nid; + + field_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + +#ifndef OPENSSL_NO_EC2M + if (field_nid == NID_X9_62_characteristic_two_field) { + return EC_GROUP_get_curve_GF2m(group, p, a, b, ctx); + } else +#endif /* !def(OPENSSL_NO_EC2M) */ + if (field_nid == NID_X9_62_prime_field) { + return EC_GROUP_get_curve_GFp(group, p, a, b, ctx); + } else { + /* this should never happen */ + return 0; + } +} + +static ossl_inline +int ec_point_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx) +{ + int field_nid; + + field_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + +#ifndef OPENSSL_NO_EC2M + if (field_nid == NID_X9_62_characteristic_two_field) { + return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx); + } else +#endif /* !def(OPENSSL_NO_EC2M) */ + if (field_nid == NID_X9_62_prime_field) { + return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx); + } else { + /* this should never happen */ + return 0; + } +} + +#define NUM_BN_FIELDS 6 +/* + * Validates EC domain parameter data for known named curves. + * This can be used when a curve is loaded explicitly (without a curve + * name) or to validate that domain parameters have not been modified. + * + * Returns: The nid associated with the found named curve, or NID_undef + * if not found. If there was an error it returns -1. + */ +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) +{ + int ret = -1, nid, len, field_type, param_len; + size_t i, seed_len; + const unsigned char *seed, *params_seed, *params; + unsigned char *param_bytes = NULL; + const EC_CURVE_DATA *data; + const EC_POINT *generator = NULL; + const EC_METHOD *meth; + const BIGNUM *cofactor = NULL; + /* An array of BIGNUMs for (p, a, b, x, y, order) */ + BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + + meth = EC_GROUP_method_of(group); + if (meth == NULL) + return -1; + /* Use the optional named curve nid as a search field */ + nid = EC_GROUP_get_curve_name(group); + field_type = EC_METHOD_get_field_type(meth); + seed_len = EC_GROUP_get_seed_len(group); + seed = EC_GROUP_get0_seed(group); + cofactor = EC_GROUP_get0_cofactor(group); + + BN_CTX_start(ctx); + + /* + * The built-in curves contains data fields (p, a, b, x, y, order) that are + * all zero-padded to be the same size. The size of the padding is + * determined by either the number of bytes in the field modulus (p) or the + * EC group order, whichever is larger. + */ + param_len = BN_num_bytes(group->order); + len = BN_num_bytes(group->field); + if (len > param_len) + param_len = len; + + /* Allocate space to store the padded data for (p, a, b, x, y, order) */ + param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); + if (param_bytes == NULL) + goto end; + + /* Create the bignums */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if ((bn[i] = BN_CTX_get(ctx)) == NULL) + goto end; + } + /* + * Fill in the bn array with the same values as the internal curves + * i.e. the values are p, a, b, x, y, order. + */ + /* Get p, a & b */ + if (!(ec_group_get_curve(group, bn[0], bn[1], bn[2], ctx) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && ec_point_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) + goto end; + + /* + * Convert the bignum array to bytes that are joined together to form + * a single buffer that contains data for all fields. + * (p, a, b, x, y, order) are all zero padded to be the same size. + */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + goto end; + } + + for (i = 0; i < curve_list_length; i++) { + const ec_list_element curve = curve_list[i]; + + data = curve.data; + /* Get the raw order byte data */ + params_seed = (const unsigned char *)(data + 1); /* skip header */ + params = params_seed + data->seed_len; + + /* Look for unique fields in the fixed curve data */ + if (data->field_type == field_type + && param_len == data->param_len + && (nid <= 0 || nid == curve.nid) + /* check the optional cofactor (ignore if its zero) */ + && (BN_is_zero(cofactor) + || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) + /* Check the optional seed (ignore if its not set) */ + && (data->seed_len == 0 || seed_len == 0 + || ((size_t)data->seed_len == seed_len + && memcmp(params_seed, seed, seed_len) == 0)) + /* Check that the groups params match the built-in curve params */ + && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) + == 0) { + ret = curve.nid; + goto end; + } + } + /* Gets here if the group was not found */ + ret = NID_undef; +end: + OPENSSL_free(param_bytes); + BN_CTX_end(ctx); + return ret; +} diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 2e85597f6b..c969f2f08e 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -582,6 +582,8 @@ int ec_key_simple_generate_key(EC_KEY *eckey); int ec_key_simple_generate_public_key(EC_KEY *eckey); int ec_key_simple_check_key(const EC_KEY *eckey); +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); + /* EC_METHOD definitions */ struct ec_key_method_st { From nic.tuv at gmail.com Mon Sep 9 11:47:07 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 09 Sep 2019 11:47:07 +0000 Subject: [openssl] master update Message-ID: <1568029627.221402.17812.nullmailer@dev.openssl.org> The branch master has been updated via bfed4fc8367b55e630c70cc038887ddf9b090dd6 (commit) via 65936a56461fe09e8c81bca45122af5adcfabb00 (commit) from 3f37050e33c47b246b530ef01f0b0bda9126581c (commit) - Log ----------------------------------------------------------------- commit bfed4fc8367b55e630c70cc038887ddf9b090dd6 Author: Nicola Tuveri Date: Mon Sep 9 04:00:37 2019 +0300 Uniform TEST_*() check usage in test/ectest.c - Replace a `TEST_true()` with `!TEST_false()` to avoid reporting confusing errors - We tend to use `if (!TEST_foo() || !TEST_bar())` and it's a bit confusing to switch to `if(!(TEST_foo() && TEST_bar()))`: replace it with the more common style Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9813) commit 65936a56461fe09e8c81bca45122af5adcfabb00 Author: Nicola Tuveri Date: Mon Sep 9 03:52:00 2019 +0300 Fix spacing nit in test/ectest.c Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9813) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/test/ectest.c b/test/ectest.c index e0081c8866..4f3bfb7569 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1679,8 +1679,8 @@ static int check_named_curve_test(int id) group_cofactor)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) /* The order is not an optional field, so this should fail */ - || TEST_true(EC_GROUP_set_generator(gtest, group_gen, NULL, - group_cofactor)) + || !TEST_false(EC_GROUP_set_generator(gtest, group_gen, NULL, + group_cofactor)) || !TEST_true(EC_GROUP_set_generator(gtest, group_gen, group_order, other_cofactor)) || !TEST_int_eq(EC_GROUP_check_named_curve(gtest, 0, NULL), 0) @@ -2137,7 +2137,7 @@ static int cardinality_test(int n) BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL, *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL; - TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); + TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); if (!TEST_ptr(ctx = BN_CTX_new()) || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)) @@ -2214,17 +2214,17 @@ static int check_ec_key_field_public_range_test(int id) BIGNUM *x = NULL, *y = NULL; EC_KEY *key = NULL; - if (!(TEST_ptr(x = BN_new()) - && TEST_ptr(y = BN_new()) - && TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) - && TEST_ptr(group = EC_KEY_get0_group(key)) - && TEST_ptr(meth = EC_GROUP_method_of(group)) - && TEST_ptr(field = EC_GROUP_get0_field(group)) - && TEST_int_gt(EC_KEY_generate_key(key), 0) - && TEST_int_gt(EC_KEY_check_key(key), 0) - && TEST_ptr(pub = EC_KEY_get0_public_key(key)) - && TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, - NULL), 0))) + if (!TEST_ptr(x = BN_new()) + || !TEST_ptr(y = BN_new()) + || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) + || !TEST_ptr(group = EC_KEY_get0_group(key)) + || !TEST_ptr(meth = EC_GROUP_method_of(group)) + || !TEST_ptr(field = EC_GROUP_get0_field(group)) + || !TEST_int_gt(EC_KEY_generate_key(key), 0) + || !TEST_int_gt(EC_KEY_check_key(key), 0) + || !TEST_ptr(pub = EC_KEY_get0_public_key(key)) + || !TEST_int_gt(EC_POINT_get_affine_coordinates(group, pub, x, y, + NULL), 0)) goto err; /* From nic.tuv at gmail.com Mon Sep 9 11:50:33 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 09 Sep 2019 11:50:33 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568029833.111578.19029.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 288241b6bf1ba4f07e06e83bbfdaf06f521d598b (commit) from 9a43a733801bd788848c9a8374305bcaed555019 (commit) - Log ----------------------------------------------------------------- commit 288241b6bf1ba4f07e06e83bbfdaf06f521d598b Author: Nicola Tuveri Date: Mon Sep 9 03:52:00 2019 +0300 Fix spacing nit in test/ectest.c (cherry picked from commit 65936a56461fe09e8c81bca45122af5adcfabb00) Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9813) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/ectest.c b/test/ectest.c index ebd831ca40..ee0c4a601a 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1843,7 +1843,7 @@ static int cardinality_test(int n) BIGNUM *g1_p = NULL, *g1_a = NULL, *g1_b = NULL, *g1_x = NULL, *g1_y = NULL, *g1_order = NULL, *g1_cf = NULL, *g2_cf = NULL; - TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); + TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); if (!TEST_ptr(ctx = BN_CTX_new()) || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)) From builds at travis-ci.org Mon Sep 9 11:51:13 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 11:51:13 +0000 Subject: Still Failing: openssl/openssl#28061 (master - 3f37050) In-Reply-To: Message-ID: <5d763cb0d803f_43fe6aa34106821352b@784d77e4-6929-4e41-8868-d3ddfc7646a8.mail> Build Update for openssl/openssl ------------------------------------- Build: #28061 Status: Still Failing Duration: 24 mins and 22 secs Commit: 3f37050 (master) Author: Jakub Zelenka Message: Fix typos in the OSSL_METHOD_STORE doc Reviewed-by: Paul Yang Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9825) View the changeset: https://github.com/openssl/openssl/compare/bacaa618c264...3f37050e33c4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582636616?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Sep 9 11:59:53 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 11:59:53 +0000 Subject: Still Failing: openssl/openssl#28062 (OpenSSL_1_1_1-stable - 9a43a73) In-Reply-To: Message-ID: <5d763eb8cb2b9_43fa88ae9e7fc31984e@61f8e43a-4aee-4437-9a9c-476d28cae4cb.mail> Build Update for openssl/openssl ------------------------------------- Build: #28062 Status: Still Failing Duration: 22 mins and 25 secs Commit: 9a43a73 (OpenSSL_1_1_1-stable) Author: Nicola Tuveri Message: [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Description ----------- Upon `EC_GROUP_new_from_ecparameters()` check if the parameters match any of the built-in curves. If that is the case, return a new `EC_GROUP_new_by_curve_name()` object instead of the explicit parameters `EC_GROUP`. This affects all users of `EC_GROUP_new_from_ecparameters()`: - direct calls to `EC_GROUP_new_from_ecparameters()` - direct calls to `EC_GROUP_new_from_ecpkparameters()` with an explicit parameters argument - ASN.1 parsing of explicit parameters keys (as it eventually ends up calling `EC_GROUP_new_from_ecpkparameters()`) A parsed explicit parameter key will still be marked with the `OPENSSL_EC_EXPLICIT_CURVE` ASN.1 flag on load, so, unless programmatically forced otherwise, if the key is eventually serialized the output will still be encoded with explicit parameters, even if internally it is treated as a named curve `EC_GROUP`. Before this change, creating any `EC_GROUP` object using `EC_GROUP_new_from_ecparameters()`, yielded an object associated with the default generic `EC_METHOD`, but this was never guaranteed in the documentation. After this commit, users of the library that intentionally want to create an `EC_GROUP` object using a specific `EC_METHOD` can still explicitly call `EC_GROUP_new(foo_method)` and then manually set the curve parameters using `EC_GROUP_set_*()`. Motivation ---------- This has obvious performance benefits for the built-in curves with specialized `EC_METHOD`s and subtle but important security benefits: - the specialized methods have better security hardening than the generic implementations - optional fields in the parameter encoding, like the `cofactor`, cannot be leveraged by an attacker to force execution of the less secure code-paths for single point scalar multiplication - in general, this leads to reducing the attack surface Check the manuscript at https://arxiv.org/abs/1909.01785 for an in depth analysis of the issues related to this commit. It should be noted that `libssl` does not allow to negotiate explicit parameters (as per RFC 8422), so it is not directly affected by the consequences of using explicit parameters that this commit fixes. On the other hand, we detected external applications and users in the wild that use explicit parameters by default (and sometimes using 0 as the cofactor value, which is technically not a valid value per the specification, but is tolerated by parsers for wider compatibility given that the field is optional). These external users of `libcrypto` are exposed to these vulnerabilities and their security will benefit from this commit. Related commits --------------- While this commit is beneficial for users using built-in curves and explicit parameters encoding for serialized keys, commit b783beeadf6b80bc431e6f3230b5d5585c87ef87 (and its equivalents for the 1.0.2, 1.1.0 and 1.1.1 stable branches) fixes the consequences of the invalid cofactor values more in general also for other curves (CVE-2019-1547). The following list covers commits in `master` that are related to the vulnerabilities presented in the manuscript motivating this commit: - d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too - 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. - b783beeadf [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it - 724339ff44 Fix SCA vulnerability when using PVK and MSBLOB key formats Note that the PRs that contributed the listed commits also include other commits providing related testing and documentation, in addition to links to PRs and commits backporting the fixes to the 1.0.2, 1.1.0 and 1.1.1 branches. This commit includes a partial backport of https://github.com/openssl/openssl/pull/8555 (commit 8402cd5f75f8c2f60d8bd39775b24b03dd8b3b38) for which the main author is Shane Lontis. Responsible Disclosure ---------------------- This and the other issues presented in https://arxiv.org/abs/1909.01785 were reported by Cesar Pereida Garc?a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya and Billy Bob Brumley from the NISEC group at Tampere University, FINLAND. The OpenSSL Security Team evaluated the security risk for this vulnerability as low, and encouraged to propose fixes using public Pull Requests. _______________________________________________________________________________ Co-authored-by: Shane Lontis (Backport from https://github.com/openssl/openssl/pull/9808) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9809) View the changeset: https://github.com/openssl/openssl/compare/ad9c296c529d...9a43a733801b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582638101?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Mon Sep 9 12:03:35 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Sep 2019 12:03:35 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568030615.031557.22827.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 1f9dc86b557dd259b636882836885d8e6714735e (commit) from 288241b6bf1ba4f07e06e83bbfdaf06f521d598b (commit) - Log ----------------------------------------------------------------- commit 1f9dc86b557dd259b636882836885d8e6714735e Author: Bernd Edlinger Date: Mon Sep 9 09:59:54 2019 +0200 Change DH_generate_parameters back to order 2q subgroup For for G=2 and 5 DH_generate_parameters will continue to generate the order 2q subgroup for compatibility with previous versions. For G=3 DH_generate_parameters generates an order q subgroup, but it will not pass the check in DH_check with previous OpenSSL versions. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9820) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++-- crypto/dh/dh_gen.c | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index f422f5025e..1b9299fba7 100644 --- a/CHANGES +++ b/CHANGES @@ -50,8 +50,8 @@ (CVE-2019-1552) [Richard Levitte] - *) Changed DH parameters to generate the order q subgroup instead of 2q. - Previously generated DH parameters are still accepted by DH_check + *) Changed DH_check to accept parameters with order q and 2q subgroups. + With order 2q subgroups the bit 0 of the private key is not secret but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key. [Bernd Edlinger] diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 1262d4e155..d293835eb2 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -53,6 +53,10 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, * for 2, p mod 24 == 23 * for 3, p mod 12 == 11 * for 5, p mod 60 == 59 + * + * However for compatibilty with previous versions we use: + * for 2, p mod 24 == 11 + * for 5, p mod 60 == 23 */ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -83,13 +87,13 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, if (generator == DH_GENERATOR_2) { if (!BN_set_word(t1, 24)) goto err; - if (!BN_set_word(t2, 23)) + if (!BN_set_word(t2, 11)) goto err; g = 2; } else if (generator == DH_GENERATOR_5) { if (!BN_set_word(t1, 60)) goto err; - if (!BN_set_word(t2, 59)) + if (!BN_set_word(t2, 23)) goto err; g = 5; } else { From no-reply at appveyor.com Mon Sep 9 12:13:34 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 12:13:34 +0000 Subject: Build failed: openssl OpenSSL_1_0_2-stable.27478 Message-ID: <20190909121334.1.69C0FE523615437A@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Sep 9 12:20:20 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 12:20:20 +0000 Subject: Still Failing: openssl/openssl#28064 (master - bfed4fc) In-Reply-To: Message-ID: <5d764382b3ef5_43fa2ce43d7202921d7@e58dbfa8-c41b-4575-82c1-669c0e635b7a.mail> Build Update for openssl/openssl ------------------------------------- Build: #28064 Status: Still Failing Duration: 23 mins and 15 secs Commit: bfed4fc (master) Author: Nicola Tuveri Message: Uniform TEST_*() check usage in test/ectest.c - Replace a `TEST_true()` with `!TEST_false()` to avoid reporting confusing errors - We tend to use `if (!TEST_foo() || !TEST_bar())` and it's a bit confusing to switch to `if(!(TEST_foo() && TEST_bar()))`: replace it with the more common style Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9813) View the changeset: https://github.com/openssl/openssl/compare/3f37050e33c4...bfed4fc8367b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582644979?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Sep 9 12:38:06 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 12:38:06 +0000 Subject: Still Failing: openssl/openssl#28066 (OpenSSL_1_1_1-stable - 288241b) In-Reply-To: Message-ID: <5d7647ae3afbb_43f918232fc8c193564@cc1211d8-a7a4-4c39-bb93-ea850a70fbe7.mail> Build Update for openssl/openssl ------------------------------------- Build: #28066 Status: Still Failing Duration: 18 mins and 36 secs Commit: 288241b (OpenSSL_1_1_1-stable) Author: Nicola Tuveri Message: Fix spacing nit in test/ectest.c (cherry picked from commit 65936a56461fe09e8c81bca45122af5adcfabb00) Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9813) View the changeset: https://github.com/openssl/openssl/compare/9a43a733801b...288241b6bf1b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582646169?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Sep 9 12:38:50 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 09 Sep 2019 12:38:50 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-scrypt Message-ID: <1568032730.270456.29038.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-scrypt Commit log since last time: 03e5668343 Configure: clang: move -Wno-unknown-warning-option to the front a1a0e6f285 CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it 5041ea38c9 [test] computing ECC cofactors: regression test e97bab6929 Use common digest getter for X942 KDF a1de4680fb Use common digest getter for SSH KDF 0f0db4dc25 Use common digest getter for TLS1 PRF 7e149b3928 Use common digest getter for single step KDF e957226a0c Use common digest getter for PBKDF2 86f17ed64c Use common digest getter for HKDF cb74317b4f Use common define for properties, engine, cipher and digest params c69561de00 Add 'engine' param to KDFs 96d7e2733e KMAC using common digest get code 103d8b0be4 HMAC using common digest get code 76497acf52 GMAC using common cipher get code 1dcc7ee6cf CMAC using common cipher get code 2f17cc493c Unify the digest getting code inside providers. 4fe2ee3a44 [ec/ecp_nistp*.c] restyle: use {} around `else` too e0b660c27d [ec/ecp_nistp*.c] remove flip_endian() 1b338abe3a Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations 8b44198b91 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME 805315d3a2 Fix a SCA leak using BN_bn2bin() 31ca19403d Fix a SCA leak in BN_generate_dsa_nonce d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. c7bfb138ac libcrypto.num entries for KDFs ad1700c706 Move OSSL_OP_KDF into its rightful place amongst the other OSSL_OP_ definitions d4496dc129 Remove reference to legacy aliases for MAC and KDF f575bd2af7 Clear collected_seed after freeing it 232ac89ce2 Lowercase command line 'N' argument since params have lower case names 65ce7e6553 Update KDF documentation (section 3) b4dca02940 Update KDF documentation (section 1) ccd7115a41 Update KDF documentation (section 7) 53598b2298 Deal with BUF_MEM_grow ambiguity ea643c959f crypto/evp/pkey_kdf.c: further special treatment of "seed" and "info" ff756eedb3 More KDF cleanup b1f1512993 PBKDF2 implementation: refactor to avoid memleak df2f8af4cb Fix memleaks in KDF implementations a941920514 crypto/evp/pkey_kdf.c: Redo parameter processing 6d1c31540f crypto/evp/kdf_meth.c: Add the reset function to the method 1f9eac279b Update private.num for KDFs/PRFs 185ce3d93e ossl_provider_library_context(NULL) returns NULL. 9d8e1569aa Params from text to allow zero length value fields d6c5d7f3de Update EVP test data for KDFs and PRFs. 59cba5ac85 KDF error codes reworked a308acb2c2 Cleanse KDF missing crypto files fe6ec26b20 Cleanse KDF error files 37ed621071 Cleanse crypto/kdf directory fb9e6dd6f8 KDF/PRF updates to libcrypto 55accfd2f1 App updates for KDF provider conversion. f05b53a368 KDF provider conversion error updates - generated 2f7557016c KDF additons to names and numbers bf5739a026 Test updates in light of the KDF switchover 492939e5ef Documentation updates in light of the KDF conversion e3405a4a9a Add KDFs to providers 7707526b8d Fix users of KDFs to use params not ctls b50ca330cb Remove old KDF initialisation ce3b1bb481 Fix TLS/SSL PRF usages. 5eb43d382b Move KDFs to the provider. dc5bcb88d8 Teach TLSProxy how to parse CertificateRequest messages debb64a0ca Don't send a status_request extension in a CertificateRequest message Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 6 Non-zero exit status: 1 Files=176, Tests=1662, 300 wallclock secs ( 3.19 usr 0.41 sys + 284.17 cusr 25.09 csys = 312.86 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-scrypt' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Mon Sep 9 12:45:33 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Sep 2019 12:45:33 +0000 Subject: [openssl] master update Message-ID: <1568033133.461687.21776.nullmailer@dev.openssl.org> The branch master has been updated via 2b95e8efcf8b99892106070d9ac745a0a369f503 (commit) via fa01370f7dc8f0a379483bbe74de11225857e5fe (commit) via feeb7ecd2f272e1c195e51cefc0d6b0199fef1d0 (commit) from bfed4fc8367b55e630c70cc038887ddf9b090dd6 (commit) - Log ----------------------------------------------------------------- commit 2b95e8efcf8b99892106070d9ac745a0a369f503 Author: Bernd Edlinger Date: Sat Sep 7 00:58:31 2019 +0200 DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) commit fa01370f7dc8f0a379483bbe74de11225857e5fe Author: Bernd Edlinger Date: Sat Sep 7 00:53:24 2019 +0200 Use BN_clear_free in DH_set0_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) commit feeb7ecd2f272e1c195e51cefc0d6b0199fef1d0 Author: Bernd Edlinger Date: Fri Sep 6 23:38:49 2019 +0200 Check the DH modulus bit length The check was missing in DH_check and DH_check_params. [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_check.c | 15 ++++++++++++++- crypto/dh/dh_lib.c | 4 ++-- doc/man3/DH_generate_parameters.pod | 10 +++++++++- include/openssl/dh.h | 4 +++- test/dhtest.c | 16 +++++++++++++--- 5 files changed, 41 insertions(+), 8 deletions(-) diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index aff7e37181..2d19a8f120 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -31,6 +31,10 @@ int DH_check_params_ex(const DH *dh) DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME); if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0) DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR); + if ((errflags & DH_MODULUS_TOO_SMALL) != 0) + DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_MODULUS_TOO_SMALL); + if ((errflags & DH_MODULUS_TOO_LARGE) != 0) + DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_MODULUS_TOO_LARGE); return errflags == 0; } @@ -58,6 +62,10 @@ int DH_check_params(const DH *dh, int *ret) goto err; if (BN_cmp(dh->g, tmp) >= 0) *ret |= DH_NOT_SUITABLE_GENERATOR; + if (BN_num_bits(dh->p) < DH_MIN_MODULUS_BITS) + *ret |= DH_MODULUS_TOO_SMALL; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) + *ret |= DH_MODULUS_TOO_LARGE; ok = 1; err: @@ -91,6 +99,10 @@ int DH_check_ex(const DH *dh) DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME); if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0) DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME); + if ((errflags & DH_MODULUS_TOO_SMALL) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_SMALL); + if ((errflags & DH_MODULUS_TOO_LARGE) != 0) + DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_LARGE); return errflags == 0; } @@ -164,7 +176,8 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key) { int errflags = 0; - (void)DH_check(dh, &errflags); + if (!DH_check_pub_key(dh, pub_key, &errflags)) + return 0; if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0) DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index df3166279e..0382e442d5 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -235,11 +235,11 @@ void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { if (pub_key != NULL) { - BN_free(dh->pub_key); + BN_clear_free(dh->pub_key); dh->pub_key = pub_key; } if (priv_key != NULL) { - BN_free(dh->priv_key); + BN_clear_free(dh->priv_key); dh->priv_key = priv_key; } diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod index a1541caf68..4908dcf515 100644 --- a/doc/man3/DH_generate_parameters.pod +++ b/doc/man3/DH_generate_parameters.pod @@ -73,6 +73,14 @@ The generator B is not suitable. Note that the lack of this bit doesn't guarantee that B is suitable, unless B

is known to be a strong prime. +=item DH_MODULUS_TOO_SMALL + +The modulus is too small. + +=item DH_MODULUS_TOO_LARGE + +The modulus is too large. + =back DH_check() confirms that the Diffie-Hellman parameters B are valid. The @@ -141,7 +149,7 @@ DH_generate_parameters_ex() instead. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 7c509b4c0f..4e117a0d03 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,6 +76,8 @@ DECLARE_ASN1_ITEM(DHparams) # define DH_CHECK_Q_NOT_PRIME 0x10 # define DH_CHECK_INVALID_Q_VALUE 0x20 # define DH_CHECK_INVALID_J_VALUE 0x40 +# define DH_MODULUS_TOO_SMALL 0x80 +# define DH_MODULUS_TOO_LARGE 0x100 /* DH_check_pub_key error codes */ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 diff --git a/test/dhtest.c b/test/dhtest.c index 662a4f32eb..e8a91f17f8 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,14 +63,19 @@ static int dh_test(void) || !TEST_true(DH_set0_pqg(dh, p, q, g))) goto err1; + /* check fails, because p is way too small */ if (!DH_check(dh, &i)) goto err2; + i ^= DH_MODULUS_TOO_SMALL; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) - || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) - || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_INVALID_J_VALUE) + || !TEST_false(i & DH_MODULUS_TOO_SMALL) + || !TEST_false(i & DH_MODULUS_TOO_LARGE) || !TEST_false(i)) goto err2; @@ -130,6 +135,11 @@ static int dh_test(void) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR) + || !TEST_false(i & DH_CHECK_Q_NOT_PRIME) + || !TEST_false(i & DH_CHECK_INVALID_Q_VALUE) + || !TEST_false(i & DH_CHECK_INVALID_J_VALUE) + || !TEST_false(i & DH_MODULUS_TOO_SMALL) + || !TEST_false(i & DH_MODULUS_TOO_LARGE) || !TEST_false(i)) goto err3; From bernd.edlinger at hotmail.de Mon Sep 9 12:46:43 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Sep 2019 12:46:43 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568033203.195616.8089.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 8003138fa9674bb160ced09520de43c3618d3ede (commit) from 1f9dc86b557dd259b636882836885d8e6714735e (commit) - Log ----------------------------------------------------------------- commit 8003138fa9674bb160ced09520de43c3618d3ede Author: Bernd Edlinger Date: Sat Sep 7 00:58:31 2019 +0200 DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) (cherry picked from commit 2b95e8efcf8b99892106070d9ac745a0a369f503) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_check.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 6d81101e9d..d13d8206ce 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -164,7 +164,8 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key) { int errflags = 0; - (void)DH_check(dh, &errflags); + if (!DH_check_pub_key(dh, pub_key, &errflags)) + return 0; if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0) DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL); From bernd.edlinger at hotmail.de Mon Sep 9 12:47:21 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Sep 2019 12:47:21 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568033241.566819.9365.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 4bf9781adc68684a7183961f1e5d9fbaf4885b3f (commit) from 8003138fa9674bb160ced09520de43c3618d3ede (commit) - Log ----------------------------------------------------------------- commit 4bf9781adc68684a7183961f1e5d9fbaf4885b3f Author: Bernd Edlinger Date: Sat Sep 7 00:53:24 2019 +0200 Use BN_clear_free in DH_set0_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) (cherry picked from commit fa01370f7dc8f0a379483bbe74de11225857e5fe) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 962f864dee..8d13b3c262 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -234,11 +234,11 @@ void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { if (pub_key != NULL) { - BN_free(dh->pub_key); + BN_clear_free(dh->pub_key); dh->pub_key = pub_key; } if (priv_key != NULL) { - BN_free(dh->priv_key); + BN_clear_free(dh->priv_key); dh->priv_key = priv_key; } From bernd.edlinger at hotmail.de Mon Sep 9 12:47:43 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Sep 2019 12:47:43 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1568033263.810358.28811.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 78617373f2af1b735e66501a799969248251c54b (commit) from d4a5dac9f9242c580fb9d0a4389440eccd3494a7 (commit) - Log ----------------------------------------------------------------- commit 78617373f2af1b735e66501a799969248251c54b Author: Bernd Edlinger Date: Sat Sep 7 00:53:24 2019 +0200 Use BN_clear_free in DH_set0_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) (cherry picked from commit fa01370f7dc8f0a379483bbe74de11225857e5fe) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 2e727df897..cac831da0b 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -233,11 +233,11 @@ void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { if (pub_key != NULL) { - BN_free(dh->pub_key); + BN_clear_free(dh->pub_key); dh->pub_key = pub_key; } if (priv_key != NULL) { - BN_free(dh->priv_key); + BN_clear_free(dh->priv_key); dh->priv_key = priv_key; } From builds at travis-ci.org Mon Sep 9 12:48:52 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 12:48:52 +0000 Subject: Still Failing: openssl/openssl#28067 (OpenSSL_1_1_1-stable - 1f9dc86) In-Reply-To: Message-ID: <5d764a32d7259_43f8e0ac91cc429299f@e0e1ce89-b12c-47d3-8970-dbd6053aefc2.mail> Build Update for openssl/openssl ------------------------------------- Build: #28067 Status: Still Failing Duration: 19 mins and 25 secs Commit: 1f9dc86 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Change DH_generate_parameters back to order 2q subgroup For for G=2 and 5 DH_generate_parameters will continue to generate the order 2q subgroup for compatibility with previous versions. For G=3 DH_generate_parameters generates an order q subgroup, but it will not pass the check in DH_check with previous OpenSSL versions. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9820) View the changeset: https://github.com/openssl/openssl/compare/288241b6bf1b...1f9dc86b557d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582651654?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Sep 9 13:04:45 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Sep 2019 13:04:45 +0000 Subject: [openssl] master update Message-ID: <1568034285.358858.21929.nullmailer@dev.openssl.org> The branch master has been updated via 20bf3d8b22f8c1a3529034007d3618fd1fc4fa16 (commit) via 864b89ce497c57207d04a83e23f96f50dae9d164 (commit) via 9c45222ddc36124b8826d98dc0794f3eef1e5f0b (commit) via 21fb7067228e39633755aeba251e925634e64870 (commit) via 4f62f5d9af4fb4c7765859967ee39252e34ceeb9 (commit) via 11031468c38c801b6acefe9bba9d531d92653da3 (commit) via 390acbebfa90500c79c5014e6659eacda861550c (commit) via 4889dadcb8511176c30888c748f1981adc38451d (commit) via dfcb5d29b525f5d2b6bd80602dca5efe5fca77bb (commit) from 2b95e8efcf8b99892106070d9ac745a0a369f503 (commit) - Log ----------------------------------------------------------------- commit 20bf3d8b22f8c1a3529034007d3618fd1fc4fa16 Author: Matt Caswell Date: Thu Sep 5 14:57:06 2019 +0100 Use simple names in core_names.h Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) commit 864b89ce497c57207d04a83e23f96f50dae9d164 Author: Matt Caswell Date: Wed Sep 4 23:13:25 2019 +0100 Move EVP_PKEY algorithm implementations into a union An EVP_PKEY can be used for multiple different algorithm operations. Only one can be used at a time, so we move those into a union. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) commit 9c45222ddc36124b8826d98dc0794f3eef1e5f0b Author: Matt Caswell Date: Wed Sep 4 12:46:02 2019 +0100 Revise EVP_PKEY param handling We add new functions for getting parameters and discovering the gettable and settable parameters. We also make EVP_PKEY_CTX_get_signature_md() a function and implement it in terms of the new functions. This enables applications to discover the set of parameters that are supported for a given algorithm implementation. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) commit 21fb7067228e39633755aeba251e925634e64870 Author: Matt Caswell Date: Wed Sep 4 10:58:59 2019 +0100 Enable DH "keys" which only contain domain parameters It is valid for a pub_key and priv_key to be missing from a DH "key". Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) commit 4f62f5d9af4fb4c7765859967ee39252e34ceeb9 Author: Matt Caswell Date: Tue Sep 3 17:05:52 2019 +0100 Add docs for the provider interface for signature operations Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) commit 11031468c38c801b6acefe9bba9d531d92653da3 Author: Matt Caswell Date: Tue Sep 3 16:15:21 2019 +0100 Add public API docs for newly added EVP_SIGNATURE related functions Documentation for EVP_SIGNATURE_*() as well as EVP_PKEY_sign_init_ex(), EVP_PKEY_verify_init_ex() and EVP_PKEY_verify_recover_init_ex(). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) commit 390acbebfa90500c79c5014e6659eacda861550c Author: Matt Caswell Date: Mon Sep 2 16:48:26 2019 +0100 Add support for verify/verify_recover functions to EVP_SIGNATURE Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) commit 4889dadcb8511176c30888c748f1981adc38451d Author: Matt Caswell Date: Fri Aug 30 13:33:37 2019 +0100 Implement DSA in the default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) commit dfcb5d29b525f5d2b6bd80602dca5efe5fca77bb Author: Matt Caswell Date: Fri Aug 30 13:33:10 2019 +0100 Add the ability to perform signatures in a provider This makes EVP_PKEY_sign and EVP_PKEY_sign_init provider aware. It also introduces the new type EVP_SIGNATURE to represent signature algorithms. This also automatically makes the EVP_Sign* APIs provider aware because they use EVP_Digest* (which is already provider aware) and EVP_PKEY_sign(_init) under the covers. At this stage there are no signature algorithms in any providers. That will come in the following commits. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_sd.c | 24 ++ crypto/dh/dh_ameth.c | 25 +- crypto/dsa/dsa_ameth.c | 71 +++- crypto/dsa/dsa_gen.c | 2 + crypto/dsa/dsa_key.c | 1 + crypto/dsa/dsa_lib.c | 2 + crypto/dsa/dsa_locl.h | 3 + crypto/evp/digest.c | 9 +- crypto/evp/evp_locl.h | 33 +- crypto/evp/exchange.c | 62 ++- crypto/evp/pmeth_fn.c | 470 ++++++++++++++++++--- crypto/evp/pmeth_lib.c | 233 +++++++++- crypto/include/internal/evp_int.h | 27 +- crypto/pkcs7/pk7_doit.c | 36 ++ doc/man3/EVP_PKEY_CTX_ctrl.pod | 62 ++- doc/man3/EVP_PKEY_derive.pod | 6 +- doc/man3/EVP_PKEY_sign.pod | 19 +- doc/man3/EVP_PKEY_verify.pod | 22 +- doc/man3/EVP_PKEY_verify_recover.pod | 21 +- doc/man3/EVP_SIGNATURE_free.pod | 64 +++ doc/man7/provider-keyexch.pod | 28 +- doc/man7/provider-signature.pod | 239 +++++++++++ include/openssl/core_names.h | 23 +- include/openssl/core_numbers.h | 59 ++- include/openssl/evp.h | 23 +- include/openssl/ossl_typ.h | 2 + providers/common/build.info | 2 +- providers/common/exchange/dh_exch.c | 18 +- providers/common/include/internal/provider_algs.h | 4 + providers/common/keymgmt/build.info | 2 +- providers/common/keymgmt/dh_kmgmt.c | 4 +- providers/common/keymgmt/dsa_kmgmt.c | 91 ++++ .../common/{exchange => signature}/build.info | 4 +- providers/common/signature/dsa.c | 207 +++++++++ providers/default/defltprov.c | 13 + test/evp_extra_test.c | 114 +++++ util/libcrypto.num | 12 + 37 files changed, 1853 insertions(+), 184 deletions(-) create mode 100644 doc/man3/EVP_SIGNATURE_free.pod create mode 100644 doc/man7/provider-signature.pod create mode 100644 providers/common/keymgmt/dsa_kmgmt.c copy providers/common/{exchange => signature}/build.info (58%) create mode 100644 providers/common/signature/dsa.c diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 4de750bd72..6715e84d2f 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -706,11 +706,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) si->pctx = pctx; } + /* + * TODO(3.0): This causes problems when providers are in use, so disabled + * for now. Can we get rid of this completely? AFAICT this ctrl has been + * present since CMS was first put in - but has never been used to do + * anything. All internal implementations just return 1 and ignore this ctrl + * and have always done so by the looks of things. To fix this we could + * convert this ctrl into a param, which would require us to send all the + * signer info data as a set of params...but that is non-trivial and since + * this isn't used by anything it may be better just to remove it. + */ +#if 0 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; } +#endif alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, ASN1_ITEM_rptr(CMS_Attributes_Sign)); @@ -727,11 +739,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; + /* + * TODO(3.0): This causes problems when providers are in use, so disabled + * for now. Can we get rid of this completely? AFAICT this ctrl has been + * present since CMS was first put in - but has never been used to do + * anything. All internal implementations just return 1 and ignore this ctrl + * and have always done so by the looks of things. To fix this we could + * convert this ctrl into a param, which would require us to send all the + * signer info data as a set of params...but that is non-trivial and since + * this isn't used by anything it may be better just to remove it. + */ +#if 0 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; } +#endif EVP_MD_CTX_reset(mctx); diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 6da4878200..84f1f8b952 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -559,24 +559,33 @@ static void *dh_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) OSSL_PARAM *params; void *provkey = NULL; - if (p == NULL || g == NULL || pub_key == NULL) + if (p == NULL || g == NULL) return NULL; ossl_param_bld_init(&tmpl); - if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_P, p) - || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_G, g) - || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p) + || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g)) return NULL; if (q != NULL) { - if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_Q, q)) + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q)) return NULL; } - if (priv_key != NULL) { - if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, - priv_key)) + /* + * This may be used to pass domain parameters only without any key data - + * so "pub_key" is optional. We can never have a "priv_key" without a + * corresponding "pub_key" though. + */ + if (pub_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key)) return NULL; + + if (priv_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, + priv_key)) + return NULL; + } } params = ossl_param_bld_to_param(&tmpl); diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index ef6fc7632a..4e0ed01970 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -8,14 +8,16 @@ */ #include -#include "internal/cryptlib.h" #include #include -#include "dsa_locl.h" #include #include +#include +#include "internal/cryptlib.h" #include "internal/asn1_int.h" #include "internal/evp_int.h" +#include "internal/param_build.h" +#include "dsa_locl.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { @@ -63,6 +65,7 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) goto err; } + dsa->dirty_cnt++; ASN1_INTEGER_free(public_key); EVP_PKEY_assign_DSA(pkey, dsa); return 1; @@ -185,6 +188,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) goto dsaerr; } + dsa->dirty_cnt++; EVP_PKEY_assign_DSA(pkey, dsa); ret = 1; @@ -300,6 +304,7 @@ static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) return 0; BN_free(to->pkey.dsa->g); to->pkey.dsa->g = a; + to->pkey.dsa->dirty_cnt++; return 1; } @@ -381,6 +386,7 @@ static int dsa_param_decode(EVP_PKEY *pkey, DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); return 0; } + dsa->dirty_cnt++; EVP_PKEY_assign_DSA(pkey, dsa); return 1; } @@ -417,6 +423,7 @@ static int old_dsa_priv_decode(EVP_PKEY *pkey, DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); return 0; } + dsa->dirty_cnt++; EVP_PKEY_assign_DSA(pkey, dsa); return 1; } @@ -514,6 +521,56 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) } +static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey) +{ + return pkey->pkey.dsa->dirty_cnt; +} + +static void *dsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) +{ + DSA *dsa = pk->pkey.dsa; + OSSL_PARAM_BLD tmpl; + const BIGNUM *p = DSA_get0_p(dsa), *g = DSA_get0_g(dsa); + const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa); + const BIGNUM *priv_key = DSA_get0_priv_key(dsa); + OSSL_PARAM *params; + void *provkey = NULL; + + if (p == NULL || q == NULL || g == NULL) + return NULL; + + ossl_param_bld_init(&tmpl); + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p) + || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q) + || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g)) + return NULL; + + /* + * This may be used to pass domain parameters only without any key data - + * so "pub_key" is optional. We can never have a "priv_key" without a + * corresponding "pub_key" though. + */ + if (pub_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY, + pub_key)) + return NULL; + + if (priv_key != NULL) { + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY, + priv_key)) + return NULL; + } + } + + params = ossl_param_bld_to_param(&tmpl); + + /* We export, the provider imports */ + provkey = evp_keymgmt_importkey(keymgmt, params); + + ossl_param_bld_free(params); + return provkey; +} + /* NB these are sorted in pkey_id order, lowest first */ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { @@ -570,5 +627,13 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { int_dsa_free, dsa_pkey_ctrl, old_dsa_priv_decode, - old_dsa_priv_encode} + old_dsa_priv_encode, + + NULL, NULL, NULL, + NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + + dsa_pkey_dirty_cnt, + dsa_pkey_export_to + } }; diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 858f127315..14cb8e9f53 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -281,6 +281,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, ret->p = BN_dup(p); ret->q = BN_dup(q); ret->g = BN_dup(g); + ret->dirty_cnt++; if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { ok = 0; goto err; @@ -598,6 +599,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, ok = -1; goto err; } + ret->dirty_cnt++; if (counter_ret != NULL) *counter_ret = counter; if (h_ret != NULL) diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 333bff959e..86f79b804e 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -65,6 +65,7 @@ static int dsa_builtin_keygen(DSA *dsa) dsa->priv_key = priv_key; dsa->pub_key = pub_key; + dsa->dirty_cnt++; ok = 1; err: diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 1068f1da77..034300fc7e 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -273,6 +273,7 @@ int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) BN_free(d->g); d->g = g; } + d->dirty_cnt++; return 1; } @@ -303,6 +304,7 @@ int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) BN_free(d->priv_key); d->priv_key = priv_key; } + d->dirty_cnt++; return 1; } diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h index 5c464e7c25..e56ff06977 100644 --- a/crypto/dsa/dsa_locl.h +++ b/crypto/dsa/dsa_locl.h @@ -31,6 +31,9 @@ struct dsa_st { /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; CRYPTO_RWLOCK *lock; + + /* Provider data */ + size_t dirty_cnt; /* If any key material changes, increment this */ }; struct DSA_SIG_st { diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 6cb9064b6c..0da934a691 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -266,8 +266,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) skip_to_init: #endif #ifndef FIPS_MODE - /* TODO(3.0): Temporarily no support for EVP_DigestSign* in FIPS module */ - if (ctx->pctx != NULL) { + /* + * TODO(3.0): Temporarily no support for EVP_DigestSign* inside FIPS module + * or when using providers. + */ + if (ctx->pctx != NULL + && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) + || ctx->pctx->op.sig.signature == NULL)) { int r; r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 750e593b66..fd684c4b4c 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -91,6 +91,11 @@ struct evp_keymgmt_st { OSSL_OP_keymgmt_exportkey_types_fn *exportkey_types; } /* EVP_KEYMGMT */ ; +struct keymgmt_data_st { + OPENSSL_CTX *ctx; + const char *properties; +}; + struct evp_keyexch_st { char *name; OSSL_PROVIDER *prov; @@ -105,9 +110,33 @@ struct evp_keyexch_st { OSSL_OP_keyexch_derive_fn *derive; OSSL_OP_keyexch_freectx_fn *freectx; OSSL_OP_keyexch_dupctx_fn *dupctx; - OSSL_OP_keyexch_set_params_fn *set_params; + OSSL_OP_keyexch_set_ctx_params_fn *set_ctx_params; + OSSL_OP_keyexch_settable_ctx_params_fn *settable_ctx_params; } /* EVP_KEYEXCH */; +struct evp_signature_st { + char *name; + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + + EVP_KEYMGMT *keymgmt; + + OSSL_OP_signature_newctx_fn *newctx; + OSSL_OP_signature_sign_init_fn *sign_init; + OSSL_OP_signature_sign_fn *sign; + OSSL_OP_signature_verify_init_fn *verify_init; + OSSL_OP_signature_verify_fn *verify; + OSSL_OP_signature_verify_recover_init_fn *verify_recover_init; + OSSL_OP_signature_verify_recover_fn *verify_recover; + OSSL_OP_signature_freectx_fn *freectx; + OSSL_OP_signature_dupctx_fn *dupctx; + OSSL_OP_signature_get_ctx_params_fn *get_ctx_params; + OSSL_OP_signature_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_OP_signature_set_ctx_params_fn *set_ctx_params; + OSSL_OP_signature_settable_ctx_params_fn *settable_ctx_params; +} /* EVP_SIGNATURE */; + int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, @@ -203,3 +232,5 @@ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz); return 0; \ } \ } + +void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx); diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index e69e4fd0b2..7c61a12b3b 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -32,11 +32,6 @@ static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov) return exchange; } -struct keymgmt_data_st { - OPENSSL_CTX *ctx; - const char *properties; -}; - static void *evp_keyexch_from_dispatch(const char *name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, @@ -55,7 +50,7 @@ static void *evp_keyexch_from_dispatch(const char *name, EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(keymgmt_data->ctx, name, keymgmt_data->properties); EVP_KEYEXCH *exchange = NULL; - int fncnt = 0; + int fncnt = 0, paramfncnt = 0; if (keymgmt == NULL || EVP_KEYMGMT_provider(keymgmt) != prov) { ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE); @@ -107,19 +102,28 @@ static void *evp_keyexch_from_dispatch(const char *name, break; exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns); break; - case OSSL_FUNC_KEYEXCH_SET_PARAMS: - if (exchange->set_params != NULL) + case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS: + if (exchange->set_ctx_params != NULL) + break; + exchange->set_ctx_params = OSSL_get_OP_keyexch_set_ctx_params(fns); + paramfncnt++; + break; + case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS: + if (exchange->settable_ctx_params != NULL) break; - exchange->set_params = OSSL_get_OP_keyexch_set_params(fns); + exchange->settable_ctx_params + = OSSL_get_OP_keyexch_settable_ctx_params(fns); + paramfncnt++; break; } } - if (fncnt != 4) { + if (fncnt != 4 || (paramfncnt != 0 && paramfncnt != 2)) { /* * In order to be a consistent set of functions we must have at least * a complete set of "exchange" functions: init, derive, newctx, - * and freectx. The dupctx, set_peer and set_params functions are - * optional. + * and freectx. The set_ctx_params and settable_ctx_params functions are + * optional, but if one of them is present then the other one must also + * be present. The dupctx and set_peer functions are optional. */ EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS); @@ -184,6 +188,7 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange) int ret; void *provkey = NULL; + evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_DERIVE; if (ctx->engine != NULL) @@ -217,10 +222,7 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange) } } - if (ctx->exchprovctx != NULL && ctx->exchange != NULL) - ctx->exchange->freectx(ctx->exchprovctx); - EVP_KEYEXCH_free(ctx->exchange); - ctx->exchange = exchange; + ctx->op.kex.exchange = exchange; if (ctx->pkey != NULL) { provkey = evp_keymgmt_export_to_provider(ctx->pkey, exchange->keymgmt); if (provkey == NULL) { @@ -228,13 +230,13 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange) goto err; } } - ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov)); - if (ctx->exchprovctx == NULL) { + ctx->op.kex.exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov)); + if (ctx->op.kex.exchprovctx == NULL) { /* The provider key can stay in the cache */ EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR); goto err; } - ret = exchange->init(ctx->exchprovctx, provkey); + ret = exchange->init(ctx->op.kex.exchprovctx, provkey); return ret ? 1 : 0; err: @@ -272,27 +274,22 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return -2; } - if (ctx->exchprovctx == NULL) + if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.exchprovctx == NULL) goto legacy; - if (ctx->operation != EVP_PKEY_OP_DERIVE) { - EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, - EVP_R_OPERATON_NOT_INITIALIZED); - return -1; - } - - if (ctx->exchange->set_peer == NULL) { + if (ctx->op.kex.exchange->set_peer == NULL) { EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - provkey = evp_keymgmt_export_to_provider(peer, ctx->exchange->keymgmt); + provkey = evp_keymgmt_export_to_provider(peer, + ctx->op.kex.exchange->keymgmt); if (provkey == NULL) { EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR); return 0; } - return ctx->exchange->set_peer(ctx->exchprovctx, provkey); + return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey); legacy: if (ctx->pmeth == NULL @@ -367,15 +364,16 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) return -2; } - if (ctx->operation != EVP_PKEY_OP_DERIVE) { + if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED); return -1; } - if (ctx->exchprovctx == NULL) + if (ctx->op.kex.exchprovctx == NULL) goto legacy; - ret = ctx->exchange->derive(ctx->exchprovctx, key, pkeylen, SIZE_MAX); + ret = ctx->op.kex.exchange->derive(ctx->op.kex.exchprovctx, key, pkeylen, + SIZE_MAX); return ret; legacy: diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index 51df2be4d4..b46c92d633 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -13,105 +13,479 @@ #include #include "internal/cryptlib.h" #include "internal/evp_int.h" +#include "internal/provider.h" #include "evp_locl.h" -int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) +static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov) { - int ret; - if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { - EVPerr(EVP_F_EVP_PKEY_SIGN_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE)); + + signature->lock = CRYPTO_THREAD_lock_new(); + if (signature->lock == NULL) { + OPENSSL_free(signature); + return NULL; + } + signature->prov = prov; + ossl_provider_up_ref(prov); + signature->refcnt = 1; + + return signature; +} + +static void *evp_signature_from_dispatch(const char *name, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov, + void *vkeymgmt_data) +{ + /* + * Signature functions cannot work without a key, and key management + * from the same provider to manage its keys. We therefore fetch + * a key management method using the same algorithm and properties + * and pass that down to evp_generic_fetch to be passed on to our + * evp_signature_from_dispatch, which will attach the key management + * method to the newly created key exchange method as long as the + * provider matches. + */ + struct keymgmt_data_st *keymgmt_data = vkeymgmt_data; + EVP_KEYMGMT *keymgmt = EVP_KEYMGMT_fetch(keymgmt_data->ctx, name, + keymgmt_data->properties); + EVP_SIGNATURE *signature = NULL; + int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0; + int gparamfncnt = 0, sparamfncnt = 0; + + if (keymgmt == NULL || EVP_KEYMGMT_provider(keymgmt) != prov) { + ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEYMGMT_AVAILABLE); + goto err; + } + + if ((signature = evp_signature_new(prov)) == NULL + || (signature->name = OPENSSL_strdup(name)) == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + goto err; + } + + signature->keymgmt = keymgmt; + keymgmt = NULL; /* avoid double free on failure below */ + + for (; fns->function_id != 0; fns++) { + switch (fns->function_id) { + case OSSL_FUNC_SIGNATURE_NEWCTX: + if (signature->newctx != NULL) + break; + signature->newctx = OSSL_get_OP_signature_newctx(fns); + ctxfncnt++; + break; + case OSSL_FUNC_SIGNATURE_SIGN_INIT: + if (signature->sign_init != NULL) + break; + signature->sign_init = OSSL_get_OP_signature_sign_init(fns); + signfncnt++; + break; + case OSSL_FUNC_SIGNATURE_SIGN: + if (signature->sign != NULL) + break; + signature->sign = OSSL_get_OP_signature_sign(fns); + signfncnt++; + break; + case OSSL_FUNC_SIGNATURE_VERIFY_INIT: + if (signature->verify_init != NULL) + break; + signature->verify_init = OSSL_get_OP_signature_verify_init(fns); + verifyfncnt++; + break; + case OSSL_FUNC_SIGNATURE_VERIFY: + if (signature->verify != NULL) + break; + signature->verify = OSSL_get_OP_signature_verify(fns); + verifyfncnt++; + break; + case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT: + if (signature->verify_recover_init != NULL) + break; + signature->verify_recover_init + = OSSL_get_OP_signature_verify_recover_init(fns); + verifyrecfncnt++; + break; + case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER: + if (signature->verify_recover != NULL) + break; + signature->verify_recover + = OSSL_get_OP_signature_verify_recover(fns); + verifyrecfncnt++; + break; + case OSSL_FUNC_SIGNATURE_FREECTX: + if (signature->freectx != NULL) + break; + signature->freectx = OSSL_get_OP_signature_freectx(fns); + ctxfncnt++; + break; + case OSSL_FUNC_SIGNATURE_DUPCTX: + if (signature->dupctx != NULL) + break; + signature->dupctx = OSSL_get_OP_signature_dupctx(fns); + break; + case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS: + if (signature->get_ctx_params != NULL) + break; + signature->get_ctx_params + = OSSL_get_OP_signature_get_ctx_params(fns); + gparamfncnt++; + break; + case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS: + if (signature->gettable_ctx_params != NULL) + break; + signature->gettable_ctx_params + = OSSL_get_OP_signature_gettable_ctx_params(fns); + gparamfncnt++; + break; + case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS: + if (signature->set_ctx_params != NULL) + break; + signature->set_ctx_params + = OSSL_get_OP_signature_set_ctx_params(fns); + sparamfncnt++; + break; + case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS: + if (signature->settable_ctx_params != NULL) + break; + signature->settable_ctx_params + = OSSL_get_OP_signature_settable_ctx_params(fns); + sparamfncnt++; + break; + } + } + if (ctxfncnt != 2 + || (signfncnt != 2 && verifyfncnt != 2 && verifyrecfncnt != 2) + || (gparamfncnt != 0 && gparamfncnt != 2) + || (sparamfncnt != 0 && sparamfncnt != 2)) { + /* + * In order to be a consistent set of functions we must have at least + * a set of context functions (newctx and freectx) as well as a pair of + * "signature" functions: (sign_init, sign) or (verify_init verify) or + * (verify_recover_init, verify_recover). set_ctx_params and + * settable_ctx_params are optional, but if one of them is present then + * the other one must also be present. The same applies to + * get_ctx_params and gettable_ctx_params. The dupctx function is + * optional. + */ + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); + goto err; + } + + return signature; + err: + EVP_SIGNATURE_free(signature); + EVP_KEYMGMT_free(keymgmt); + return NULL; +} + +void EVP_SIGNATURE_free(EVP_SIGNATURE *signature) +{ + if (signature != NULL) { + int i; + + CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock); + if (i > 0) + return; + EVP_KEYMGMT_free(signature->keymgmt); + ossl_provider_free(signature->prov); + OPENSSL_free(signature->name); + CRYPTO_THREAD_lock_free(signature->lock); + OPENSSL_free(signature); + } +} + +int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature) +{ + int ref = 0; + + CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock); + return 1; +} + +OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature) +{ + return signature->prov; +} + +EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties) +{ + struct keymgmt_data_st keymgmt_data; + + /* + * A signature operation cannot work without a key, so we need key + * management from the same provider to manage its keys. + */ + keymgmt_data.ctx = ctx; + keymgmt_data.properties = properties; + return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties, + evp_signature_from_dispatch, &keymgmt_data, + (int (*)(void *))EVP_SIGNATURE_up_ref, + (void (*)(void *))EVP_SIGNATURE_free); +} + +static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature, + int operation) +{ + int ret = 0; + void *provkey = NULL; + + if (ctx == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } - ctx->operation = EVP_PKEY_OP_SIGN; - if (!ctx->pmeth->sign_init) - return 1; - ret = ctx->pmeth->sign_init(ctx); + + evp_pkey_ctx_free_old_ops(ctx); + ctx->operation = operation; + + if (ctx->engine != NULL) + goto legacy; + + if (signature != NULL) { + if (!EVP_SIGNATURE_up_ref(signature)) + goto err; + } else { + int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id; + + /* + * TODO(3.0): Check for legacy handling. Remove this once all all + * algorithms are moved to providers. + */ + if (ctx->pkey != NULL) { + switch (ctx->pkey->type) { + case NID_dsa: + break; + default: + goto legacy; + } + signature = EVP_SIGNATURE_fetch(NULL, OBJ_nid2sn(nid), NULL); + } else { + goto legacy; + } + + if (signature == NULL) { + EVPerr(0, EVP_R_INITIALIZATION_ERROR); + goto err; + } + } + + ctx->op.sig.signature = signature; + if (ctx->pkey != NULL) { + provkey = evp_keymgmt_export_to_provider(ctx->pkey, signature->keymgmt); + if (provkey == NULL) { + EVPerr(0, EVP_R_INITIALIZATION_ERROR); + goto err; + } + } + ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov)); + if (ctx->op.sig.sigprovctx == NULL) { + /* The provider key can stay in the cache */ + EVPerr(0, EVP_R_INITIALIZATION_ERROR); + goto err; + } + + switch (operation) { + case EVP_PKEY_OP_SIGN: + if (signature->sign_init == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + ret = -2; + goto err; + } + ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey); + break; + case EVP_PKEY_OP_VERIFY: + if (signature->verify_init == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + ret = -2; + goto err; + } + ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey); + break; + case EVP_PKEY_OP_VERIFYRECOVER: + if (signature->verify_recover_init == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + ret = -2; + goto err; + } + ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey); + break; + default: + EVPerr(0, EVP_R_INITIALIZATION_ERROR); + goto err; + } + + if (ret <= 0) { + signature->freectx(ctx->op.sig.sigprovctx); + ctx->op.sig.sigprovctx = NULL; + goto err; + } + return 1; + + legacy: + if (ctx->pmeth == NULL + || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL) + || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL) + || (operation == EVP_PKEY_OP_VERIFYRECOVER + && ctx->pmeth->verify_recover == NULL)) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + switch (operation) { + case EVP_PKEY_OP_SIGN: + if (ctx->pmeth->sign_init == NULL) + return 1; + ret = ctx->pmeth->sign_init(ctx); + break; + case EVP_PKEY_OP_VERIFY: + if (ctx->pmeth->verify_init == NULL) + return 1; + ret = ctx->pmeth->verify_init(ctx); + break; + case EVP_PKEY_OP_VERIFYRECOVER: + if (ctx->pmeth->verify_recover_init == NULL) + return 1; + ret = ctx->pmeth->verify_recover_init(ctx); + break; + default: + EVPerr(0, EVP_R_INITIALIZATION_ERROR); + goto err; + } if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; + goto err; + return ret; + + err: + ctx->operation = EVP_PKEY_OP_UNDEFINED; return ret; } +int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) +{ + return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_SIGN); +} + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) +{ + return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_SIGN); +} + int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen) { - if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { - EVPerr(EVP_F_EVP_PKEY_SIGN, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + int ret; + + if (ctx == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } + if (ctx->operation != EVP_PKEY_OP_SIGN) { - EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED); + EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); return -1; } + + if (ctx->op.sig.sigprovctx == NULL) + goto legacy; + + ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen, + SIZE_MAX, tbs, tbslen); + + return ret; + legacy: + + if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); } +int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) +{ + return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFY); +} + int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) { - int ret; - if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { - EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_VERIFY; - if (!ctx->pmeth->verify_init) - return 1; - ret = ctx->pmeth->verify_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; + return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFY); } int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { - if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { - EVPerr(EVP_F_EVP_PKEY_VERIFY, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + int ret; + + if (ctx == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } + if (ctx->operation != EVP_PKEY_OP_VERIFY) { - EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED); + EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); return -1; } + + if (ctx->op.sig.sigprovctx == NULL) + goto legacy; + + ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen, + tbs, tbslen); + + return ret; + legacy: + if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); } +int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature) +{ + return evp_pkey_signature_init(ctx, signature, EVP_PKEY_OP_VERIFYRECOVER); +} + int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) { - int ret; - if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { - EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - ctx->operation = EVP_PKEY_OP_VERIFYRECOVER; - if (!ctx->pmeth->verify_recover_init) - return 1; - ret = ctx->pmeth->verify_recover_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - return ret; + return evp_pkey_signature_init(ctx, NULL, EVP_PKEY_OP_VERIFYRECOVER); } int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, const unsigned char *sig, size_t siglen) { - if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { - EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + int ret; + + if (ctx == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } + if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { - EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED); + EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED); return -1; } + + if (ctx->op.sig.sigprovctx == NULL) + goto legacy; + + ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout, + routlen, + (rout == NULL ? 0 : *routlen), + sig, siglen); + return ret; + legacy: + if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) { + EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index d2b28f825b..2be51f155f 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -19,6 +19,7 @@ #include "internal/asn1_int.h" #include "internal/evp_int.h" #include "internal/numbers.h" +#include "internal/provider.h" #include "evp_locl.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -182,6 +183,19 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) return ret; } +void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx) +{ + if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { + if (ctx->op.kex.exchprovctx != NULL && ctx->op.kex.exchange != NULL) + ctx->op.kex.exchange->freectx(ctx->op.kex.exchprovctx); + EVP_KEYEXCH_free(ctx->op.kex.exchange); + } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { + if (ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL) + ctx->op.sig.signature->freectx(ctx->op.sig.sigprovctx); + EVP_SIGNATURE_free(ctx->op.sig.signature); + } +} + EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; @@ -270,7 +284,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) EVP_PKEY_CTX *rctx; if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL)) - && pctx->exchprovctx == NULL) + && ((EVP_PKEY_CTX_IS_DERIVE_OP(pctx) + && pctx->op.kex.exchprovctx == NULL) + || (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx) + && pctx->op.sig.sigprovctx == NULL))) return NULL; #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a pkey context using an ENGINE */ @@ -290,21 +307,46 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) rctx->pkey = pctx->pkey; rctx->operation = pctx->operation; - if (pctx->exchprovctx != NULL) { - if (!ossl_assert(pctx->exchange != NULL)) - return NULL; - rctx->exchange = pctx->exchange; - if (!EVP_KEYEXCH_up_ref(rctx->exchange)) { - OPENSSL_free(rctx); - return NULL; + if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) { + if (pctx->op.kex.exchange != NULL) { + rctx->op.kex.exchange = pctx->op.kex.exchange; + if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange)) { + OPENSSL_free(rctx); + return NULL; + } } - rctx->exchprovctx = pctx->exchange->dupctx(pctx->exchprovctx); - if (rctx->exchprovctx == NULL) { - EVP_KEYEXCH_free(rctx->exchange); - OPENSSL_free(rctx); - return NULL; + if (pctx->op.kex.exchprovctx != NULL) { + if (!ossl_assert(pctx->op.kex.exchange != NULL)) + return NULL; + rctx->op.kex.exchprovctx + = pctx->op.kex.exchange->dupctx(pctx->op.kex.exchprovctx); + if (rctx->op.kex.exchprovctx == NULL) { + EVP_KEYEXCH_free(rctx->op.kex.exchange); + OPENSSL_free(rctx); + return NULL; + } + return rctx; + } + } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) { + if (pctx->op.sig.signature != NULL) { + rctx->op.sig.signature = pctx->op.sig.signature; + if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature)) { + OPENSSL_free(rctx); + return NULL; + } + } + if (pctx->op.sig.sigprovctx != NULL) { + if (!ossl_assert(pctx->op.sig.signature != NULL)) + return NULL; + rctx->op.sig.sigprovctx + = pctx->op.sig.signature->dupctx(pctx->op.sig.sigprovctx); + if (rctx->op.sig.sigprovctx == NULL) { + EVP_SIGNATURE_free(rctx->op.sig.signature); + OPENSSL_free(rctx); + return NULL; + } + return rctx; } - return rctx; } rctx->pmeth = pctx->pmeth; @@ -385,10 +427,7 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) if (ctx->pmeth && ctx->pmeth->cleanup) ctx->pmeth->cleanup(ctx); - if (ctx->exchprovctx != NULL && ctx->exchange != NULL) - ctx->exchange->freectx(ctx->exchprovctx); - - EVP_KEYEXCH_free(ctx->exchange); + evp_pkey_ctx_free_old_ops(ctx); EVP_PKEY_free(ctx->pkey); EVP_PKEY_free(ctx->peerkey); @@ -398,21 +437,72 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) OPENSSL_free(ctx); } +int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) +{ + if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) + && ctx->op.sig.sigprovctx != NULL + && ctx->op.sig.signature != NULL + && ctx->op.sig.signature->get_ctx_params != NULL) + return ctx->op.sig.signature->get_ctx_params(ctx->op.sig.sigprovctx, + params); + return 0; +} + +const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx) +{ + if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) + && ctx->op.sig.signature != NULL + && ctx->op.sig.signature->gettable_ctx_params != NULL) + return ctx->op.sig.signature->gettable_ctx_params(); + + return NULL; +} + int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) { - if (ctx->exchprovctx != NULL && ctx->exchange != NULL) - return ctx->exchange->set_params(ctx->exchprovctx, params); + if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) + && ctx->op.kex.exchprovctx != NULL + && ctx->op.kex.exchange != NULL + && ctx->op.kex.exchange->set_ctx_params != NULL) + return ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.exchprovctx, + params); + if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) + && ctx->op.sig.sigprovctx != NULL + && ctx->op.sig.signature != NULL + && ctx->op.sig.signature->set_ctx_params != NULL) + return ctx->op.sig.signature->set_ctx_params(ctx->op.sig.sigprovctx, + params); return 0; } +const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx) +{ + if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) + && ctx->op.kex.exchange != NULL + && ctx->op.kex.exchange->settable_ctx_params != NULL) + return ctx->op.kex.exchange->settable_ctx_params(); + if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) + && ctx->op.sig.signature != NULL + && ctx->op.sig.signature->settable_ctx_params != NULL) + return ctx->op.sig.signature->settable_ctx_params(); + + return NULL; +} + #ifndef OPENSSL_NO_DH int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) { OSSL_PARAM dh_pad_params[2]; unsigned int upad = pad; + /* We use EVP_PKEY_CTX_ctrl return values */ + if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + /* TODO(3.0): Remove this eventually when no more legacy */ - if (ctx->exchprovctx == NULL) + if (ctx->op.kex.exchprovctx == NULL) return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_DH_PAD, pad, NULL); @@ -423,6 +513,80 @@ int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) } #endif +int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) +{ + OSSL_PARAM sig_md_params[3], *p = sig_md_params; + /* 80 should be big enough */ + char name[80] = ""; + const EVP_MD *tmp; + + if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.sig.sigprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_GET_MD, 0, (void *)(md)); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, + name, + sizeof(name)); + *p++ = OSSL_PARAM_construct_end(); + + if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params)) + return 0; + + tmp = EVP_get_digestbyname(name); + if (tmp == NULL) + return 0; + + *md = tmp; + + return 1; +} + +int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) +{ + OSSL_PARAM sig_md_params[3], *p = sig_md_params; + size_t mdsize; + const char *name; + + if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.sig.sigprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_MD, 0, (void *)(md)); + + if (md == NULL) { + name = ""; + mdsize = 0; + } else { + mdsize = EVP_MD_size(md); + name = EVP_MD_name(md); + } + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, + /* + * Cast away the const. This is read + * only so should be safe + */ + (char *)name, + strlen(name) + 1); + *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, + &mdsize); + *p++ = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, sig_md_params); +} + static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { @@ -431,6 +595,10 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, case EVP_PKEY_CTRL_DH_PAD: return EVP_PKEY_CTX_set_dh_pad(ctx, p1); #endif + case EVP_PKEY_CTRL_MD: + return EVP_PKEY_CTX_set_signature_md(ctx, p2); + case EVP_PKEY_CTRL_GET_MD: + return EVP_PKEY_CTX_get_signature_md(ctx, p2); } return 0; } @@ -445,7 +613,9 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, return -2; } - if (ctx->exchprovctx != NULL) + if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL) + || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) + && ctx->op.sig.sigprovctx != NULL)) return legacy_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2); if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) { @@ -495,6 +665,21 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, return EVP_PKEY_CTX_set_dh_pad(ctx, pad); } #endif + if (strcmp(name, "digest") == 0) { + int ret; + EVP_MD *md; + + if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) || ctx->op.sig.signature == NULL) + return 0; + md = EVP_MD_fetch(ossl_provider_library_context(ctx->op.sig.signature->prov), + value, NULL); + if (md == NULL) + return 0; + ret = EVP_PKEY_CTX_set_signature_md(ctx, md); + EVP_MD_meth_free(md); + return ret; + } + return 0; } @@ -506,7 +691,9 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, return -2; } - if (ctx->exchprovctx != NULL) + if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL) + || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) + && ctx->op.sig.sigprovctx != NULL)) return legacy_ctrl_str_to_param(ctx, name, value); if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) { diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index d54edc78d3..caf0ca1dd9 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -18,8 +18,20 @@ #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 struct evp_pkey_ctx_st { - EVP_KEYEXCH *exchange; - void *exchprovctx; + /* Actual operation */ + int operation; + + union { + struct { + EVP_KEYEXCH *exchange; + void *exchprovctx; + } kex; + + struct { + EVP_SIGNATURE *signature; + void *sigprovctx; + } sig; + } op; /* Legacy fields below */ @@ -31,8 +43,6 @@ struct evp_pkey_ctx_st { EVP_PKEY *pkey; /* Peer key for key agreement, may be NULL */ EVP_PKEY *peerkey; - /* Actual operation */ - int operation; /* Algorithm specific data */ void *data; /* Application specific data */ @@ -547,6 +557,15 @@ struct evp_pkey_st { size_t dirty_cnt_copy; } /* EVP_PKEY */ ; +#define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_SIGN \ + || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \ + || (ctx)->operation == EVP_PKEY_OP_VERIFY \ + || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \ + || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER) + +#define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \ + ((ctx)->operation == EVP_PKEY_OP_DERIVE) void openssl_add_all_ciphers_int(void); void openssl_add_all_digests_int(void); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 38277095ad..cc09bbf1f2 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -834,11 +834,29 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; + /* + * TODO(3.0): This causes problems when providers are in use, so disabled + * for now. Can we get rid of this completely? AFAICT this ctrl has never + * been used since it was first put in. All internal implementations just + * return 1 and ignore this ctrl and have always done so by the looks of + * things. To fix this we could convert this ctrl into a param, which would + * require us to send all the signer info data as a set of params...but that + * is non-trivial and since this isn't used by anything it may be better + * just to remove it. The original commit that added it had this + * justification in CHANGES: + * + * "During PKCS7 signing pass the PKCS7 SignerInfo structure to the + * EVP_PKEY_METHOD before and after signing via the + * EVP_PKEY_CTRL_PKCS7_SIGN ctrl. It can then customise the structure + * before and/or after signing if necessary." + */ +#if 0 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); goto err; } +#endif alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); @@ -856,11 +874,29 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; + /* + * TODO(3.0): This causes problems when providers are in use, so disabled + * for now. Can we get rid of this completely? AFAICT this ctrl has never + * been used since it was first put in. All internal implementations just + * return 1 and ignore this ctrl and have always done so by the looks of + * things. To fix this we could convert this ctrl into a param, which would + * require us to send all the signer info data as a set of params...but that + * is non-trivial and since this isn't used by anything it may be better + * just to remove it. The original commit that added it had this + * justification in CHANGES: + * + * "During PKCS7 signing pass the PKCS7 SignerInfo structure to the + * EVP_PKEY_METHOD before and after signing via the + * EVP_PKEY_CTRL_PKCS7_SIGN ctrl. It can then customise the structure + * before and/or after signing if necessary." + */ +#if 0 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); goto err; } +#endif EVP_MD_CTX_free(mctx); diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 1787e19ab7..13ea570865 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -2,7 +2,10 @@ =head1 NAME +EVP_PKEY_CTX_get_params, +EVP_PKEY_CTX_gettable_params, EVP_PKEY_CTX_set_params, +EVP_PKEY_CTX_settable_params, EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, @@ -63,7 +66,10 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len #include + int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); + const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); + const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); @@ -144,16 +150,20 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len =head1 DESCRIPTION -The EVP_PKEY_CTX_set_params() function sends arbitrary parameters to the -algorithm implementation. +The EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() functions get and +send arbitrary parameters from and to the algorithm implementation respectively. Not all parameters may be supported by all providers. See L for more information on providers. See L for more information on parameters. +These functions must only be called after the EVP_PKEY_CTX has been initialised +for use in an operation (for example by L, +L or other similar functions). + The parameters currently supported by the default provider are: =over 4 -=item OSSL_EXCHANGE_PARAM_PAD (uint type) +=item "pad" (B) Sets the DH padding mode. If B is 1 then the shared secret is padded with zeroes @@ -161,8 +171,29 @@ up to the size of the DH prime B

. If B is zero (the default) then no padding is performed. +=item "digest" (B) + +Gets and sets the name of the digest algorithm used for the input to the +signature functions. + +=item "digest-size" (B) + +Gets and sets the output size of the digest algorithm used for the input to the +signature functions. +The internal algorithm that supports this parameter is DSA. + =back +EVP_PKEY_CTX_gettable_params() and EVP_PKEY_CTX_settable_params() gets a +constant B array that decribes the gettable and +settable parameters for the current algorithm implementation, i.e. parameters +that can be used with EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() +respectively. +See L for the use of B as parameter descriptor. +These functions must only be called after the EVP_PKEY_CTX has been initialised +for use in an operation (for example by L, +L or other similar functions). + The function EVP_PKEY_CTX_ctrl() sends a control operation to the context B. The key type used must match B if it is not -1. The parameter B is a mask indicating which operations the control can be applied to. @@ -188,13 +219,13 @@ B, B and B commands. The function EVP_PKEY_CTX_md() sends a message digest control operation to the context B. The message digest is specified by its name B. -All the remaining "functions" are implemented as macros. +The EVP_PKEY_CTX_set_signature_md() function sets the message digest type used +in a signature. It can be used in the RSA, DSA and ECDSA algorithms. -The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used +The EVP_PKEY_CTX_get_signature_md() function gets the message digest type used in a signature. It can be used in the RSA, DSA and ECDSA algorithms. -The EVP_PKEY_CTX_get_signature_md() macro gets the message digest type used in a -signature. It can be used in the RSA, DSA and ECDSA algorithms. +All the remaining "functions" are implemented as macros. Key generation typically involves setting up parameters to be used and generating the private and public key data. Some algorithm implementations @@ -460,9 +491,15 @@ allocate adequate memory space for the B before calling EVP_PKEY_CTX_get1_id =head1 RETURN VALUES -EVP_PKEY_CTX_ctrl() and its macros return a positive value for success and 0 -or a negative value for failure. In particular a return value of -2 -indicates the operation is not supported by the public key algorithm. +EVP_PKEY_CTX_set_params() returns 1 for success or 0 otherwise. +EVP_PKEY_CTX_settable_params() returns an OSSL_PARAM array on success or NULL on +error. +It may also return NULL if there are no settable parameters available. + +EVP_PKEY_CTX_set_signature_md(), EVP_PKEY_CTX_set_dh_pad(), EVP_PKEY_CTX_ctrl() +and its macros return a positive value for success and 0 or a negative value for +failure. In particular a return value of -2 indicates the operation is not +supported by the public key algorithm. =head1 SEE ALSO @@ -481,8 +518,9 @@ The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len() macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. -EVP_PKEY_CTX_set_dh_pad() was a macro in OpenSSL 1.1.1 and below. -From OpenSSL 3.0 it is a function. +EVP_PKEY_CTX_get_signature_md(), EVP_PKEY_CTX_set_signature_md() and +EVP_PKEY_CTX_set_dh_pad() were macros in OpenSSL 1.1.1 and below. From OpenSSL +3.0 they are functions. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod index d6516e7933..832498ba76 100644 --- a/doc/man3/EVP_PKEY_derive.pod +++ b/doc/man3/EVP_PKEY_derive.pod @@ -25,10 +25,10 @@ The EVP_PKEY object associated with B must be compatible with that algorithm. B may be NULL in which case the EVP_KEYEXCH algorithm is fetched implicitly based on the type of EVP_PKEY associated with B. -See L for more information about implict fetches. +See L for more information about implict fetches. -The EVP_PKEY_derive_init() function is the same as EVP_PKEY_derive() except that -the EVP_KEYEXCH algorithm is always implicitly fetched. +The EVP_PKEY_derive_init() function is the same as EVP_PKEY_derive_init_ex() +except that the EVP_KEYEXCH algorithm is always implicitly fetched. The EVP_PKEY_derive_set_peer() function sets the peer key: this will normally be a public key. diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod index d48edb5025..f30affd459 100644 --- a/doc/man3/EVP_PKEY_sign.pod +++ b/doc/man3/EVP_PKEY_sign.pod @@ -2,12 +2,14 @@ =head1 NAME -EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm +EVP_PKEY_sign_init_ex, EVP_PKEY_sign_init, EVP_PKEY_sign +- sign using a public key algorithm =head1 SYNOPSIS #include + int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature); int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, @@ -15,8 +17,18 @@ EVP_PKEY_sign_init, EVP_PKEY_sign - sign using a public key algorithm =head1 DESCRIPTION -The EVP_PKEY_sign_init() function initializes a public key algorithm -context using key B for a signing operation. +The EVP_PKEY_sign_init_ex() function initializes a public key algorithm +context for performing signing using the signature algorithm B. +The signature algorithm B should be fetched using a call to +L. +The EVP_PKEY object associated with B must be compatible with that +algorithm. +B may be NULL in which case the EVP_SIGNATURE algorithm is fetched +implicitly based on the type of EVP_PKEY associated with B. +See L for more information about implict fetches. + +The EVP_PKEY_sign_init() function is the same as EVP_PKEY_sign_init_ex() except +that the EVP_SIGNATURE algorithm is always implicitly fetched. The EVP_PKEY_sign() function performs a public key signing operation using B. The data to be signed is specified using the B and @@ -101,6 +113,7 @@ L =head1 HISTORY +EVP_PKEY_sign_init_ex() was added in OpenSSL 3.0. These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod index 0212202514..1e04a85ca9 100644 --- a/doc/man3/EVP_PKEY_verify.pod +++ b/doc/man3/EVP_PKEY_verify.pod @@ -2,12 +2,14 @@ =head1 NAME -EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public key algorithm +EVP_PKEY_verify_init_ex, EVP_PKEY_verify_init, EVP_PKEY_verify +- signature verification using a public key algorithm =head1 SYNOPSIS #include + int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature); int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, @@ -15,8 +17,19 @@ EVP_PKEY_verify_init, EVP_PKEY_verify - signature verification using a public ke =head1 DESCRIPTION -The EVP_PKEY_verify_init() function initializes a public key algorithm -context using key B for a signature verification operation. +The EVP_PKEY_verify_init_ex() function initializes a public key algorithm +context for performing signature verification using the signature algorithm +B. +The signature algorithm B should be fetched using a call to +L. +The EVP_PKEY object associated with B must be compatible with that +algorithm. +B may be NULL in which case the EVP_SIGNATURE algorithm is fetched +implicitly based on the type of EVP_PKEY associated with B. +See L for more information about implict fetches. + +The EVP_PKEY_verify_init() function is the same as EVP_PKEY_verify_init_ex() +except that the EVP_SIGNATURE algorithm is always implicitly fetched. The EVP_PKEY_verify() function performs a public key verification operation using B. The signature is specified using the B and @@ -89,7 +102,8 @@ L =head1 HISTORY -These functions were added in OpenSSL 1.0.0. +EVP_PKEY_verify_init_ex() was added in OpenSSL 3.0. +All other functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod index 2b425a3852..737c372dd1 100644 --- a/doc/man3/EVP_PKEY_verify_recover.pod +++ b/doc/man3/EVP_PKEY_verify_recover.pod @@ -2,12 +2,15 @@ =head1 NAME -EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using a public key algorithm +EVP_PKEY_verify_recover_init_ex, EVP_PKEY_verify_recover_init, +EVP_PKEY_verify_recover - recover signature using a public key algorithm =head1 SYNOPSIS #include + int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, + EVP_SIGNATURE *signature); int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, @@ -15,8 +18,20 @@ EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover - recover signature using =head1 DESCRIPTION -The EVP_PKEY_verify_recover_init() function initializes a public key algorithm -context using key B for a verify recover operation. +The EVP_PKEY_verify_recover_init_ex() function initializes a public key +algorithm context for performing signature signed data recovery using the +signature algorithm B. +The signature algorithm B should be fetched using a call to +L. +The EVP_PKEY object associated with B must be compatible with that +algorithm. +B may be NULL in which case the EVP_SIGNATURE algorithm is fetched +implicitly based on the type of EVP_PKEY associated with B. +See L for more information about implict fetches. + +The EVP_PKEY_verify_recover_init() function is the same as +EVP_PKEY_verify_recover_init_ex() except that the EVP_SIGNATURE algorithm is +always implicitly fetched. The EVP_PKEY_verify_recover() function recovers signed data using B. The signature is specified using the B and diff --git a/doc/man3/EVP_SIGNATURE_free.pod b/doc/man3/EVP_SIGNATURE_free.pod new file mode 100644 index 0000000000..3e39b915e7 --- /dev/null +++ b/doc/man3/EVP_SIGNATURE_free.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + +EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, +EVP_SIGNATURE_provider +- Functions to manage EVP_SIGNATURE algorithm objects + +=head1 SYNOPSIS + + #include + + EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); + void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); + int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); + OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); + +=head1 DESCRIPTION + +EVP_SIGNATURE_fetch() fetches the implementation for the given +B from any provider offering it, within the criteria given +by the B. +The algorithm will be one offering functions for performing signature related +tasks such as signing and verifying. +See L for further information. + +The returned value must eventually be freed with EVP_SIGNATURE_free(). + +EVP_SIGNATURE_free() decrements the reference count for the B +structure. Typically this structure will have been obtained from an earlier call +to EVP_SIGNATURE_fetch(). If the reference count drops to 0 then the +structure is freed. + +EVP_SIGNATURE_up_ref() increments the reference count for an B +structure. + +EVP_SIGNATURE_provider() returns the provider that I was fetched from. + +=head1 RETURN VALUES + +EVP_SIGNATURE_fetch() returns a pointer to an B for success +or B for failure. + +EVP_SIGNATURE_up_ref() returns 1 for success or 0 otherwise. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/provider-keyexch.pod b/doc/man7/provider-keyexch.pod index 71830c12c6..9ef294395c 100644 --- a/doc/man7/provider-keyexch.pod +++ b/doc/man7/provider-keyexch.pod @@ -29,8 +29,8 @@ provider-keyexch - The keyexch library E-E provider functions size_t outlen); /* Key Exchange parameters */ - int OP_keyexch_set_params(void *ctx, const OSSL_PARAM params[]); - + int OP_keyexch_set_ctx_params(void *ctx, const OSSL_PARAM params[]); + const OSSL_PARAM *OP_keyexch_settable_ctx_params(void); =head1 DESCRIPTION @@ -61,15 +61,16 @@ For example, the "function" OP_keyexch_newctx() has these: B arrays are indexed by numbers that are provided as macros in L, as follows: - OP_keyexch_newctx OSSL_FUNC_KEYEXCH_NEWCTX - OP_keyexch_freectx OSSL_FUNC_KEYEXCH_FREECTX - OP_keyexch_dupctx OSSL_FUNC_KEYEXCH_DUPCTX + OP_keyexch_newctx OSSL_FUNC_KEYEXCH_NEWCTX + OP_keyexch_freectx OSSL_FUNC_KEYEXCH_FREECTX + OP_keyexch_dupctx OSSL_FUNC_KEYEXCH_DUPCTX - OP_keyexch_init OSSL_FUNC_KEYEXCH_INIT - OP_keyexch_set_peer OSSL_FUNC_KEYEXCH_SET_PEER - OP_keyexch_derive OSSL_FUNC_KEYEXCH_DERIVE + OP_keyexch_init OSSL_FUNC_KEYEXCH_INIT + OP_keyexch_set_peer OSSL_FUNC_KEYEXCH_SET_PEER + OP_keyexch_derive OSSL_FUNC_KEYEXCH_DERIVE - OP_keyexch_set_params OSSL_FUNC_KEYEXCH_SET_PARAMS + OP_keyexch_set_ctx_params OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS + OP_keyexch_settable_ctx_params OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS A key exchange algorithm implementation may not implement all of these functions. In order to be a consistent set of functions a provider must implement @@ -127,8 +128,8 @@ written to B<*secretlen>. See L for further details on the parameters structure used by the OP_keyexch_set_params() function. -OP_keyexch_set_params() sets key exchange parameters associated with the given -provider side key exchange context B to B. +OP_keyexch_set_ctx_params() sets key exchange parameters associated with the +given provider side key exchange context B to B. Any parameter settings are additional to any that were previously set. Parameters currently recognised by built-in key exchange algorithms are as @@ -151,6 +152,11 @@ possible secret size. =back +OP_keyexch_settable_ctx_params() gets a constant B array that +decribes the settable parameters, i.e. parameters that can be used with +OP_signature_set_ctx_params(). +See L for the use of B as parameter descriptor. + =head1 RETURN VALUES OP_keyexch_newctx() and OP_keyexch_dupctx() should return the newly created diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod new file mode 100644 index 0000000000..1ab4831035 --- /dev/null +++ b/doc/man7/provider-signature.pod @@ -0,0 +1,239 @@ +=pod + +=head1 NAME + +provider-signature - The signature library E-E provider functions + +=head1 SYNOPSIS + +=for comment multiple includes + + #include + #include + + /* + * None of these are actual functions, but are displayed like this for + * the function signatures for functions that are offered as function + * pointers in OSSL_DISPATCH arrays. + */ + + /* Context management */ + void *OP_signature_newctx(void *provctx); + void OP_signature_freectx(void *ctx); + void *OP_signature_dupctx(void *ctx); + + /* Signing */ + int OP_signature_sign_init(void *ctx, void *provkey); + int OP_signature_sign(void *ctx, unsigned char *sig, size_t *siglen, + size_t sigsize, const unsigned char *tbs, size_t tbslen); + + /* Verifying */ + int OP_signature_verify_init(void *ctx, void *provkey); + int OP_signature_verify(void *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + + /* Verify Recover */ + int OP_signature_verify_recover_init(void *ctx, void *provkey); + int OP_signature_verify_recover(void *ctx, unsigned char *rout, + size_t *routlen, size_t routsize, + const unsigned char *sig, size_t siglen); + + /* Signature parameters */ + int OP_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]); + const OSSL_PARAM *OP_signature_gettable_ctx_params(void); + int OP_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]); + const OSSL_PARAM *OP_signature_settable_ctx_params(void); + +=head1 DESCRIPTION + +This documentation is primarily aimed at provider authors. See L +for further information. + +The signature (OSSL_OP_SIGNATURE) operation enables providers to implement +signature algorithms and make them available to applications via the API +functions L, L, +L, L, +L and L (as well +as other related functions). + +All "functions" mentioned here are passed as function pointers between +F and the provider in B arrays via +B arrays that are returned by the provider's +provider_query_operation() function +(see L). + +All these "functions" have a corresponding function type definition +named B, and a helper function to retrieve the +function pointer from an B element named +B. +For example, the "function" OP_signature_newctx() has these: + + typedef void *(OSSL_OP_signature_newctx_fn)(void *provctx); + static ossl_inline OSSL_OP_signature_newctx_fn + OSSL_get_OP_signature_newctx(const OSSL_DISPATCH *opf); + +B arrays are indexed by numbers that are provided as +macros in L, as follows: + + OP_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX + OP_signature_freectx OSSL_FUNC_SIGNATURE_FREECTX + OP_signature_dupctx OSSL_FUNC_SIGNATURE_DUPCTX + + OP_signature_sign_init OSSL_FUNC_SIGNATURE_SIGN_INIT + OP_signature_sign OSSL_FUNC_SIGNATURE_SIGN + + OP_signature_verify_init OSSL_FUNC_SIGNATURE_VERIFY_INIT + OP_signature_verify OSSL_FUNC_SIGNATURE_VERIFY + + OP_signature_verify_recover_init OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT + OP_signature_verify_recover OSSL_FUNC_SIGNATURE_VERIFY_RECOVER + + OP_signature_get_ctx_params OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS + OP_signature_gettable_ctx_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS + OP_signature_set_ctx_params OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS + OP_signature_settable_ctx_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS + +A signature algorithm implementation may not implement all of these functions. +In order to be a consistent set of functions a provider must implement +OP_signature_newctx and OP_signature_freectx. +It must also implement both of OP_signature_sign_init and OP_signature_sign, +or both of OP_signature_verify_init and OP_signature_verify, or both of +OP_signature_verify_recover_init and OP_signature_verify_recover. +All other functions are optional. + +A signature algorithm must also implement some mechanism for generating, +loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. +See L for further details. + +=head2 Context Management Functions + +OP_signature_newctx() should create and return a pointer to a provider side +structure for holding context information during a signature operation. +A pointer to this context will be passed back in a number of the other signature +operation function calls. +The parameter B is the provider context generated during provider +initialisation (see L). + +OP_signature_freectx() is passed a pointer to the provider side signature +context in the B parameter. +This function should free any resources associated with that context. + +OP_signature_dupctx() should duplicate the provider side signature context in +the B parameter and return the duplicate copy. + +=head2 Signing Functions + +OP_signature_sign_init() initialises a context for signing given a provider side +signature context in the B parameter, and a pointer to a provider key object +in the B parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>. + +OP_signature_sign() performs the actual signing itself. +A previously initialised signature context is passed in the B +parameter. +The data to be signed is pointed to be the B parameter which is B +bytes long. +Unless B is NULL, the signature should be written to the location pointed +to by the B parameter and it should not exceed B bytes in length. +The length of the signature should be written to B<*siglen>. +If B is NULL then the maximum length of the signature should be written to +B<*siglen>. + +=head2 Verify Functions + +OP_signature_verify_init() initialises a context for verifying a signature given +a provider side signature context in the B parameter, and a pointer to a +provider key object in the B parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>. + +OP_signature_verify() performs the actual verification itself. +A previously initialised signature context is passed in the B parameter. +The data that the signature covers is pointed to be the B parameter which +is B bytes long. +The signature is pointed to by the B parameter which is B bytes +long. + +=head2 Verify Recover Functions + +OP_signature_verify_recover_init() initialises a context for recovering the +signed data given a provider side signature context in the B parameter, and +a pointer to a provider key object in the B parameter. +The key object should have been previously generated, loaded or imported into +the provider using the key management (OSSL_OP_KEYMGMT) operation (see +provider-keymgmt(7)>. + +OP_signature_verify_recover() performs the actual verify recover itself. +A previously initialised signature context is passed in the B parameter. +The signature is pointed to by the B parameter which is B bytes +long. +Unless B is NULL, the recovered data should be written to the location +pointed to by B which should not exceed B bytes in length. +The length of the recovered data should be written to B<*routlen>. +If B is B then the maximum size of the output buffer is written to +the B parameter. + +=head2 Signature Parameters + +See L for further details on the parameters structure used by +the OP_signature_get_ctx_params() and OP_signature_set_ctx_params() functions. + +OP_signature_get_ctx_params() gets signature parameters associated with the +given provider side signature context B and stored them in B. +OP_signature_set_ctx_params() sets the signature parameters associated with the +given provider side signature context B to B. +Any parameter settings are additional to any that were previously set. + +Parameters currently recognised by built-in signature algorithms are as +follows. +Not all parameters are relevant to, or are understood by all signature +algorithms: + +=over 4 + +=item "digest" (B) + +Get or sets the name of the digest algorithm used for the input to the signature +functions. + +=item "digest-size" (B) + +Gets or sets the output size of the digest algorithm used for the input to the +signature functions. + +=back + +OP_signature_gettable_ctx_params() and OP_signature_settable_ctx_params() get a +constant B array that decribes the gettable and settable parameters, +i.e. parameters that can be used with OP_signature_get_ctx_params() and +OP_signature_set_ctx_params() respectively. +See L for the use of B as parameter descriptor. + +=head1 RETURN VALUES + +OP_signature_newctx() and OP_signature_dupctx() should return the newly created +provider side signature, or NULL on failure. + +All other functions should return 1 for success or 0 on error. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The provider SIGNATURE interface was introduced in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index b78a0978fd..27b4588ce1 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -129,17 +129,26 @@ extern "C" { #define OSSL_KDF_PARAM_SIZE "size" /* size_t */ /* PKEY parameters */ -/* Diffie-Hellman Parameters */ -#define OSSL_PKEY_PARAM_DH_P "dh-p" -#define OSSL_PKEY_PARAM_DH_G "dh-g" -#define OSSL_PKEY_PARAM_DH_Q "dh-q" +/* Diffie-Hellman/DSA Parameters */ +#define OSSL_PKEY_PARAM_FFC_P "p" +#define OSSL_PKEY_PARAM_FFC_G "g" +#define OSSL_PKEY_PARAM_FFC_Q "q" + /* Diffie-Hellman Keys */ -#define OSSL_PKEY_PARAM_DH_PUB_KEY "dh-pub" -#define OSSL_PKEY_PARAM_DH_PRIV_KEY "dh-priv" +#define OSSL_PKEY_PARAM_DH_PUB_KEY "pub" +#define OSSL_PKEY_PARAM_DH_PRIV_KEY "priv" + +/* DSA Keys */ +#define OSSL_PKEY_PARAM_DSA_PUB_KEY "pub" +#define OSSL_PKEY_PARAM_DSA_PRIV_KEY "priv" /* Key Exchange parameters */ -#define OSSL_EXCHANGE_PARAM_PAD "exchange-pad" /* uint */ +#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ + +/* Signature parameters */ +#define OSSL_SIGNATURE_PARAM_DIGEST "digest" +#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE "digest-size" # ifdef __cplusplus } diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 521cd8c800..002582012e 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -156,8 +156,9 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, # define OSSL_OP_KDF 4 # define OSSL_OP_KEYMGMT 10 # define OSSL_OP_KEYEXCH 11 +# define OSSL_OP_SIGNATURE 12 /* Highest known operation number */ -# define OSSL_OP__HIGHEST 11 +# define OSSL_OP__HIGHEST 12 /* Digests */ @@ -388,7 +389,8 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportkey_types, (void)) # define OSSL_FUNC_KEYEXCH_SET_PEER 4 # define OSSL_FUNC_KEYEXCH_FREECTX 5 # define OSSL_FUNC_KEYEXCH_DUPCTX 6 -# define OSSL_FUNC_KEYEXCH_SET_PARAMS 7 +# define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 7 +# define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 8 OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, void *provkey)) @@ -397,8 +399,57 @@ OSSL_CORE_MAKE_FUNC(int, OP_keyexch_derive, (void *ctx, unsigned char *secret, OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_peer, (void *ctx, void *provkey)) OSSL_CORE_MAKE_FUNC(void, OP_keyexch_freectx, (void *ctx)) OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_dupctx, (void *ctx)) -OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_params, (void *ctx, - const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_ctx_params, (void *ctx, + const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_settable_ctx_params, + (void)) + +/* Signature */ + +# define OSSL_FUNC_SIGNATURE_NEWCTX 1 +# define OSSL_FUNC_SIGNATURE_SIGN_INIT 2 +# define OSSL_FUNC_SIGNATURE_SIGN 3 +# define OSSL_FUNC_SIGNATURE_VERIFY_INIT 4 +# define OSSL_FUNC_SIGNATURE_VERIFY 5 +# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT 6 +# define OSSL_FUNC_SIGNATURE_VERIFY_RECOVER 7 +# define OSSL_FUNC_SIGNATURE_FREECTX 8 +# define OSSL_FUNC_SIGNATURE_DUPCTX 9 +# define OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS 10 +# define OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS 11 +# define OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS 12 +# define OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS 13 + +OSSL_CORE_MAKE_FUNC(void *, OP_signature_newctx, (void *provctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_sign_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_sign, (void *ctx, unsigned char *sig, + size_t *siglen, size_t sigsize, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_init, (void *ctx, void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify, (void *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_recover_init, (void *ctx, + void *provkey)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_verify_recover, (void *ctx, + unsigned char *rout, + size_t *routlen, + size_t routsize, + const unsigned char *sig, + size_t siglen)) +OSSL_CORE_MAKE_FUNC(void, OP_signature_freectx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_signature_dupctx, (void *ctx)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_get_ctx_params, + (void *ctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_gettable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(int, OP_signature_set_ctx_params, + (void *ctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_signature_settable_ctx_params, + (void)) # ifdef __cplusplus } diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d1bd0b69d0..69d70e5e9c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1337,6 +1337,9 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_security_bits) (const EVP_PKEY *pk)); +int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); + # define EVP_PKEY_OP_UNDEFINED 0 # define EVP_PKEY_OP_PARAMGEN (1<<1) # define EVP_PKEY_OP_KEYGEN (1<<2) @@ -1362,14 +1365,6 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, # define EVP_PKEY_OP_TYPE_GEN \ (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) -# define EVP_PKEY_CTX_set_signature_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ - EVP_PKEY_CTRL_MD, 0, (void *)(md)) - -# define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ - EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ - EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd)) - # define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key)) @@ -1429,7 +1424,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, @@ -1470,14 +1468,23 @@ EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); +int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); +OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); +EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm, + const char *properties); + +int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature); int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature); int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature); int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 7eec053bee..530de2d20c 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -108,6 +108,8 @@ typedef struct evp_kdf_ctx_st EVP_KDF_CTX; typedef struct evp_keyexch_st EVP_KEYEXCH; +typedef struct evp_signature_st EVP_SIGNATURE; + typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; typedef struct hmac_ctx_st HMAC_CTX; diff --git a/providers/common/build.info b/providers/common/build.info index b098ca6958..916cc3e4ea 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,4 +1,4 @@ -SUBDIRS=digests ciphers macs kdfs exchange keymgmt +SUBDIRS=digests ciphers macs kdfs exchange keymgmt signature $COMMON=provider_util.c SOURCE[../../libcrypto]=$COMMON provider_err.c provlib.c diff --git a/providers/common/exchange/dh_exch.c b/providers/common/exchange/dh_exch.c index 5ff8318725..cfbda43fb8 100644 --- a/providers/common/exchange/dh_exch.c +++ b/providers/common/exchange/dh_exch.c @@ -20,6 +20,8 @@ static OSSL_OP_keyexch_set_peer_fn dh_set_peer; static OSSL_OP_keyexch_derive_fn dh_derive; static OSSL_OP_keyexch_freectx_fn dh_freectx; static OSSL_OP_keyexch_dupctx_fn dh_dupctx; +static OSSL_OP_keyexch_set_ctx_params_fn dh_set_ctx_params; +static OSSL_OP_keyexch_settable_ctx_params_fn dh_settable_ctx_params; /* * What's passed as an actual key is defined by the KEYMGMT interface. @@ -124,7 +126,7 @@ static void *dh_dupctx(void *vpdhctx) return dstctx; } -static int dh_set_params(void *vpdhctx, const OSSL_PARAM params[]) +static int dh_set_ctx_params(void *vpdhctx, const OSSL_PARAM params[]) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; const OSSL_PARAM *p; @@ -140,6 +142,16 @@ static int dh_set_params(void *vpdhctx, const OSSL_PARAM params[]) return 1; } +static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_PAD, NULL), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *dh_settable_ctx_params(void) +{ + return known_settable_ctx_params; +} + const OSSL_DISPATCH dh_keyexch_functions[] = { { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))dh_newctx }, { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))dh_init }, @@ -147,6 +159,8 @@ const OSSL_DISPATCH dh_keyexch_functions[] = { { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))dh_set_peer }, { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))dh_freectx }, { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))dh_dupctx }, - { OSSL_FUNC_KEYEXCH_SET_PARAMS, (void (*)(void))dh_set_params }, + { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))dh_set_ctx_params }, + { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, + (void (*)(void))dh_settable_ctx_params }, { 0, NULL } }; diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index b9d257649f..92aa64772e 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -161,6 +161,10 @@ extern const OSSL_DISPATCH kdf_x942_kdf_functions[]; /* Key management */ extern const OSSL_DISPATCH dh_keymgmt_functions[]; +extern const OSSL_DISPATCH dsa_keymgmt_functions[]; /* Key Exchange */ extern const OSSL_DISPATCH dh_keyexch_functions[]; + +/* Signature */ +extern const OSSL_DISPATCH dsa_signature_functions[]; diff --git a/providers/common/keymgmt/build.info b/providers/common/keymgmt/build.info index a41f3dac6e..4e7bc750f5 100644 --- a/providers/common/keymgmt/build.info +++ b/providers/common/keymgmt/build.info @@ -1,5 +1,5 @@ LIBS=../../../libcrypto IF[{- !$disabled{dh} -}] SOURCE[../../../libcrypto]=\ - dh_kmgmt.c + dh_kmgmt.c dsa_kmgmt.c ENDIF diff --git a/providers/common/keymgmt/dh_kmgmt.c b/providers/common/keymgmt/dh_kmgmt.c index 67e3205edc..c13f07546b 100644 --- a/providers/common/keymgmt/dh_kmgmt.c +++ b/providers/common/keymgmt/dh_kmgmt.c @@ -24,8 +24,8 @@ static int params_to_key(DH *dh, const OSSL_PARAM params[]) if (dh == NULL) return 0; - param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_P); - param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_G); + param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P); + param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G); param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_KEY); param_pub_key = diff --git a/providers/common/keymgmt/dsa_kmgmt.c b/providers/common/keymgmt/dsa_kmgmt.c new file mode 100644 index 0000000000..a53c0b212c --- /dev/null +++ b/providers/common/keymgmt/dsa_kmgmt.c @@ -0,0 +1,91 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/provider_algs.h" + +static OSSL_OP_keymgmt_importkey_fn dsa_importkey; + +static int params_to_key(DSA *dsa, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_p, *param_q, *param_g, *param_priv_key; + const OSSL_PARAM *param_pub_key; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv_key = NULL, *pub_key = NULL; + + if (dsa == NULL) + return 0; + + param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P); + param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q); + param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G); + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DSA_PRIV_KEY); + param_pub_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DSA_PUB_KEY); + + /* + * DSA documentation says that a public key must be present if a private key + * is. + */ + if (param_priv_key != NULL && param_pub_key == NULL) + return 0; + + if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p)) + || (param_q != NULL && !OSSL_PARAM_get_BN(param_q, &q)) + || (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g)) + || (param_priv_key != NULL + && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + || (param_pub_key != NULL + && !OSSL_PARAM_get_BN(param_pub_key, &pub_key))) + goto err; + + if (!DSA_set0_pqg(dsa, p, q, g)) + goto err; + p = q = g = NULL; + + if (pub_key != NULL && !DSA_set0_key(dsa, pub_key, priv_key)) + goto err; + priv_key = pub_key = NULL; + + return 1; + + err: + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(priv_key); + BN_free(pub_key); + return 0; +} + +static void *dsa_importkey(void *provctx, const OSSL_PARAM params[]) +{ + DSA *dsa; + + if ((dsa = DSA_new()) == NULL + || !params_to_key(dsa, params)) { + DSA_free(dsa); + dsa = NULL; + } + return dsa; +} + +const OSSL_DISPATCH dsa_keymgmt_functions[] = { + /* + * TODO(3.0) When implementing OSSL_FUNC_KEYMGMT_GENKEY, remember to also + * implement OSSL_FUNC_KEYMGMT_EXPORTKEY. + */ + { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dsa_importkey }, + { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DSA_free }, + { 0, NULL } +}; diff --git a/providers/common/exchange/build.info b/providers/common/signature/build.info similarity index 58% copy from providers/common/exchange/build.info copy to providers/common/signature/build.info index c99c9d81b5..5b64229dfc 100644 --- a/providers/common/exchange/build.info +++ b/providers/common/signature/build.info @@ -1,7 +1,7 @@ LIBS=../../../libcrypto -IF[{- !$disabled{dh} -}] +IF[{- !$disabled{dsa} -}] SOURCE[../../../libcrypto]=\ - dh_exch.c + dsa.c ENDIF diff --git a/providers/common/signature/dsa.c b/providers/common/signature/dsa.c new file mode 100644 index 0000000000..dc4eb6c6d4 --- /dev/null +++ b/providers/common/signature/dsa.c @@ -0,0 +1,207 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/provider_algs.h" + +static OSSL_OP_signature_newctx_fn dsa_newctx; +static OSSL_OP_signature_sign_init_fn dsa_signature_init; +static OSSL_OP_signature_verify_init_fn dsa_signature_init; +static OSSL_OP_signature_sign_fn dsa_sign; +static OSSL_OP_signature_freectx_fn dsa_freectx; +static OSSL_OP_signature_dupctx_fn dsa_dupctx; +static OSSL_OP_signature_get_ctx_params_fn dsa_get_ctx_params; +static OSSL_OP_signature_gettable_ctx_params_fn dsa_gettable_ctx_params; +static OSSL_OP_signature_set_ctx_params_fn dsa_set_ctx_params; +static OSSL_OP_signature_settable_ctx_params_fn dsa_settable_ctx_params; + +/* + * What's passed as an actual key is defined by the KEYMGMT interface. + * We happen to know that our KEYMGMT simply passes DSA structures, so + * we use that here too. + */ + +typedef struct { + DSA *dsa; + size_t mdsize; + /* Should be big enough */ + char mdname[80]; +} PROV_DSA_CTX; + +static void *dsa_newctx(void *provctx) +{ + return OPENSSL_zalloc(sizeof(PROV_DSA_CTX)); +} + +static int dsa_signature_init(void *vpdsactx, void *vdsa) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (pdsactx == NULL || vdsa == NULL || !DSA_up_ref(vdsa)) + return 0; + DSA_free(pdsactx->dsa); + pdsactx->dsa = vdsa; + return 1; +} + +static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, + size_t sigsize, const unsigned char *tbs, size_t tbslen) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + int ret; + unsigned int sltmp; + size_t dsasize = DSA_size(pdsactx->dsa); + + if (sig == NULL) { + *siglen = dsasize; + return 1; + } + + if (sigsize < (size_t)dsasize) + return 0; + + if (pdsactx->mdsize != 0 && tbslen != pdsactx->mdsize) + return 0; + + ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, pdsactx->dsa); + + if (ret <= 0) + return 0; + + *siglen = sltmp; + return 1; +} + +static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (pdsactx->mdsize != 0 && tbslen != pdsactx->mdsize) + return 0; + + return DSA_verify(0, tbs, tbslen, sig, siglen, pdsactx->dsa); +} + + +static void dsa_freectx(void *vpdsactx) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + DSA_free(pdsactx->dsa); + + OPENSSL_free(pdsactx); +} + +static void *dsa_dupctx(void *vpdsactx) +{ + PROV_DSA_CTX *srcctx = (PROV_DSA_CTX *)vpdsactx; + PROV_DSA_CTX *dstctx; + + dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + if (dstctx == NULL) + return NULL; + + *dstctx = *srcctx; + if (dstctx->dsa != NULL && !DSA_up_ref(dstctx->dsa)) { + OPENSSL_free(dstctx); + return NULL; + } + + return dstctx; +} + +static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + OSSL_PARAM *p; + + if (pdsactx == NULL || params == NULL) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); + if (p != NULL && !OSSL_PARAM_set_size_t(p, pdsactx->mdsize)) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); + if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->mdname)) + return 0; + + return 1; +} + +static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *dsa_gettable_ctx_params(void) +{ + return known_gettable_ctx_params; +} + +static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) +{ + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + const OSSL_PARAM *p; + char *mdname; + + if (pdsactx == NULL || params == NULL) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); + if (p != NULL && !OSSL_PARAM_get_size_t(p, &pdsactx->mdsize)) + return 0; + + /* + * We never actually use the mdname, but we do support getting it later. + * This can be useful for applications that want to know the MD that they + * previously set. + */ + p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); + mdname = pdsactx->mdname; + if (p != NULL + && !OSSL_PARAM_get_utf8_string(p, &mdname, sizeof(pdsactx->mdname))) + return 0; + + return 1; +} + +static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *dsa_settable_ctx_params(void) +{ + return known_settable_ctx_params; +} + +const OSSL_DISPATCH dsa_signature_functions[] = { + { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))dsa_newctx }, + { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))dsa_signature_init }, + { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))dsa_sign }, + { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))dsa_signature_init }, + { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))dsa_verify }, + { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))dsa_freectx }, + { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))dsa_dupctx }, + { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))dsa_get_ctx_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, + (void (*)(void))dsa_gettable_ctx_params }, + { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))dsa_set_ctx_params }, + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, + (void (*)(void))dsa_settable_ctx_params }, + { 0, NULL } +}; diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 8a950482c8..9ce918aea5 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -234,9 +234,20 @@ static const OSSL_ALGORITHM deflt_keyexch[] = { { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM deflt_signature[] = { +#ifndef OPENSSL_NO_DSA + { "DSA", "default=yes", dsa_signature_functions }, +#endif + { NULL, NULL, NULL } +}; + + static const OSSL_ALGORITHM deflt_keymgmt[] = { #ifndef OPENSSL_NO_DH { "dhKeyAgreement", "default=yes", dh_keymgmt_functions }, +#endif +#ifndef OPENSSL_NO_DSA + { "DSA", "default=yes", dsa_keymgmt_functions }, #endif { NULL, NULL, NULL } }; @@ -259,6 +270,8 @@ static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, return deflt_keymgmt; case OSSL_OP_KEYEXCH: return deflt_keyexch; + case OSSL_OP_SIGNATURE: + return deflt_signature; } return NULL; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 1ad62d2f79..7b7c632dd1 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -19,6 +19,8 @@ #include #include #include +#include +#include #include "testutil.h" #include "internal/nelem.h" #include "internal/evp_int.h" @@ -1393,6 +1395,117 @@ static int test_EVP_CIPHER_fetch(int tst) return ret; } +/* Test getting and setting parameters on an EVP_PKEY_CTX */ +static int test_EVP_PKEY_CTX_get_set_params(void) +{ + EVP_PKEY_CTX *ctx = NULL; + EVP_SIGNATURE *dsaimpl = NULL; + const OSSL_PARAM *params; + OSSL_PARAM ourparams[2], *param = ourparams; + DSA *dsa = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + EVP_PKEY *pkey = NULL; + int ret = 0; + const EVP_MD *md; + size_t mdsize = SHA512_DIGEST_LENGTH; + + /* + * Setup the parameters for our DSA object. For our purposes they don't have + * to actually be *valid* parameters. We just need to set something. We + * don't even need a pub_key/priv_key. + */ + dsa = DSA_new(); + p = BN_new(); + q = BN_new(); + g = BN_new(); + if (!TEST_ptr(dsa) + || !TEST_ptr(p) + || !TEST_ptr(q) + || !TEST_ptr(g) + || !DSA_set0_pqg(dsa, p, q, g)) + goto err; + p = q = g = NULL; + + pkey = EVP_PKEY_new(); + if (!TEST_ptr(pkey) + || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa))) + goto err; + + dsa = NULL; + + /* Initialise a sign operation */ + ctx = EVP_PKEY_CTX_new(pkey, NULL); + dsaimpl = EVP_SIGNATURE_fetch(NULL, "DSA", NULL); + if (!TEST_ptr(ctx) + || !TEST_ptr(dsaimpl) + || !TEST_int_gt(EVP_PKEY_sign_init_ex(ctx, dsaimpl), 0)) + goto err; + + /* + * We should be able to query the parameters now. The default DSA + * implementation supports exactly one parameter - so we expect to see that + * returned and no more. + */ + params = EVP_PKEY_CTX_settable_params(ctx); + if (!TEST_ptr(params) + || !TEST_int_eq(strcmp(params[0].key, + OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0) + || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST), + 0) + /* The final key should be NULL */ + || !TEST_ptr_null(params[2].key)) + goto err; + + /* Gettable params are the same as the settable ones */ + params = EVP_PKEY_CTX_gettable_params(ctx); + if (!TEST_ptr(params) + || !TEST_int_eq(strcmp(params[0].key, + OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0) + || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST), + 0) + /* The final key should be NULL */ + || !TEST_ptr_null(params[2].key)) + goto err; + + /* + * Test getting and setting params via EVP_PKEY_CTX_set_params() and + * EVP_PKEY_CTX_get_params() + */ + *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, + &mdsize); + *param++ = OSSL_PARAM_construct_end(); + + if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) + goto err; + + mdsize = 0; + if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) + || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH)) + goto err; + + /* + * Test the TEST_PKEY_CTX_set_signature_md() and + * TEST_PKEY_CTX_get_signature_md() functions + */ + if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) + || !TEST_ptr_eq(md, EVP_sha256())) + goto err; + + ret = 1; + + err: + EVP_PKEY_CTX_free(ctx); + EVP_SIGNATURE_free(dsaimpl); + EVP_PKEY_free(pkey); + DSA_free(dsa); + BN_free(p); + BN_free(q); + BN_free(g); + + return ret; +} + int setup_tests(void) { ADD_TEST(test_EVP_DigestSignInit); @@ -1429,5 +1542,6 @@ int setup_tests(void) ADD_ALL_TESTS(test_EVP_MD_fetch, 5); ADD_ALL_TESTS(test_EVP_CIPHER_fetch, 5); #endif + ADD_TEST(test_EVP_PKEY_CTX_get_set_params); return 1; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 442a6bb02f..e5c869af44 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4740,3 +4740,15 @@ EVP_KDF_gettable_params 4856 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_gettable_params 4857 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_settable_params 4858 3_0_0 EXIST::FUNCTION: EVP_KDF_do_all_ex 4859 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_free 4860 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_up_ref 4861 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_provider 4862 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_fetch 4863 3_0_0 EXIST::FUNCTION: +EVP_PKEY_sign_init_ex 4864 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_signature_md 4865 3_0_0 EXIST::FUNCTION: +EVP_PKEY_verify_init_ex 4866 3_0_0 EXIST::FUNCTION: +EVP_PKEY_verify_recover_init_ex 4867 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_signature_md 4868 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_params 4869 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_gettable_params 4870 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_settable_params 4871 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Mon Sep 9 13:19:01 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 13:19:01 +0000 Subject: Still Failing: openssl/openssl#28069 (OpenSSL_1_1_1-stable - 8003138) In-Reply-To: Message-ID: <5d76514380a88_43fde99c57f58304042@da1e1ee4-2580-4b25-9e3c-02e5972e8674.mail> Build Update for openssl/openssl ------------------------------------- Build: #28069 Status: Still Failing Duration: 24 mins and 4 secs Commit: 8003138 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) (cherry picked from commit 2b95e8efcf8b99892106070d9ac745a0a369f503) View the changeset: https://github.com/openssl/openssl/compare/1f9dc86b557d...8003138fa967 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582668283?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Sep 9 13:19:02 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 13:19:02 +0000 Subject: Still Failing: openssl/openssl#28068 (master - 2b95e8e) In-Reply-To: Message-ID: <5d765145b0f79_43fa2ce4a57f83119f3@e58dbfa8-c41b-4575-82c1-669c0e635b7a.mail> Build Update for openssl/openssl ------------------------------------- Build: #28068 Status: Still Failing Duration: 32 mins and 39 secs Commit: 2b95e8e (master) Author: Bernd Edlinger Message: DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) View the changeset: https://github.com/openssl/openssl/compare/bfed4fc8367b...2b95e8efcf8b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582667938?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Sep 9 13:29:55 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 13:29:55 +0000 Subject: Still Failing: openssl/openssl#28070 (OpenSSL_1_1_1-stable - 4bf9781) In-Reply-To: Message-ID: <5d7653d3176a1_43f8e0b1c8d64303181@e0e1ce89-b12c-47d3-8970-dbd6053aefc2.mail> Build Update for openssl/openssl ------------------------------------- Build: #28070 Status: Still Failing Duration: 22 mins and 44 secs Commit: 4bf9781 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Use BN_clear_free in DH_set0_key Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9796) (cherry picked from commit fa01370f7dc8f0a379483bbe74de11225857e5fe) View the changeset: https://github.com/openssl/openssl/compare/8003138fa967...4bf9781adc68 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582668553?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Sep 9 13:37:26 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 13:37:26 +0000 Subject: Build failed: openssl master.27486 Message-ID: <20190909133726.1.939F46591E39D35D@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Sep 9 13:53:54 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 13:53:54 +0000 Subject: Still Failing: openssl/openssl#28073 (master - 20bf3d8) In-Reply-To: Message-ID: <5d7659725c477_43fc271333c40232049@5ac0e0d3-cb10-4459-b8a3-6218a86d0065.mail> Build Update for openssl/openssl ------------------------------------- Build: #28073 Status: Still Failing Duration: 25 mins and 26 secs Commit: 20bf3d8 (master) Author: Matt Caswell Message: Use simple names in core_names.h Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9753) View the changeset: https://github.com/openssl/openssl/compare/2b95e8efcf8b...20bf3d8b22f8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582675622?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Sep 9 14:05:04 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 14:05:04 +0000 Subject: Build completed: openssl master.27487 Message-ID: <20190909140504.1.6A65AC68C1545DFE@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Sep 9 14:34:28 2019 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 09 Sep 2019 14:34:28 +0000 Subject: Build failed: openssl master.27489 Message-ID: <20190909143428.1.0C62C566E5366C0E@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Mon Sep 9 14:44:53 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Sep 2019 14:44:53 +0000 Subject: [openssl] master update Message-ID: <1568040293.524236.2158.nullmailer@dev.openssl.org> The branch master has been updated via d3a1128bc25ec8bf835c81821e1be68fba39ab4b (commit) from 20bf3d8b22f8c1a3529034007d3618fd1fc4fa16 (commit) - Log ----------------------------------------------------------------- commit d3a1128bc25ec8bf835c81821e1be68fba39ab4b Author: Bernd Edlinger Date: Mon Sep 9 11:42:56 2019 +0200 Fix build with VS2008 crypto/rand/rand_win.c(70) : error C2065: 'BCRYPT_USE_SYSTEM_PREFERRED_RNG' : undeclared identifier Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9827) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 8b87419698..38852dc7a0 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -19,7 +19,8 @@ # include /* On Windows Vista or higher use BCrypt instead of the legacy CryptoAPI */ -# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 +# if defined(_MSC_VER) && _MSC_VER > 1500 /* 1500 = Visual Studio 2008 */ \ + && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 # define USE_BCRYPTGENRANDOM # endif From bernd.edlinger at hotmail.de Mon Sep 9 14:45:29 2019 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Sep 2019 14:45:29 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568040329.512420.3108.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 827eab4cd7f928c4e7dff8ee912f08c723b3ae0c (commit) from 4bf9781adc68684a7183961f1e5d9fbaf4885b3f (commit) - Log ----------------------------------------------------------------- commit 827eab4cd7f928c4e7dff8ee912f08c723b3ae0c Author: Bernd Edlinger Date: Mon Sep 9 11:42:56 2019 +0200 Fix build with VS2008 crypto/rand/rand_win.c(70) : error C2065: 'BCRYPT_USE_SYSTEM_PREFERRED_RNG' : undeclared identifier Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9827) (cherry picked from commit d3a1128bc25ec8bf835c81821e1be68fba39ab4b) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 56d79e7f3b..a9c5751f1a 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -19,7 +19,8 @@ # include /* On Windows Vista or higher use BCrypt instead of the legacy CryptoAPI */ -# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 +# if defined(_MSC_VER) && _MSC_VER > 1500 /* 1500 = Visual Studio 2008 */ \ + && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 # define USE_BCRYPTGENRANDOM # endif From builds at travis-ci.org Mon Sep 9 15:06:14 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 15:06:14 +0000 Subject: Still Failing: openssl/openssl#28076 (master - d3a1128) In-Reply-To: Message-ID: <5d766a661be97_43fd737aca474350236@fdc79f69-b616-45b2-9eea-619a842017d5.mail> Build Update for openssl/openssl ------------------------------------- Build: #28076 Status: Still Failing Duration: 20 mins and 32 secs Commit: d3a1128 (master) Author: Bernd Edlinger Message: Fix build with VS2008 crypto/rand/rand_win.c(70) : error C2065: 'BCRYPT_USE_SYSTEM_PREFERRED_RNG' : undeclared identifier Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9827) View the changeset: https://github.com/openssl/openssl/compare/20bf3d8b22f8...d3a1128bc25e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582722125?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Sep 9 15:10:40 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 09 Sep 2019 15:10:40 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1568041840.007904.28799.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 03e5668343 Configure: clang: move -Wno-unknown-warning-option to the front a1a0e6f285 CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it 5041ea38c9 [test] computing ECC cofactors: regression test e97bab6929 Use common digest getter for X942 KDF a1de4680fb Use common digest getter for SSH KDF 0f0db4dc25 Use common digest getter for TLS1 PRF 7e149b3928 Use common digest getter for single step KDF e957226a0c Use common digest getter for PBKDF2 86f17ed64c Use common digest getter for HKDF cb74317b4f Use common define for properties, engine, cipher and digest params c69561de00 Add 'engine' param to KDFs 96d7e2733e KMAC using common digest get code 103d8b0be4 HMAC using common digest get code 76497acf52 GMAC using common cipher get code 1dcc7ee6cf CMAC using common cipher get code 2f17cc493c Unify the digest getting code inside providers. 4fe2ee3a44 [ec/ecp_nistp*.c] restyle: use {} around `else` too e0b660c27d [ec/ecp_nistp*.c] remove flip_endian() 1b338abe3a Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations 8b44198b91 Make BN_num_bits() consttime upon BN_FLG_CONSTTIME 805315d3a2 Fix a SCA leak using BN_bn2bin() 31ca19403d Fix a SCA leak in BN_generate_dsa_nonce d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. c7bfb138ac libcrypto.num entries for KDFs ad1700c706 Move OSSL_OP_KDF into its rightful place amongst the other OSSL_OP_ definitions d4496dc129 Remove reference to legacy aliases for MAC and KDF f575bd2af7 Clear collected_seed after freeing it 232ac89ce2 Lowercase command line 'N' argument since params have lower case names 65ce7e6553 Update KDF documentation (section 3) b4dca02940 Update KDF documentation (section 1) ccd7115a41 Update KDF documentation (section 7) 53598b2298 Deal with BUF_MEM_grow ambiguity ea643c959f crypto/evp/pkey_kdf.c: further special treatment of "seed" and "info" ff756eedb3 More KDF cleanup b1f1512993 PBKDF2 implementation: refactor to avoid memleak df2f8af4cb Fix memleaks in KDF implementations a941920514 crypto/evp/pkey_kdf.c: Redo parameter processing 6d1c31540f crypto/evp/kdf_meth.c: Add the reset function to the method 1f9eac279b Update private.num for KDFs/PRFs 185ce3d93e ossl_provider_library_context(NULL) returns NULL. 9d8e1569aa Params from text to allow zero length value fields d6c5d7f3de Update EVP test data for KDFs and PRFs. 59cba5ac85 KDF error codes reworked a308acb2c2 Cleanse KDF missing crypto files fe6ec26b20 Cleanse KDF error files 37ed621071 Cleanse crypto/kdf directory fb9e6dd6f8 KDF/PRF updates to libcrypto 55accfd2f1 App updates for KDF provider conversion. f05b53a368 KDF provider conversion error updates - generated 2f7557016c KDF additons to names and numbers bf5739a026 Test updates in light of the KDF switchover 492939e5ef Documentation updates in light of the KDF conversion e3405a4a9a Add KDFs to providers 7707526b8d Fix users of KDFs to use params not ctls b50ca330cb Remove old KDF initialisation ce3b1bb481 Fix TLS/SSL PRF usages. 5eb43d382b Move KDFs to the provider. dc5bcb88d8 Teach TLSProxy how to parse CertificateRequest messages debb64a0ca Don't send a status_request extension in a CertificateRequest message Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=176, Tests=1663, 878 wallclock secs ( 3.26 usr 0.46 sys + 850.99 cusr 37.81 csys = 892.52 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From nic.tuv at gmail.com Mon Sep 9 15:11:26 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 09 Sep 2019 15:11:26 +0000 Subject: [openssl] master update Message-ID: <1568041886.817326.7815.nullmailer@dev.openssl.org> The branch master has been updated via 1d3cd983f56e0a580ee4216692ee3c9c7bf14de9 (commit) from d3a1128bc25ec8bf835c81821e1be68fba39ab4b (commit) - Log ----------------------------------------------------------------- commit 1d3cd983f56e0a580ee4216692ee3c9c7bf14de9 Author: Billy Brumley Date: Mon Sep 9 11:29:09 2019 +0300 [test] ECC: check the bounds for auto computing cofactor Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9821) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/test/ectest.c b/test/ectest.c index 4f3bfb7569..58836339af 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -2121,6 +2121,96 @@ err: return r; } +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit) + * cofactor: 0x12bc94785251297abfafddf1565100da (125 bit) + */ +static const unsigned char params_cf_pass[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc, + 0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27, + 0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23, + 0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77, + 0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b, + 0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4, + 0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9, + 0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a, + 0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c, + 0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96, + 0x14, 0xa8, 0x2f, 0x4f +}; + +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x045a75c0c17228ebd9b169a10e34a22101 (131 bit) + * cofactor: 0x2e134b4ede82649f67a2e559d361e5fe (126 bit) + */ +static const unsigned char params_cf_fail[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09, + 0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d, + 0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02, + 0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59, + 0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11, + 0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24, + 0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70, + 0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73, + 0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04, + 0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e, + 0x34, 0xa2, 0x21, 0x01 +}; + +/*- + * Test two random 256-bit explicit parameters curves with absent cofactor. + * The two curves are chosen to roughly straddle the bounds at which the lib + * can compute the cofactor automatically, roughly 4*sqrt(p). So test that: + * + * - params_cf_pass: order is sufficiently close to p to compute cofactor + * - params_cf_fail: order is too far away from p to compute cofactor + * + * For standards-compliant curves, cofactor is chosen as small as possible. + * So you can see neither of these curves are fit for cryptographic use. + * + * Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2: + * h <= 2**(t/8) where t is the security level of the curve, for which the lib + * will always succeed in computing the cofactor. Neither of these curves + * conform to that -- this is just robustness testing. + */ +static int cofactor_range_test(void) +{ + EC_GROUP *group = NULL; + BIGNUM *cf = NULL; + int ret = 0; + const unsigned char *b1 = (const unsigned char *)params_cf_fail; + const unsigned char *b2 = (const unsigned char *)params_cf_pass; + + if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail))) + || !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group)) + || !TEST_ptr(group = d2i_ECPKParameters(&group, &b2, + sizeof(params_cf_pass))) + || !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0) + || !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group))) + goto err; + ret = 1; + err: + BN_free(cf); + EC_GROUP_free(group); + return ret; +} + /*- * For named curves, test that: * - the lib correctly computes the cofactor if passed a NULL or zero cofactor @@ -2269,6 +2359,7 @@ int setup_tests(void) return 0; ADD_TEST(parameter_test); + ADD_TEST(cofactor_range_test); ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); # ifndef OPENSSL_NO_EC2M From builds at travis-ci.org Mon Sep 9 15:17:33 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 15:17:33 +0000 Subject: Still Failing: openssl/openssl#28077 (OpenSSL_1_1_1-stable - 827eab4) In-Reply-To: Message-ID: <5d766d0d75955_43f9971ea8414901c2@b2143f78-9b2c-4cb1-9979-c0d17774c4ad.mail> Build Update for openssl/openssl ------------------------------------- Build: #28077 Status: Still Failing Duration: 25 mins and 29 secs Commit: 827eab4 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix build with VS2008 crypto/rand/rand_win.c(70) : error C2065: 'BCRYPT_USE_SYSTEM_PREFERRED_RNG' : undeclared identifier Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9827) (cherry picked from commit d3a1128bc25ec8bf835c81821e1be68fba39ab4b) View the changeset: https://github.com/openssl/openssl/compare/4bf9781adc68...827eab4cd7f9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582722379?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Mon Sep 9 15:18:35 2019 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Mon, 09 Sep 2019 15:18:35 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568042315.266712.10205.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 73a683b742b344072e36aab173493f5101992c30 (commit) from 827eab4cd7f928c4e7dff8ee912f08c723b3ae0c (commit) - Log ----------------------------------------------------------------- commit 73a683b742b344072e36aab173493f5101992c30 Author: Billy Brumley Date: Mon Sep 9 11:29:09 2019 +0300 [test] ECC: check the bounds for auto computing cofactor Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9821) (cherry picked from commit 1d3cd983f56e0a580ee4216692ee3c9c7bf14de9) ----------------------------------------------------------------------- Summary of changes: test/ectest.c | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/test/ectest.c b/test/ectest.c index ee0c4a601a..136dc741eb 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1827,6 +1827,96 @@ err: return r; } +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x0c38d96a9f892b88772ec2e39614a82f4f (132 bit) + * cofactor: 0x12bc94785251297abfafddf1565100da (125 bit) + */ +static const unsigned char params_cf_pass[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x91, 0x30, 0x44, 0x04, 0x20, 0xe5, 0x00, 0x1f, 0xc5, + 0xca, 0x71, 0x9d, 0x8e, 0xf7, 0x07, 0x4b, 0x48, 0x37, 0xf9, 0x33, 0x2d, + 0x71, 0xbf, 0x79, 0xe7, 0xdc, 0x91, 0xc2, 0xff, 0xb6, 0x7b, 0xc3, 0x93, + 0x44, 0x88, 0xe6, 0x8e, 0x04, 0x20, 0x18, 0x8c, 0x59, 0x57, 0xc4, 0xbc, + 0x85, 0x57, 0xc3, 0x66, 0x9f, 0x89, 0xd5, 0x92, 0x0d, 0x7e, 0x42, 0x27, + 0x07, 0x64, 0xaa, 0x26, 0xed, 0x89, 0xc4, 0x09, 0x05, 0x4d, 0xc7, 0x23, + 0x47, 0xda, 0x04, 0x41, 0x04, 0x1b, 0x6b, 0x41, 0x0b, 0xf9, 0xfb, 0x77, + 0xfd, 0x50, 0xb7, 0x3e, 0x23, 0xa3, 0xec, 0x9a, 0x3b, 0x09, 0x31, 0x6b, + 0xfa, 0xf6, 0xce, 0x1f, 0xff, 0xeb, 0x57, 0x93, 0x24, 0x70, 0xf3, 0xf4, + 0xba, 0x7e, 0xfa, 0x86, 0x6e, 0x19, 0x89, 0xe3, 0x55, 0x6d, 0x5a, 0xe9, + 0xc0, 0x3d, 0xbc, 0xfb, 0xaf, 0xad, 0xd4, 0x7e, 0xa6, 0xe5, 0xfa, 0x1a, + 0x58, 0x07, 0x9e, 0x8f, 0x0d, 0x3b, 0xf7, 0x38, 0xca, 0x02, 0x11, 0x0c, + 0x38, 0xd9, 0x6a, 0x9f, 0x89, 0x2b, 0x88, 0x77, 0x2e, 0xc2, 0xe3, 0x96, + 0x14, 0xa8, 0x2f, 0x4f +}; + +/*- + * random 256-bit explicit parameters curve, cofactor absent + * order: 0x045a75c0c17228ebd9b169a10e34a22101 (131 bit) + * cofactor: 0x2e134b4ede82649f67a2e559d361e5fe (126 bit) + */ +static const unsigned char params_cf_fail[] = { + 0x30, 0x81, 0xcd, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x13, 0x30, 0x44, 0x04, 0x20, 0xc8, 0x95, 0x27, 0x37, + 0xe8, 0xe1, 0xfd, 0xcc, 0xf9, 0x6e, 0x0c, 0xa6, 0x21, 0xc1, 0x7d, 0x6b, + 0x9d, 0x44, 0x42, 0xea, 0x73, 0x4e, 0x04, 0xb6, 0xac, 0x62, 0x50, 0xd0, + 0x33, 0xc2, 0xea, 0x10, 0x04, 0x20, 0xbf, 0xa6, 0xa8, 0x05, 0x1d, 0x09, + 0xac, 0x70, 0x39, 0xbb, 0x4d, 0xb2, 0x90, 0x8a, 0x15, 0x41, 0x14, 0x1d, + 0x11, 0x86, 0x9f, 0x13, 0xa2, 0x63, 0x1a, 0xda, 0x95, 0x22, 0x4d, 0x02, + 0x15, 0x0a, 0x04, 0x41, 0x04, 0xaf, 0x16, 0x71, 0xf9, 0xc4, 0xc8, 0x59, + 0x1d, 0xa3, 0x6f, 0xe7, 0xc3, 0x57, 0xa1, 0xfa, 0x9f, 0x49, 0x7c, 0x11, + 0x27, 0x05, 0xa0, 0x7f, 0xff, 0xf9, 0xe0, 0xe7, 0x92, 0xdd, 0x9c, 0x24, + 0x8e, 0xc7, 0xb9, 0x52, 0x71, 0x3f, 0xbc, 0x7f, 0x6a, 0x9f, 0x35, 0x70, + 0xe1, 0x27, 0xd5, 0x35, 0x8a, 0x13, 0xfa, 0xa8, 0x33, 0x3e, 0xd4, 0x73, + 0x1c, 0x14, 0x58, 0x9e, 0xc7, 0x0a, 0x87, 0x65, 0x8d, 0x02, 0x11, 0x04, + 0x5a, 0x75, 0xc0, 0xc1, 0x72, 0x28, 0xeb, 0xd9, 0xb1, 0x69, 0xa1, 0x0e, + 0x34, 0xa2, 0x21, 0x01 +}; + +/*- + * Test two random 256-bit explicit parameters curves with absent cofactor. + * The two curves are chosen to roughly straddle the bounds at which the lib + * can compute the cofactor automatically, roughly 4*sqrt(p). So test that: + * + * - params_cf_pass: order is sufficiently close to p to compute cofactor + * - params_cf_fail: order is too far away from p to compute cofactor + * + * For standards-compliant curves, cofactor is chosen as small as possible. + * So you can see neither of these curves are fit for cryptographic use. + * + * Some standards even mandate an upper bound on the cofactor, e.g. SECG1 v2: + * h <= 2**(t/8) where t is the security level of the curve, for which the lib + * will always succeed in computing the cofactor. Neither of these curves + * conform to that -- this is just robustness testing. + */ +static int cofactor_range_test(void) +{ + EC_GROUP *group = NULL; + BIGNUM *cf = NULL; + int ret = 0; + const unsigned char *b1 = (const unsigned char *)params_cf_fail; + const unsigned char *b2 = (const unsigned char *)params_cf_pass; + + if (!TEST_ptr(group = d2i_ECPKParameters(NULL, &b1, sizeof(params_cf_fail))) + || !TEST_BN_eq_zero(EC_GROUP_get0_cofactor(group)) + || !TEST_ptr(group = d2i_ECPKParameters(&group, &b2, + sizeof(params_cf_pass))) + || !TEST_int_gt(BN_hex2bn(&cf, "12bc94785251297abfafddf1565100da"), 0) + || !TEST_BN_eq(cf, EC_GROUP_get0_cofactor(group))) + goto err; + ret = 1; + err: + BN_free(cf); + EC_GROUP_free(group); + return ret; +} + /*- * For named curves, test that: * - the lib correctly computes the cofactor if passed a NULL or zero cofactor @@ -1920,6 +2010,7 @@ int setup_tests(void) return 0; ADD_TEST(parameter_test); + ADD_TEST(cofactor_range_test); ADD_ALL_TESTS(cardinality_test, crv_len); ADD_TEST(prime_field_tests); # ifndef OPENSSL_NO_EC2M From builds at travis-ci.org Mon Sep 9 15:39:58 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 15:39:58 +0000 Subject: Still Failing: openssl/openssl#28080 (master - 1d3cd98) In-Reply-To: Message-ID: <5d76724debb72_43f8e0a5183443505f1@e0e1ce89-b12c-47d3-8970-dbd6053aefc2.mail> Build Update for openssl/openssl ------------------------------------- Build: #28080 Status: Still Failing Duration: 24 mins and 11 secs Commit: 1d3cd98 (master) Author: Billy Brumley Message: [test] ECC: check the bounds for auto computing cofactor Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9821) View the changeset: https://github.com/openssl/openssl/compare/d3a1128bc25e...1d3cd983f56e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582734749?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Sep 9 15:58:24 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 15:58:24 +0000 Subject: Still Failing: openssl/openssl#28083 (OpenSSL_1_1_1-stable - 73a683b) In-Reply-To: Message-ID: <5d76769f8ba40_43faaf4db61482839af@408b7db9-406b-476e-9471-b8acc5ff8f22.mail> Build Update for openssl/openssl ------------------------------------- Build: #28083 Status: Still Failing Duration: 19 mins and 7 secs Commit: 73a683b (OpenSSL_1_1_1-stable) Author: Billy Brumley Message: [test] ECC: check the bounds for auto computing cofactor Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/9821) (cherry picked from commit 1d3cd983f56e0a580ee4216692ee3c9c7bf14de9) View the changeset: https://github.com/openssl/openssl/compare/827eab4cd7f9...73a683b742b3 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582738390?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Sep 9 16:01:39 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Sep 2019 16:01:39 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568044899.486261.17051.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 66fd724daa89996bb775ab8911479c11143b44df (commit) from 21c856b75d81eff61aa63b4f036bb64a85bf6d46 (commit) - Log ----------------------------------------------------------------- commit 66fd724daa89996bb775ab8911479c11143b44df Author: Nicola Tuveri Date: Sat Sep 7 18:05:31 2019 +0300 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Description ----------- Upon `EC_GROUP_new_from_ecparameters()` check if the parameters match any of the built-in curves. If that is the case, return a new `EC_GROUP_new_by_curve_name()` object instead of the explicit parameters `EC_GROUP`. This affects all users of `EC_GROUP_new_from_ecparameters()`: - direct calls to `EC_GROUP_new_from_ecparameters()` - direct calls to `EC_GROUP_new_from_ecpkparameters()` with an explicit parameters argument - ASN.1 parsing of explicit parameters keys (as it eventually ends up calling `EC_GROUP_new_from_ecpkparameters()`) A parsed explicit parameter key will still be marked with the `OPENSSL_EC_EXPLICIT_CURVE` ASN.1 flag on load, so, unless programmatically forced otherwise, if the key is eventually serialized the output will still be encoded with explicit parameters, even if internally it is treated as a named curve `EC_GROUP`. Before this change, creating any `EC_GROUP` object using `EC_GROUP_new_from_ecparameters()`, yielded an object associated with the default generic `EC_METHOD`, but this was never guaranteed in the documentation. After this commit, users of the library that intentionally want to create an `EC_GROUP` object using a specific `EC_METHOD` can still explicitly call `EC_GROUP_new(foo_method)` and then manually set the curve parameters using `EC_GROUP_set_*()`. Motivation ---------- This has obvious performance benefits for the built-in curves with specialized `EC_METHOD`s and subtle but important security benefits: - the specialized methods have better security hardening than the generic implementations - optional fields in the parameter encoding, like the `cofactor`, cannot be leveraged by an attacker to force execution of the less secure code-paths for single point scalar multiplication - in general, this leads to reducing the attack surface Check the manuscript at https://arxiv.org/abs/1909.01785 for an in depth analysis of the issues related to this commit. It should be noted that `libssl` does not allow to negotiate explicit parameters (as per RFC 8422), so it is not directly affected by the consequences of using explicit parameters that this commit fixes. On the other hand, we detected external applications and users in the wild that use explicit parameters by default (and sometimes using 0 as the cofactor value, which is technically not a valid value per the specification, but is tolerated by parsers for wider compatibility given that the field is optional). These external users of `libcrypto` are exposed to these vulnerabilities and their security will benefit from this commit. Related commits --------------- While this commit is beneficial for users using built-in curves and explicit parameters encoding for serialized keys, commit b783beeadf6b80bc431e6f3230b5d5585c87ef87 (and its equivalents for the 1.0.2, 1.1.0 and 1.1.1 stable branches) fixes the consequences of the invalid cofactor values more in general also for other curves (CVE-2019-1547). The following list covers commits in `master` that are related to the vulnerabilities presented in the manuscript motivating this commit: - d2baf88c43 [crypto/rsa] Set the constant-time flag in multi-prime RSA too - 311e903d84 [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. - b783beeadf [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it - 724339ff44 Fix SCA vulnerability when using PVK and MSBLOB key formats Note that the PRs that contributed the listed commits also include other commits providing related testing and documentation, in addition to links to PRs and commits backporting the fixes to the 1.0.2, 1.1.0 and 1.1.1 branches. This commit includes a partial backport of https://github.com/openssl/openssl/pull/8555 (commit 8402cd5f75f8c2f60d8bd39775b24b03dd8b3b38) for which the main author is Shane Lontis. Responsible Disclosure ---------------------- This and the other issues presented in https://arxiv.org/abs/1909.01785 were reported by Cesar Pereida Garc?a, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya and Billy Bob Brumley from the NISEC group at Tampere University, FINLAND. The OpenSSL Security Team evaluated the security risk for this vulnerability as low, and encouraged to propose fixes using public Pull Requests. _______________________________________________________________________________ Co-authored-by: Shane Lontis (Backport from https://github.com/openssl/openssl/pull/9808) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9811) ----------------------------------------------------------------------- Summary of changes: CHANGES | 11 +++++ crypto/ec/ec_asn1.c | 76 +++++++++++++++++++++++++++++++--- crypto/ec/ec_curve.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++ crypto/ec/ec_lcl.h | 15 +++++++ crypto/ec/ec_lib.c | 57 ++++++++++++++++++++++++++ 5 files changed, 268 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index ee272f2266..e9b467bd04 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,17 @@ Changes between 1.0.2s and 1.0.2t [xx XXX xxxx] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters, when loading a serialized key + or calling `EC_GROUP_new_from_ecpkparameters()`/ + `EC_GROUP_new_from_ecparameters()`. + This prevents bypass of security hardening and performance gains, + especially for curves with specialized EC_METHODs. + By default, if a key encoded with explicit parameters is loaded and later + serialized, the output is still encoded with explicit parameters, even if + internally a "named" EC_GROUP is used for computation. + [Nicola Tuveri] + *) Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. It also diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index b0cd3e1788..a9b90787c5 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -695,10 +695,12 @@ ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) { int ok = 0, tmp; - EC_GROUP *ret = NULL; + EC_GROUP *ret = NULL, *dup = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; EC_POINT *point = NULL; long field_bits; + int curve_name = NID_undef; + BN_CTX *ctx = NULL; if (!params->fieldID || !params->fieldID->fieldType || !params->fieldID->p.ptr) { @@ -914,13 +916,75 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) goto err; } + /* + * Check if the explicit parameters group just created matches one of the + * built-in curves. + * + * We create a copy of the group just built, so that we can remove optional + * fields for the lookup: we do this to avoid the possibility that one of + * the optional parameters is used to force the library into using a less + * performant and less secure EC_METHOD instead of the specialized one. + * In any case, `seed` is not really used in any computation, while a + * cofactor different from the one in the built-in table is just + * mathematically wrong anyway and should not be used. + */ + if ((ctx = BN_CTX_new()) == NULL) { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); + goto err; + } + if ((dup = EC_GROUP_dup(ret)) == NULL + || EC_GROUP_set_seed(dup, NULL, 0) != 1 + || !EC_GROUP_set_generator(dup, point, a, NULL)) { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); + goto err; + } + if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) { + /* + * The input explicit parameters successfully matched one of the + * built-in curves: often for built-in curves we have specialized + * methods with better performance and hardening. + * + * In this case we replace the `EC_GROUP` created through explicit + * parameters with one created from a named group. + */ + EC_GROUP *named_group = NULL; + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + /* + * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for + * the same curve, we prefer the SECP nid when matching explicit + * parameters as that is associated with a specialized EC_METHOD. + */ + if (curve_name == NID_wap_wsg_idm_ecid_wtls12) + curve_name = NID_secp224r1; +#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ + + if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); + goto err; + } + EC_GROUP_free(ret); + ret = named_group; + + /* + * Set the flag so that EC_GROUPs created from explicit parameters are + * serialized using explicit parameters by default. + * + * 0x0 = OPENSSL_EC_EXPLICIT_CURVE + */ + EC_GROUP_set_asn1_flag(ret, 0x0); + } + ok = 1; - err:if (!ok) { + err: + if (!ok) { if (ret) - EC_GROUP_clear_free(ret); + EC_GROUP_free(ret); ret = NULL; } + if (dup) + EC_GROUP_free(dup); if (p) BN_free(p); @@ -930,6 +994,8 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) BN_free(b); if (point) EC_POINT_free(point); + if (ctx) + BN_CTX_free(ctx); return (ret); } @@ -990,7 +1056,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) } if (a && *a) - EC_GROUP_clear_free(*a); + EC_GROUP_free(*a); if (a) *a = group; @@ -1040,7 +1106,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (priv_key->parameters) { if (ret->group) - EC_GROUP_clear_free(ret->group); + EC_GROUP_free(ret->group); ret->group = ec_asn1_pkparameters2group(priv_key->parameters); } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 6dbe9d8258..9d4c71637b 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -75,6 +75,8 @@ #include #include +#include "bn_int.h" + #ifdef OPENSSL_FIPS # include #endif @@ -3246,3 +3248,115 @@ int EC_curve_nist2nid(const char *name) } return NID_undef; } + +#define NUM_BN_FIELDS 6 +/* + * Validates EC domain parameter data for known named curves. + * This can be used when a curve is loaded explicitly (without a curve + * name) or to validate that domain parameters have not been modified. + * + * Returns: The nid associated with the found named curve, or NID_undef + * if not found. If there was an error it returns -1. + */ +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) +{ + int ret = -1, nid, len, field_type, param_len; + size_t i, seed_len; + const unsigned char *seed, *params_seed, *params; + unsigned char *param_bytes = NULL; + const EC_CURVE_DATA *data; + const EC_POINT *generator = NULL; + const EC_METHOD *meth; + const BIGNUM *cofactor = NULL; + /* An array of BIGNUMs for (p, a, b, x, y, order) */ + BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; + + meth = EC_GROUP_method_of(group); + if (meth == NULL) + return -1; + /* Use the optional named curve nid as a search field */ + nid = EC_GROUP_get_curve_name(group); + field_type = EC_METHOD_get_field_type(meth); + seed_len = EC_GROUP_get_seed_len(group); + seed = EC_GROUP_get0_seed(group); + cofactor = &group->cofactor; + + BN_CTX_start(ctx); + + /* + * The built-in curves contains data fields (p, a, b, x, y, order) that are + * all zero-padded to be the same size. The size of the padding is + * determined by either the number of bytes in the field modulus (p) or the + * EC group order, whichever is larger. + */ + param_len = BN_num_bytes(&group->order); + len = BN_num_bytes(&group->field); + if (len > param_len) + param_len = len; + + /* Allocate space to store the padded data for (p, a, b, x, y, order) */ + param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); + if (param_bytes == NULL) + goto end; + + /* Create the bignums */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if ((bn[i] = BN_CTX_get(ctx)) == NULL) + goto end; + } + /* + * Fill in the bn array with the same values as the internal curves + * i.e. the values are p, a, b, x, y, order. + */ + /* Get p, a & b */ + if (!(ec_group_get_curve(group, bn[0], bn[1], bn[2], ctx) + && ((generator = EC_GROUP_get0_generator(group)) != NULL) + /* Get x & y */ + && ec_point_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) + /* Get order */ + && EC_GROUP_get_order(group, bn[5], ctx))) + goto end; + + /* + * Convert the bignum array to bytes that are joined together to form + * a single buffer that contains data for all fields. + * (p, a, b, x, y, order) are all zero padded to be the same size. + */ + for (i = 0; i < NUM_BN_FIELDS; ++i) { + if (bn_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) + goto end; + } + + for (i = 0; i < curve_list_length; i++) { + const ec_list_element curve = curve_list[i]; + + data = curve.data; + /* Get the raw order byte data */ + params_seed = (const unsigned char *)(data + 1); /* skip header */ + params = params_seed + data->seed_len; + + /* Look for unique fields in the fixed curve data */ + if (data->field_type == field_type + && param_len == data->param_len + && (nid <= 0 || nid == curve.nid) + /* check the optional cofactor (ignore if its zero) */ + && (BN_is_zero(cofactor) + || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) + /* Check the optional seed (ignore if its not set) */ + && (data->seed_len == 0 || seed_len == 0 + || ((size_t)data->seed_len == seed_len + && memcmp(params_seed, seed, seed_len) == 0)) + /* Check that the groups params match the built-in curve params */ + && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) + == 0) { + ret = curve.nid; + goto end; + } + } + /* Gets here if the group was not found */ + ret = NID_undef; +end: + OPENSSL_free(param_bytes); + BN_CTX_end(ctx); + return ret; +} diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 8665a4c9c7..76deef170d 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -565,3 +565,18 @@ EC_GROUP *FIPS_ec_group_new_curve_gf2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); EC_GROUP *FIPS_ec_group_new_by_curve_name(int nid); #endif + +int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); + +/* + * The next 2 functions are just internal wrappers around the omonimous + * functions with either the `_GFp` or the `_GF2m` suffix. + * + * They are meant to facilitate backporting of code from newer branches, where + * the public API includes a "field agnostic" version of these 2 functions. + */ +int ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx); +int ec_point_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 15302322f7..e3f2e82f68 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1257,3 +1257,60 @@ int ec_precompute_mont_data(EC_GROUP *group) BN_CTX_free(ctx); return ret; } + +/* + * This is just a wrapper around the public functions + * - EC_GROUP_get_curve_GF2m + * - EC_GROUP_get_curve_GFp + * + * It is meant to facilitate backporting of code from newer branches, where + * the public API includes a "field agnostic" version of it. + */ +int ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx) +{ + int field_nid; + + field_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + +#ifndef OPENSSL_NO_EC2M + if (field_nid == NID_X9_62_characteristic_two_field) { + return EC_GROUP_get_curve_GF2m(group, p, a, b, ctx); + } else +#endif /* !def(OPENSSL_NO_EC2M) */ + if (field_nid == NID_X9_62_prime_field) { + return EC_GROUP_get_curve_GFp(group, p, a, b, ctx); + } else { + /* this should never happen */ + return 0; + } +} + +/* + * This is just a wrapper around the public functions + * - EC_POINT_get_affine_coordinates_GF2m + * - EC_POINT_get_affine_coordinates_GFp + * + * It is meant to facilitate backporting of code from newer branches, where + * the public API includes a "field agnostic" version of it. + */ +int ec_point_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, + BIGNUM *y, BN_CTX *ctx) +{ + int field_nid; + + field_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + +#ifndef OPENSSL_NO_EC2M + if (field_nid == NID_X9_62_characteristic_two_field) { + return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx); + } else +#endif /* !def(OPENSSL_NO_EC2M) */ + if (field_nid == NID_X9_62_prime_field) { + return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx); + } else { + /* this should never happen */ + return 0; + } +} From matt at openssl.org Mon Sep 9 16:14:19 2019 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Sep 2019 16:14:19 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568045659.547045.14117.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 63180182ecfe6474fbc50bc4021e558d11414e88 (commit) via 5520695c733f7e6577a8b06e5ed3e34aa48df19a (commit) via 1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be (commit) from 73a683b742b344072e36aab173493f5101992c30 (commit) - Log ----------------------------------------------------------------- commit 63180182ecfe6474fbc50bc4021e558d11414e88 Author: Dr. Matthias St. Pierre Date: Thu May 30 18:37:29 2019 +0200 drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) Since commit 7c226dfc434d a chained DRBG does not add additional data anymore when reseeding from its parent. The reason is that the size of the additional data exceeded the allowed size when no derivation function was used. This commit provides an alternative fix: instead of adding the entire DRBG's complete state, we just add the DRBG's address in memory, thereby providing some distinction between the different DRBG instances. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9802) commit 5520695c733f7e6577a8b06e5ed3e34aa48df19a Author: Dr. Matthias St. Pierre Date: Thu May 30 18:52:39 2019 +0200 drbg: add fork id to additional data on UNIX systems Provides a little extra fork-safety on UNIX systems, adding to the fact that all DRBGs reseed automatically when the fork_id changes. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9802) commit 1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be Author: Dr. Matthias St. Pierre Date: Mon May 27 21:03:09 2019 +0200 drbg: ensure fork-safety without using a pthread_atfork handler When the new OpenSSL CSPRNG was introduced in version 1.1.1, it was announced in the release notes that it would be fork-safe, which the old CSPRNG hadn't been. The fork-safety was implemented using a fork count, which was incremented by a pthread_atfork handler. Initially, this handler was enabled by default. Unfortunately, the default behaviour had to be changed for other reasons in commit b5319bdbd095, so the new OpenSSL CSPRNG failed to keep its promise. This commit restores the fork-safety using a different approach. It replaces the fork count by a fork id, which coincides with the process id on UNIX-like operating systems and is zero on other operating systems. It is used to detect when an automatic reseed after a fork is necessary. To prevent a future regression, it also adds a test to verify that the child reseeds after fork. CVE-2019-1549 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9802) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/rand_int.h | 1 - crypto/init.c | 1 - crypto/rand/drbg_lib.c | 9 +++++--- crypto/rand/rand_lcl.h | 23 +++++-------------- crypto/rand/rand_lib.c | 13 ++++------- crypto/rand/rand_unix.c | 3 +++ crypto/threads_none.c | 13 +++++++++++ crypto/threads_pthread.c | 10 +++++++++ crypto/threads_win.c | 4 ++++ include/internal/cryptlib.h | 1 + test/drbgtest.c | 45 ++++++++++++++++++++++++++++++++++++++ 11 files changed, 91 insertions(+), 32 deletions(-) diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index ea3b1a4311..a4947bc465 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -26,7 +26,6 @@ typedef struct rand_pool_st RAND_POOL; void rand_cleanup_int(void); void rand_drbg_cleanup_int(void); void drbg_delete_thread_state(void); -void rand_fork(void); /* Hardware-based seeding functions. */ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); diff --git a/crypto/init.c b/crypto/init.c index 46839e768f..9fc0e8ef68 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -847,6 +847,5 @@ void OPENSSL_fork_parent(void) void OPENSSL_fork_child(void) { - rand_fork(); } #endif diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 7d0c8027fd..12bb627a04 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -197,7 +197,7 @@ static RAND_DRBG *rand_drbg_new(int secure, } drbg->secure = secure && CRYPTO_secure_allocated(drbg); - drbg->fork_count = rand_fork_count; + drbg->fork_id = openssl_get_fork_id(); drbg->parent = parent; if (parent == NULL) { @@ -578,6 +578,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, int prediction_resistance, const unsigned char *adin, size_t adinlen) { + int fork_id; int reseed_required = 0; if (drbg->state != DRBG_READY) { @@ -603,8 +604,10 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - if (drbg->fork_count != rand_fork_count) { - drbg->fork_count = rand_fork_count; + fork_id = openssl_get_fork_id(); + + if (drbg->fork_id != fork_id) { + drbg->fork_id = fork_id; reseed_required = 1; } diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index f28642e425..1c2b266330 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -186,12 +186,12 @@ struct rand_drbg_st { int secure; /* 1: allocated on the secure heap, 0: otherwise */ int type; /* the nid of the underlying algorithm */ /* - * Stores the value of the rand_fork_count global as of when we last - * reseeded. The DRBG reseeds automatically whenever drbg->fork_count != - * rand_fork_count. Used to provide fork-safety and reseed this DRBG in - * the child process. + * Stores the return value of openssl_get_fork_id() as of when we last + * reseeded. The DRBG reseeds automatically whenever drbg->fork_id != + * openssl_get_fork_id(). Used to provide fork-safety and reseed this + * DRBG in the child process. */ - int fork_count; + int fork_id; unsigned short flags; /* various external flags */ /* @@ -283,19 +283,6 @@ struct rand_drbg_st { /* The global RAND method, and the global buffer and DRBG instance. */ extern RAND_METHOD rand_meth; -/* - * A "generation count" of forks. Incremented in the child process after a - * fork. Since rand_fork_count is increment-only, and only ever written to in - * the child process of the fork, which is guaranteed to be single-threaded, no - * locking is needed for normal (read) accesses; the rest of pthread fork - * processing is assumed to introduce the necessary memory barriers. Sibling - * children of a given parent will produce duplicate values, but this is not - * problematic because the reseeding process pulls input from the system CSPRNG - * and/or other global sources, so the siblings will end up generating - * different output streams. - */ -extern int rand_fork_count; - /* DRBG helpers */ int rand_drbg_restart(RAND_DRBG *drbg, const unsigned char *buffer, size_t len, size_t entropy); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 23bb2e68b1..945ea1e795 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -26,8 +26,6 @@ static CRYPTO_RWLOCK *rand_meth_lock; static const RAND_METHOD *default_RAND_meth; static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; -int rand_fork_count; - static CRYPTO_RWLOCK *rand_nonce_lock; static int rand_nonce_count; @@ -163,7 +161,9 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, size_t bytes = 0; /* - * Get random from parent, include our state as additional input. + * Get random data from parent. Include our address as additional input, + * in order to provide some additional distinction between different + * DRBG child instances. * Our lock is already held, but we need to lock our parent before * generating bits from it. (Note: taking the lock will be a no-op * if locking if drbg->parent->lock == NULL.) @@ -172,7 +172,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, if (RAND_DRBG_generate(drbg->parent, buffer, bytes_needed, prediction_resistance, - NULL, 0) != 0) + (unsigned char *)&drbg, sizeof(drbg)) != 0) bytes = bytes_needed; drbg->reseed_next_counter = tsan_load(&drbg->parent->reseed_prop_counter); @@ -303,11 +303,6 @@ void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out) rand_pool_reattach(pool, out); } -void rand_fork(void) -{ - rand_fork_count++; -} - DEFINE_RUN_ONCE_STATIC(do_rand_init) { #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 1f608c9565..0cfa4e0625 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -711,15 +711,18 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) int rand_pool_add_additional_data(RAND_POOL *pool) { struct { + int fork_id; CRYPTO_THREAD_ID tid; uint64_t time; } data = { 0 }; /* * Add some noise from the thread id and a high resolution timer. + * The fork_id adds some extra fork-safety. * The thread id adds a little randomness if the drbg is accessed * concurrently (which is the case for the drbg). */ + data.fork_id = openssl_get_fork_id(); data.tid = CRYPTO_THREAD_get_current_id(); data.time = get_timer_bits(); diff --git a/crypto/threads_none.c b/crypto/threads_none.c index 4b1940ae44..7348af02c1 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -12,6 +12,11 @@ #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) +# if defined(OPENSSL_SYS_UNIX) +# include +# include +# endif + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { CRYPTO_RWLOCK *lock; @@ -133,4 +138,12 @@ int openssl_init_fork_handlers(void) return 0; } +int openssl_get_fork_id(void) +{ +# if defined(OPENSSL_SYS_UNIX) + return getpid(); +# else + return return 0; +# endif +} #endif diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 5a59779ebb..7e8603de66 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -12,6 +12,11 @@ #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_UNIX) +# include +# include +#endif + # ifdef PTHREAD_RWLOCK_INITIALIZER # define USE_RWLOCK # endif @@ -193,4 +198,9 @@ int openssl_init_fork_handlers(void) # endif return 0; } + +int openssl_get_fork_id(void) +{ + return getpid(); +} #endif diff --git a/crypto/threads_win.c b/crypto/threads_win.c index b0b16fd330..44a360fcab 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -164,4 +164,8 @@ int openssl_init_fork_handlers(void) return 0; } +int openssl_get_fork_id(void) +{ + return 0; +} #endif diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index b4d76d5f2e..23e17e5586 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -80,6 +80,7 @@ extern unsigned int OPENSSL_ia32cap_P[]; void OPENSSL_showfatal(const char *fmta, ...); void crypto_cleanup_all_ex_data_int(void); int openssl_init_fork_handlers(void); +int openssl_get_fork_id(void); char *ossl_safe_getenv(const char *name); diff --git a/test/drbgtest.c b/test/drbgtest.c index 76d9e93955..7325e2ffa3 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -22,6 +22,13 @@ # include #endif + +#if defined(OPENSSL_SYS_UNIX) +# include +# include +# include +#endif + #include "testutil.h" #include "drbgtest.h" @@ -669,6 +676,40 @@ static int test_drbg_reseed(int expect_success, return 1; } + +#if defined(OPENSSL_SYS_UNIX) +/* + * Test whether master, public and private DRBG are reseeded after + * forking the process. + */ +static int test_drbg_reseed_after_fork(RAND_DRBG *master, + RAND_DRBG *public, + RAND_DRBG *private) +{ + pid_t pid; + int status=0; + + pid = fork(); + if (!TEST_int_ge(pid, 0)) + return 0; + + if (pid > 0) { + /* I'm the parent; wait for the child and check its exit code */ + return TEST_int_eq(waitpid(pid, &status, 0), pid) && TEST_int_eq(status, 0); + } + + /* I'm the child; check whether all three DRBGs reseed. */ + if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0))) + status = 1; + + /* Remove hooks */ + unhook_drbg(master); + unhook_drbg(public); + unhook_drbg(private); + exit(status); +} +#endif + /* * Test whether the default rand_method (RAND_OpenSSL()) is * setup correctly, in particular whether reseeding works @@ -755,6 +796,10 @@ static int test_rand_drbg_reseed(void) goto error; reset_drbg_hook_ctx(); +#if defined(OPENSSL_SYS_UNIX) + if (!TEST_true(test_drbg_reseed_after_fork(master, public, private))) + goto error; +#endif /* fill 'randomness' buffer with some arbitrary data */ memset(rand_add_buf, 'r', sizeof(rand_add_buf)); From builds at travis-ci.org Mon Sep 9 16:48:21 2019 From: builds at travis-ci.org (Travis CI) Date: Mon, 09 Sep 2019 16:48:21 +0000 Subject: Still Failing: openssl/openssl#28092 (OpenSSL_1_1_1-stable - 6318018) In-Reply-To: Message-ID: <5d768254c8595_43fd737acb414388298@fdc79f69-b616-45b2-9eea-619a842017d5.mail> Build Update for openssl/openssl ------------------------------------- Build: #28092 Status: Still Failing Duration: 19 mins and 22 secs Commit: 6318018 (OpenSSL_1_1_1-stable) Author: Dr. Matthias St. Pierre Message: drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) Since commit 7c226dfc434d a chained DRBG does not add additional data anymore when reseeding from its parent. The reason is that the size of the additional data exceeded the allowed size when no derivation function was used. This commit provides an alternative fix: instead of adding the entire DRBG's complete state, we just add the DRBG's address in memory, thereby providing some distinction between the different DRBG instances. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9802) View the changeset: https://github.com/openssl/openssl/compare/73a683b742b3...63180182ecfe View the full build log and details: https://travis-ci.org/openssl/openssl/builds/582763796?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Sep 9 23:00:14 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 09 Sep 2019 23:00:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1568070014.619107.29922.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 1d3cd983f5 [test] ECC: check the bounds for auto computing cofactor d3a1128bc2 Fix build with VS2008 20bf3d8b22 Use simple names in core_names.h 864b89ce49 Move EVP_PKEY algorithm implementations into a union 9c45222ddc Revise EVP_PKEY param handling 21fb706722 Enable DH "keys" which only contain domain parameters 4f62f5d9af Add docs for the provider interface for signature operations 11031468c3 Add public API docs for newly added EVP_SIGNATURE related functions 390acbebfa Add support for verify/verify_recover functions to EVP_SIGNATURE 4889dadcb8 Implement DSA in the default provider dfcb5d29b5 Add the ability to perform signatures in a provider 2b95e8efcf DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. fa01370f7d Use BN_clear_free in DH_set0_key feeb7ecd2f Check the DH modulus bit length bfed4fc836 Uniform TEST_*() check usage in test/ectest.c 65936a5646 Fix spacing nit in test/ectest.c 3f37050e33 Fix typos in the OSSL_METHOD_STORE doc bacaa618c2 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters bd9faf117d Do no mention private headers in public headers Build log ended with (last 100 lines): ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 7 Non-zero exit status: 1 ../../openssl/test/recipes/30-test_evp_extra.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 ../../openssl/test/recipes/30-test_pkey_meth_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=176, Tests=1462, 664 wallclock secs ( 1.11 usr 0.41 sys + 590.94 cusr 70.17 csys = 662.63 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Sep 10 02:12:47 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 10 Sep 2019 02:12:47 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1568081567.451791.22091.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 1d3cd983f5 [test] ECC: check the bounds for auto computing cofactor d3a1128bc2 Fix build with VS2008 20bf3d8b22 Use simple names in core_names.h 864b89ce49 Move EVP_PKEY algorithm implementations into a union 9c45222ddc Revise EVP_PKEY param handling 21fb706722 Enable DH "keys" which only contain domain parameters 4f62f5d9af Add docs for the provider interface for signature operations 11031468c3 Add public API docs for newly added EVP_SIGNATURE related functions 390acbebfa Add support for verify/verify_recover functions to EVP_SIGNATURE 4889dadcb8 Implement DSA in the default provider dfcb5d29b5 Add the ability to perform signatures in a provider 2b95e8efcf DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. fa01370f7d Use BN_clear_free in DH_set0_key feeb7ecd2f Check the DH modulus bit length bfed4fc836 Uniform TEST_*() check usage in test/ectest.c 65936a5646 Fix spacing nit in test/ectest.c 3f37050e33 Fix typos in the OSSL_METHOD_STORE doc bacaa618c2 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters bd9faf117d Do no mention private headers in public headers Build log ended with (last 100 lines): clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_md5-bin-buildtest_md5.d.tmp -MT test/buildtest_c_md5-bin-buildtest_md5.o -c -o test/buildtest_c_md5-bin-buildtest_md5.o test/buildtest_md5.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_mdc2-bin-buildtest_mdc2.d.tmp -MT test/buildtest_c_mdc2-bin-buildtest_mdc2.o -c -o test/buildtest_c_mdc2-bin-buildtest_mdc2.o test/buildtest_mdc2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_modes-bin-buildtest_modes.d.tmp -MT test/buildtest_c_modes-bin-buildtest_modes.o -c -o test/buildtest_c_modes-bin-buildtest_modes.o test/buildtest_modes.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_obj_mac-bin-buildtest_obj_mac.d.tmp -MT test/buildtest_c_obj_mac-bin-buildtest_obj_mac.o -c -o test/buildtest_c_obj_mac-bin-buildtest_obj_mac.o test/buildtest_obj_mac.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_objects-bin-buildtest_objects.d.tmp -MT test/buildtest_c_objects-bin-buildtest_objects.o -c -o test/buildtest_c_objects-bin-buildtest_objects.o test/buildtest_objects.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ocsp-bin-buildtest_ocsp.d.tmp -MT test/buildtest_c_ocsp-bin-buildtest_ocsp.o -c -o test/buildtest_c_ocsp-bin-buildtest_ocsp.o test/buildtest_ocsp.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_opensslv-bin-buildtest_opensslv.d.tmp -MT test/buildtest_c_opensslv-bin-buildtest_opensslv.o -c -o test/buildtest_c_opensslv-bin-buildtest_opensslv.o test/buildtest_opensslv.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ossl_typ-bin-buildtest_ossl_typ.d.tmp -MT test/buildtest_c_ossl_typ-bin-buildtest_ossl_typ.o -c -o test/buildtest_c_ossl_typ-bin-buildtest_ossl_typ.o test/buildtest_ossl_typ.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_params-bin-buildtest_params.d.tmp -MT test/buildtest_c_params-bin-buildtest_params.o -c -o test/buildtest_c_params-bin-buildtest_params.o test/buildtest_params.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pem-bin-buildtest_pem.d.tmp -MT test/buildtest_c_pem-bin-buildtest_pem.o -c -o test/buildtest_c_pem-bin-buildtest_pem.o test/buildtest_pem.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pem2-bin-buildtest_pem2.d.tmp -MT test/buildtest_c_pem2-bin-buildtest_pem2.o -c -o test/buildtest_c_pem2-bin-buildtest_pem2.o test/buildtest_pem2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pkcs12-bin-buildtest_pkcs12.d.tmp -MT test/buildtest_c_pkcs12-bin-buildtest_pkcs12.o -c -o test/buildtest_c_pkcs12-bin-buildtest_pkcs12.o test/buildtest_pkcs12.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pkcs7-bin-buildtest_pkcs7.d.tmp -MT test/buildtest_c_pkcs7-bin-buildtest_pkcs7.o -c -o test/buildtest_c_pkcs7-bin-buildtest_pkcs7.o test/buildtest_pkcs7.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_provider-bin-buildtest_provider.d.tmp -MT test/buildtest_c_provider-bin-buildtest_provider.o -c -o test/buildtest_c_provider-bin-buildtest_provider.o test/buildtest_provider.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rand-bin-buildtest_rand.d.tmp -MT test/buildtest_c_rand-bin-buildtest_rand.o -c -o test/buildtest_c_rand-bin-buildtest_rand.o test/buildtest_rand.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.d.tmp -MT test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.o -c -o test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.o test/buildtest_rand_drbg.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rc2-bin-buildtest_rc2.d.tmp -MT test/buildtest_c_rc2-bin-buildtest_rc2.o -c -o test/buildtest_c_rc2-bin-buildtest_rc2.o test/buildtest_rc2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rc4-bin-buildtest_rc4.d.tmp -MT test/buildtest_c_rc4-bin-buildtest_rc4.o -c -o test/buildtest_c_rc4-bin-buildtest_rc4.o test/buildtest_rc4.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ripemd-bin-buildtest_ripemd.d.tmp -MT test/buildtest_c_ripemd-bin-buildtest_ripemd.o -c -o test/buildtest_c_ripemd-bin-buildtest_ripemd.o test/buildtest_ripemd.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rsa-bin-buildtest_rsa.d.tmp -MT test/buildtest_c_rsa-bin-buildtest_rsa.o -c -o test/buildtest_c_rsa-bin-buildtest_rsa.o test/buildtest_rsa.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_safestack-bin-buildtest_safestack.d.tmp -MT test/buildtest_c_safestack-bin-buildtest_safestack.o -c -o test/buildtest_c_safestack-bin-buildtest_safestack.o test/buildtest_safestack.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_seed-bin-buildtest_seed.d.tmp -MT test/buildtest_c_seed-bin-buildtest_seed.o -c -o test/buildtest_c_seed-bin-buildtest_seed.o test/buildtest_seed.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_sha-bin-buildtest_sha.d.tmp -MT test/buildtest_c_sha-bin-buildtest_sha.o -c -o test/buildtest_c_sha-bin-buildtest_sha.o test/buildtest_sha.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_srp-bin-buildtest_srp.d.tmp -MT test/buildtest_c_srp-bin-buildtest_srp.o -c -o test/buildtest_c_srp-bin-buildtest_srp.o test/buildtest_srp.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_srtp-bin-buildtest_srtp.d.tmp -MT test/buildtest_c_srtp-bin-buildtest_srtp.o -c -o test/buildtest_c_srtp-bin-buildtest_srtp.o test/buildtest_srtp.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ssl-bin-buildtest_ssl.d.tmp -MT test/buildtest_c_ssl-bin-buildtest_ssl.o -c -o test/buildtest_c_ssl-bin-buildtest_ssl.o test/buildtest_ssl.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ssl2-bin-buildtest_ssl2.d.tmp -MT test/buildtest_c_ssl2-bin-buildtest_ssl2.o -c -o test/buildtest_c_ssl2-bin-buildtest_ssl2.o test/buildtest_ssl2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_stack-bin-buildtest_stack.d.tmp -MT test/buildtest_c_stack-bin-buildtest_stack.o -c -o test/buildtest_c_stack-bin-buildtest_stack.o test/buildtest_stack.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_store-bin-buildtest_store.d.tmp -MT test/buildtest_c_store-bin-buildtest_store.o -c -o test/buildtest_c_store-bin-buildtest_store.o test/buildtest_store.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_symhacks-bin-buildtest_symhacks.d.tmp -MT test/buildtest_c_symhacks-bin-buildtest_symhacks.o -c -o test/buildtest_c_symhacks-bin-buildtest_symhacks.o test/buildtest_symhacks.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_tls1-bin-buildtest_tls1.d.tmp -MT test/buildtest_c_tls1-bin-buildtest_tls1.o -c -o test/buildtest_c_tls1-bin-buildtest_tls1.o test/buildtest_tls1.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ts-bin-buildtest_ts.d.tmp -MT test/buildtest_c_ts-bin-buildtest_ts.o -c -o test/buildtest_c_ts-bin-buildtest_ts.o test/buildtest_ts.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_txt_db-bin-buildtest_txt_db.d.tmp -MT test/buildtest_c_txt_db-bin-buildtest_txt_db.o -c -o test/buildtest_c_txt_db-bin-buildtest_txt_db.o test/buildtest_txt_db.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ui-bin-buildtest_ui.d.tmp -MT test/buildtest_c_ui-bin-buildtest_ui.o -c -o test/buildtest_c_ui-bin-buildtest_ui.o test/buildtest_ui.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_whrlpool-bin-buildtest_whrlpool.d.tmp -MT test/buildtest_c_whrlpool-bin-buildtest_whrlpool.o -c -o test/buildtest_c_whrlpool-bin-buildtest_whrlpool.o test/buildtest_whrlpool.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509-bin-buildtest_x509.d.tmp -MT test/buildtest_c_x509-bin-buildtest_x509.o -c -o test/buildtest_c_x509-bin-buildtest_x509.o test/buildtest_x509.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.d.tmp -MT test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.o -c -o test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.o test/buildtest_x509_vfy.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509v3-bin-buildtest_x509v3.d.tmp -MT test/buildtest_c_x509v3-bin-buildtest_x509v3.o -c -o test/buildtest_c_x509v3-bin-buildtest_x509v3.o test/buildtest_x509v3.c rm -f test/rsa_complex ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/rsa_complex test/rsa_complex-bin-rsa_complex.o \ -ldl -pthread rm -f test/shlibloadtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/shlibloadtest test/shlibloadtest-bin-shlibloadtest.o \ -ldl -pthread ar r libcrypto.a crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/libcrypto-lib-aes_cfb.o crypto/aes/libcrypto-lib-aes_ecb.o crypto/aes/libcrypto-lib-aes_ige.o crypto/aes/libcrypto-lib-aes_misc.o crypto/aes/libcrypto-lib-aes_ofb.o crypto/aes/libcrypto-lib-aes_wrap.o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aria/libcrypto-lib-aria.o crypto/asn1/libcrypto-lib-a_bitstr.o crypto/asn1/libcrypto-lib-a_d2i_fp.o crypto/asn1/libcrypto-lib-a_digest.o crypto/asn1/libcrypto-lib-a_dup.o crypto/asn1/libcrypto-lib-a_gentm.o crypto/asn1/libcrypto-lib-a_i2d_fp.o crypto/asn1/libcrypto-lib-a_int.o crypto/asn1/libcrypto-lib-a_mbstr.o crypto/asn1/libcrypto-lib-a_object.o crypto/asn1/libcrypto-lib-a_octet.o crypto/asn1/libcrypto-lib-a_print.o crypto/asn1/libcrypto-lib-a_sign.o crypto/asn1/libcrypto-lib-a_strex.o crypto/asn1/libcrypto-lib-a_strnid.o crypto/asn1/libcrypto-lib-a_time.o crypto/asn1/libcrypto-lib-a_type.o crypto/asn1/libcrypto-lib-a_utctm.o crypto/asn1/libcrypto-lib-a_utf8.o crypto/asn1/libcrypto-lib-a_verify.o crypto/asn1/libcrypto-lib-ameth_lib.o crypto/asn1/libcrypto-lib-asn1_err.o crypto/asn1/libcrypto-lib-asn1_gen.o crypto/asn1/libcrypto-lib-asn1_item_list.o crypto/asn1/libcrypto-lib-asn1_lib.o crypto/asn1/libcrypto-lib-asn1_par.o crypto/asn1/libcrypto-lib-asn_mime.o crypto/asn1/libcrypto-lib-asn_moid.o crypto/asn1/libcrypto-lib-asn_mstbl.o crypto/asn1/libcrypto-lib-asn_pack.o crypto/asn1/libcrypto-lib-bio_asn1.o crypto/asn1/libcrypto-lib-bio_ndef.o crypto/asn1/libcrypto-lib-d2i_param.o crypto/asn1/libcrypto-lib-d2i_pr.o crypto/asn1/libcrypto-lib-d2i_pu.o crypto/asn1/libcrypto-lib-evp_asn1.o crypto/asn1/libcrypto-lib-f_int.o crypto/asn1/libcrypto-lib-f_string.o crypto/asn1/libcrypto-lib-i2d_param.o crypto/asn1/libcrypto-lib-i2d_pr.o crypto/asn1/libcrypto-lib-i2d_pu.o crypto/asn1/libcrypto-lib-n_pkey.o crypto/asn1/libcrypto-lib-nsseq.o crypto/asn1/libcrypto-lib-p5_pbe.o crypto/asn1/libcrypto-lib-p5_pbev2.o crypto/asn1/libcrypto-lib-p5_scrypt.o crypto/asn1/libcrypto-lib-p8_pkey.o crypto/asn1/libcrypto-lib-t_bitst.o crypto/asn1/libcrypto-lib-t_pkey.o crypto/asn1/libcrypto-lib-t_spki.o crypto/asn1/libcrypto-lib-tasn_dec.o crypto/asn1/libcrypto-lib-tasn_enc.o crypto/asn1/libcrypto-lib-tasn_fre.o crypto/asn1/libcrypto-lib-tasn_new.o crypto/asn1/libcrypto-lib-tasn_prn.o crypto/asn1/libcrypto-lib-tasn_scn.o crypto/asn1/libcrypto-lib-tasn_typ.o crypto/asn1/libcrypto-lib-tasn_utl.o crypto/asn1/libcrypto-lib-x_algor.o crypto/asn1/libcrypto-lib-x_bignum.o crypto/asn1/libcrypto-lib-x_info.o crypto/asn1/libcrypto-lib-x_int64.o crypto/asn1/libcrypto-lib-x_long.o crypto/asn1/libcrypto-lib-x_pkey.o crypto/asn1/libcrypto-lib-x_sig.o crypto/asn1/libcrypto-lib-x_spki.o crypto/asn1/libcrypto-lib-x_val.o crypto/async/arch/libcrypto-lib-async_null.o crypto/async/arch/libcrypto-lib-async_posix.o crypto/async/arch/libcrypto-lib-async_win.o crypto/async/libcrypto-lib-async.o crypto/async/libcrypto-lib-async_err.o crypto/async/libcrypto-lib-async_wait.o crypto/bf/libcrypto-lib-bf_cfb64.o crypto/bf/libcrypto-lib-bf_ecb.o crypto/bf/libcrypto-lib-bf_enc.o crypto/bf/libcrypto-lib-bf_ofb64.o crypto/bf/libcrypto-lib-bf_skey.o crypto/bio/libcrypto-lib-b_addr.o crypto/bio/libcrypto-lib-b_dump.o crypto/bio/libcrypto-lib-b_print.o crypto/bio/libcrypto-lib-b_sock.o crypto/bio/libcrypto-lib-b_sock2.o crypto/bio/libcrypto-lib-bf_buff.o crypto/bio/libcrypto-lib-bf_lbuf.o crypto/bio/libcrypto-lib-bf_nbio.o crypto/bio/libcrypto-lib-bf_null.o crypto/bio/libcrypto-lib-bio_cb.o crypto/bio/libcrypto-lib-bio_err.o crypto/bio/libcrypto-lib-bio_lib.o crypto/bio/libcrypto-lib-bio_meth.o crypto/bio/libcrypto-lib-bss_acpt.o crypto/bio/libcrypto-lib-bss_bio.o crypto/bio/libcrypto-lib-bss_conn.o crypto/bio/libcrypto-lib-bss_dgram.o crypto/bio/libcrypto-lib-bss_fd.o crypto/bio/libcrypto-lib-bss_file.o crypto/bio/libcrypto-lib-bss_log.o crypto/bio/libcrypto-lib-bss_mem.o crypto/bio/libcrypto-lib-bss_null.o crypto/bio/libcrypto-lib-bss_sock.o crypto/blake2/libcrypto-lib-m_blake2b.o crypto/blake2/libcrypto-lib-m_blake2s.o crypto/bn/asm/libcrypto-lib-x86_64-gcc.o crypto/bn/libcrypto-lib-bn_add.o crypto/bn/libcrypto-lib-bn_blind.o crypto/bn/libcrypto-lib-bn_const.o crypto/bn/libcrypto-lib-bn_conv.o crypto/bn/libcrypto-lib-bn_ctx.o crypto/bn/libcrypto-lib-bn_depr.o crypto/bn/libcrypto-lib-bn_dh.o crypto/bn/libcrypto-lib-bn_div.o crypto/bn/libcrypto-lib-bn_err.o crypto/bn/libcrypto-lib-bn_exp.o crypto/bn/libcrypto-lib-bn_exp2.o crypto/bn/libcrypto-lib-bn_gcd.o crypto/bn/libcrypto-lib-bn_gf2m.o crypto/bn/libcrypto-lib-bn_intern.o crypto/bn/libcrypto-lib-bn_kron.o crypto/bn/libcrypto-lib-bn_lib.o crypto/bn/libcrypto-lib-bn_mod.o crypto/bn/libcrypto-lib-bn_mont.o crypto/bn/libcrypto-lib-bn_mpi.o crypto/bn/libcrypto-lib-bn_mul.o crypto/bn/libcrypto-lib-bn_nist.o crypto/bn/libcrypto-lib-bn_prime.o crypto/bn/libcrypto-lib-bn_print.o crypto/bn/libcrypto-lib-bn_rand.o crypto/bn/libcrypto-lib-bn_recp.o crypto/bn/libcrypto-lib-bn_rsa_fips186_4.o crypto/bn/libcrypto-lib-bn_shift.o crypto/bn/libcrypto-lib-bn_sqr.o crypto/bn/libcrypto-lib-bn_sqrt.o crypto/bn/libcrypto-lib-bn_srp.o crypto/bn/libcrypto-lib-bn_word.o crypto/bn/libcrypto-lib-bn_x931p.o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/libcrypto-lib-rsaz_exp.o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/buffer/libcrypto-lib-buf_err.o crypto/buffer/libcrypto-lib-buffer.o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/libcrypto-lib-cmll_cfb.o crypto/camellia/libcrypto-lib-cmll_ctr.o crypto/camellia/libcrypto-lib-cmll_ecb.o crypto/camellia/libcrypto-lib-cmll_misc.o crypto/camellia/libcrypto-lib-cmll_ofb.o crypto/cast/libcrypto-lib-c_cfb64.o crypto/cast/libcrypto-lib-c_ecb.o crypto/cast/libcrypto-lib-c_enc.o crypto/cast/libcrypto-lib-c_ofb64.o crypto/cast/libcrypto-lib-c_skey.o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/cmac/libcrypto-lib-cm_ameth.o crypto/cmac/libcrypto-lib-cmac.o crypto/cmp/libcrypto-lib-cmp_asn.o crypto/cmp/libcrypto-lib-cmp_err.o crypto/cms/libcrypto-lib-cms_asn1.o crypto/cms/libcrypto-lib-cms_att.o crypto/cms/libcrypto-lib-cms_cd.o crypto/cms/libcrypto-lib-cms_dd.o crypto/cms/libcrypto-lib-cms_enc.o crypto/cms/libcrypto-lib-cms_env.o crypto/cms/libcrypto-lib-cms_err.o crypto/cms/libcrypto-lib-cms_ess.o crypto/cms/libcrypto-lib-cms_io.o crypto/cms/libcrypto-lib-cms_kari.o crypto/cms/libcrypto-lib-cms_lib.o crypto/cms/libcrypto-lib-cms_pwri.o crypto/cms/libcrypto-lib-cms_sd.o crypto/cms/libcrypto-lib-cms_smime.o crypto/comp/libcrypto-lib-c_zlib.o crypto/comp/libcrypto-lib-comp_err.o crypto/comp/libcrypto-lib-comp_lib.o crypto/conf/libcrypto-lib-conf_api.o crypto/conf/libcrypto-lib-conf_def.o crypto/conf/libcrypto-lib-conf_err.o crypto/conf/libcrypto-lib-conf_lib.o crypto/conf/libcrypto-lib-conf_mall.o crypto/conf/libcrypto-lib-conf_mod.o crypto/conf/libcrypto-lib-conf_sap.o crypto/conf/libcrypto-lib-conf_ssl.o crypto/crmf/libcrypto-lib-crmf_asn.o crypto/crmf/libcrypto-lib-crmf_err.o crypto/crmf/libcrypto-lib-crmf_lib.o crypto/crmf/libcrypto-lib-crmf_pbm.o crypto/ct/libcrypto-lib-ct_b64.o crypto/ct/libcrypto-lib-ct_err.o crypto/ct/libcrypto-lib-ct_log.o crypto/ct/libcrypto-lib-ct_oct.o crypto/ct/libcrypto-lib-ct_policy.o crypto/ct/libcrypto-lib-ct_prn.o crypto/ct/libcrypto-lib-ct_sct.o crypto/ct/libcrypto-lib-ct_sct_ctx.o crypto/ct/libcrypto-lib-ct_vfy.o crypto/ct/libcrypto-lib-ct_x509v3.o crypto/des/libcrypto-lib-cbc_cksm.o crypto/des/libcrypto-lib-cbc_enc.o crypto/des/libcrypto-lib-cfb64ede.o crypto/des/libcrypto-lib-cfb64enc.o crypto/des/libcrypto-lib-cfb_enc.o crypto/des/libcrypto-lib-des_enc.o crypto/des/libcrypto-lib-ecb3_enc.o crypto/des/libcrypto-lib-ecb_enc.o crypto/des/libcrypto-lib-fcrypt.o crypto/des/libcrypto-lib-fcrypt_b.o crypto/des/libcrypto-lib-ofb64ede.o crypto/des/libcrypto-lib-ofb64enc.o crypto/des/libcrypto-lib-ofb_enc.o crypto/des/libcrypto-lib-pcbc_enc.o crypto/des/libcrypto-lib-qud_cksm.o crypto/des/libcrypto-lib-rand_key.o crypto/des/libcrypto-lib-set_key.o crypto/des/libcrypto-lib-str2key.o crypto/des/libcrypto-lib-xcbc_enc.o crypto/dsa/libcrypto-lib-dsa_ameth.o crypto/dsa/libcrypto-lib-dsa_asn1.o crypto/dsa/libcrypto-lib-dsa_depr.o crypto/dsa/libcrypto-lib-dsa_err.o crypto/dsa/libcrypto-lib-dsa_gen.o crypto/dsa/libcrypto-lib-dsa_key.o crypto/dsa/libcrypto-lib-dsa_lib.o crypto/dsa/libcrypto-lib-dsa_meth.o crypto/dsa/libcrypto-lib-dsa_ossl.o crypto/dsa/libcrypto-lib-dsa_pmeth.o crypto/dsa/libcrypto-lib-dsa_prn.o crypto/dsa/libcrypto-lib-dsa_sign.o crypto/dsa/libcrypto-lib-dsa_vrf.o crypto/dso/libcrypto-lib-dso_dl.o crypto/dso/libcrypto-lib-dso_dlfcn.o crypto/dso/libcrypto-lib-dso_err.o crypto/dso/libcrypto-lib-dso_lib.o crypto/dso/libcrypto-lib-dso_openssl.o crypto/dso/libcrypto-lib-dso_vms.o crypto/dso/libcrypto-lib-dso_win32.o crypto/ec/curve448/arch_32/libcrypto-lib-f_impl.o crypto/ec/curve448/libcrypto-lib-curve448.o crypto/ec/curve448/libcrypto-lib-curve448_tables.o crypto/ec/curve448/libcrypto-lib-eddsa.o crypto/ec/curve448/libcrypto-lib-f_generic.o crypto/ec/curve448/libcrypto-lib-scalar.o crypto/ec/libcrypto-lib-curve25519.o crypto/ec/libcrypto-lib-ec2_oct.o crypto/ec/libcrypto-lib-ec2_smpl.o crypto/ec/libcrypto-lib-ec_ameth.o crypto/ec/libcrypto-lib-ec_asn1.o crypto/ec/libcrypto-lib-ec_check.o crypto/ec/libcrypto-lib-ec_curve.o crypto/ec/libcrypto-lib-ec_cvt.o crypto/ec/libcrypto-lib-ec_err.o crypto/ec/libcrypto-lib-ec_key.o crypto/ec/libcrypto-lib-ec_kmeth.o crypto/ec/libcrypto-lib-ec_lib.o crypto/ec/libcrypto-lib-ec_mult.o crypto/ec/libcrypto-lib-ec_oct.o crypto/ec/libcrypto-lib-ec_pmeth.o crypto/ec/libcrypto-lib-ec_print.o crypto/ec/libcrypto-lib-ecdh_kdf.o crypto/ec/libcrypto-lib-ecdh_ossl.o crypto/ec/libcrypto-lib-ecdsa_ossl.o crypto/ec/libcrypto-lib-ecdsa_sign.o crypto/ec/libcrypto-lib-ecdsa_vrf.o crypto/ec/libcrypto-lib-eck_prn.o crypto/ec/libcrypto-lib-ecp_mont.o crypto/ec/libcrypto-lib-ecp_nist.o crypto/ec/libcrypto-lib-ecp_nistp224.o crypto/ec/libcrypto-lib-ecp_nistp256.o crypto/ec/libcrypto-lib-ecp_nistp521.o crypto/ec/libcrypto-lib-ecp_nistputil.o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/libcrypto-lib-ecp_nistz256.o crypto/ec/libcrypto-lib-ecp_oct.o crypto/ec/libcrypto-lib-ecp_smpl.o crypto/ec/libcrypto-lib-ecx_meth.o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/engine/libcrypto-lib-eng_all.o crypto/engine/libcrypto-lib-eng_cnf.o crypto/engine/libcrypto-lib-eng_ctrl.o crypto/engine/libcrypto-lib-eng_dyn.o crypto/engine/libcrypto-lib-eng_err.o crypto/engine/libcrypto-lib-eng_fat.o crypto/engine/libcrypto-lib-eng_init.o crypto/engine/libcrypto-lib-eng_lib.o crypto/engine/libcrypto-lib-eng_list.o crypto/engine/libcrypto-lib-eng_openssl.o crypto/engine/libcrypto-lib-eng_pkey.o crypto/engine/libcrypto-lib-eng_rdrand.o crypto/engine/libcrypto-lib-eng_table.o crypto/engine/libcrypto-lib-tb_asnmth.o crypto/engine/libcrypto-lib-tb_cipher.o crypto/engine/libcrypto-lib-tb_dh.o crypto/engine/libcrypto-lib-tb_digest.o crypto/engine/libcrypto-lib-tb_dsa.o crypto/engine/libcrypto-lib-tb_eckey.o crypto/engine/libcrypto-lib-tb_pkmeth.o crypto/engine/libcrypto-lib-tb_rand.o crypto/engine/libcrypto-lib-tb_rsa.o crypto/err/libcrypto-lib-err.o crypto/err/libcrypto-lib-err_all.o crypto/err/libcrypto-lib-err_blocks.o crypto/err/libcrypto-lib-err_prn.o crypto/ess/libcrypto-lib-ess_asn1.o crypto/ess/libcrypto-lib-ess_err.o crypto/ess/libcrypto-lib-ess_lib.o crypto/evp/libcrypto-lib-bio_b64.o crypto/evp/libcrypto-lib-bio_enc.o crypto/evp/libcrypto-lib-bio_md.o crypto/evp/libcrypto-lib-bio_ok.o crypto/evp/libcrypto-lib-c_allc.o crypto/evp/libcrypto-lib-c_alld.o crypto/evp/libcrypto-lib-cmeth_lib.o crypto/evp/libcrypto-lib-digest.o crypto/evp/libcrypto-lib-e_aes.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o crypto/evp/libcrypto-lib-e_aria.o crypto/evp/libcrypto-lib-e_bf.o crypto/evp/libcrypto-lib-e_camellia.o crypto/evp/libcrypto-lib-e_cast.o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o crypto/evp/libcrypto-lib-e_des.o crypto/evp/libcrypto-lib-e_des3.o crypto/evp/libcrypto-lib-e_idea.o crypto/evp/libcrypto-lib-e_null.o crypto/evp/libcrypto-lib-e_old.o crypto/evp/libcrypto-lib-e_rc2.o crypto/evp/libcrypto-lib-e_rc4.o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o crypto/evp/libcrypto-lib-e_rc5.o crypto/evp/libcrypto-lib-e_seed.o crypto/evp/libcrypto-lib-e_sm4.o crypto/evp/libcrypto-lib-e_xcbc_d.o crypto/evp/libcrypto-lib-encode.o crypto/evp/libcrypto-lib-evp_cnf.o crypto/evp/libcrypto-lib-evp_enc.o crypto/evp/libcrypto-lib-evp_err.o crypto/evp/libcrypto-lib-evp_fetch.o crypto/evp/libcrypto-lib-evp_key.o crypto/evp/libcrypto-lib-evp_lib.o crypto/evp/libcrypto-lib-evp_pbe.o crypto/evp/libcrypto-lib-evp_pkey.o crypto/evp/libcrypto-lib-evp_utils.o crypto/evp/libcrypto-lib-exchange.o crypto/evp/libcrypto-lib-kdf_lib.o crypto/evp/libcrypto-lib-kdf_meth.o crypto/evp/libcrypto-lib-keymgmt_lib.o crypto/evp/libcrypto-lib-keymgmt_meth.o crypto/evp/libcrypto-lib-m_md2.o crypto/evp/libcrypto-lib-m_md4.o crypto/evp/libcrypto-lib-m_md5.o crypto/evp/libcrypto-lib-m_md5_sha1.o crypto/evp/libcrypto-lib-m_mdc2.o crypto/evp/libcrypto-lib-m_null.o crypto/evp/libcrypto-lib-m_ripemd.o crypto/evp/libcrypto-lib-m_sha1.o crypto/evp/libcrypto-lib-m_sha3.o crypto/evp/libcrypto-lib-m_sigver.o crypto/evp/libcrypto-lib-m_wp.o crypto/evp/libcrypto-lib-mac_lib.o crypto/evp/libcrypto-lib-mac_meth.o crypto/evp/libcrypto-lib-names.o crypto/evp/libcrypto-lib-p5_crpt.o crypto/evp/libcrypto-lib-p5_crpt2.o crypto/evp/libcrypto-lib-p_dec.o crypto/evp/libcrypto-lib-p_enc.o crypto/evp/libcrypto-lib-p_lib.o crypto/evp/libcrypto-lib-p_open.o crypto/evp/libcrypto-lib-p_seal.o crypto/evp/libcrypto-lib-p_sign.o crypto/evp/libcrypto-lib-p_verify.o crypto/evp/libcrypto-lib-pbe_scrypt.o crypto/evp/libcrypto-lib-pkey_kdf.o crypto/evp/libcrypto-lib-pkey_mac.o crypto/evp/libcrypto-lib-pmeth_fn.o crypto/evp/libcrypto-lib-pmeth_gn.o crypto/evp/libcrypto-lib-pmeth_lib.o crypto/hmac/libcrypto-lib-hm_ameth.o crypto/hmac/libcrypto-lib-hmac.o crypto/idea/libcrypto-lib-i_cbc.o crypto/idea/libcrypto-lib-i_cfb64.o crypto/idea/libcrypto-lib-i_ecb.o crypto/idea/libcrypto-lib-i_ofb64.o crypto/idea/libcrypto-lib-i_skey.o crypto/lhash/libcrypto-lib-lh_stats.o crypto/lhash/libcrypto-lib-lhash.o crypto/libcrypto-lib-asn1_dsa.o crypto/libcrypto-lib-bsearch.o crypto/libcrypto-lib-context.o crypto/libcrypto-lib-core_algorithm.o crypto/libcrypto-lib-core_fetch.o crypto/libcrypto-lib-core_namemap.o crypto/libcrypto-lib-cpt_err.o crypto/libcrypto-lib-cryptlib.o crypto/libcrypto-lib-ctype.o crypto/libcrypto-lib-cversion.o crypto/libcrypto-lib-ebcdic.o crypto/libcrypto-lib-ex_data.o crypto/libcrypto-lib-getenv.o crypto/libcrypto-lib-info.o crypto/libcrypto-lib-init.o crypto/libcrypto-lib-initthread.o crypto/libcrypto-lib-mem.o crypto/libcrypto-lib-mem_dbg.o crypto/libcrypto-lib-mem_sec.o crypto/libcrypto-lib-o_dir.o crypto/libcrypto-lib-o_fips.o crypto/libcrypto-lib-o_fopen.o crypto/libcrypto-lib-o_init.o crypto/libcrypto-lib-o_str.o crypto/libcrypto-lib-o_time.o crypto/libcrypto-lib-packet.o crypto/libcrypto-lib-param_build.o crypto/libcrypto-lib-params.o crypto/libcrypto-lib-params_from_text.o crypto/libcrypto-lib-provider.o crypto/libcrypto-lib-provider_conf.o crypto/libcrypto-lib-provider_core.o crypto/libcrypto-lib-provider_predefined.o crypto/libcrypto-lib-sparse_array.o crypto/libcrypto-lib-threads_none.o crypto/libcrypto-lib-threads_pthread.o crypto/libcrypto-lib-threads_win.o crypto/libcrypto-lib-trace.o crypto/libcrypto-lib-uid.o crypto/libcrypto-lib-x86_64cpuid.o crypto/md4/libcrypto-lib-md4_dgst.o crypto/md4/libcrypto-lib-md4_one.o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/libcrypto-lib-md5_dgst.o crypto/md5/libcrypto-lib-md5_one.o crypto/md5/libcrypto-lib-md5_sha1.o crypto/mdc2/libcrypto-lib-mdc2_one.o crypto/mdc2/libcrypto-lib-mdc2dgst.o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/libcrypto-lib-cbc128.o crypto/modes/libcrypto-lib-ccm128.o crypto/modes/libcrypto-lib-cfb128.o crypto/modes/libcrypto-lib-ctr128.o crypto/modes/libcrypto-lib-cts128.o crypto/modes/libcrypto-lib-gcm128.o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/libcrypto-lib-ocb128.o crypto/modes/libcrypto-lib-ofb128.o crypto/modes/libcrypto-lib-siv128.o crypto/modes/libcrypto-lib-wrap128.o crypto/modes/libcrypto-lib-xts128.o crypto/objects/libcrypto-lib-o_names.o crypto/objects/libcrypto-lib-obj_dat.o crypto/objects/libcrypto-lib-obj_err.o crypto/objects/libcrypto-lib-obj_lib.o crypto/objects/libcrypto-lib-obj_xref.o crypto/ocsp/libcrypto-lib-ocsp_asn.o crypto/ocsp/libcrypto-lib-ocsp_cl.o crypto/ocsp/libcrypto-lib-ocsp_err.o crypto/ocsp/libcrypto-lib-ocsp_ext.o crypto/ocsp/libcrypto-lib-ocsp_ht.o crypto/ocsp/libcrypto-lib-ocsp_lib.o crypto/ocsp/libcrypto-lib-ocsp_prn.o crypto/ocsp/libcrypto-lib-ocsp_srv.o crypto/ocsp/libcrypto-lib-ocsp_vfy.o crypto/ocsp/libcrypto-lib-v3_ocsp.o crypto/pem/libcrypto-lib-pem_all.o crypto/pem/libcrypto-lib-pem_err.o crypto/pem/libcrypto-lib-pem_info.o crypto/pem/libcrypto-lib-pem_lib.o crypto/pem/libcrypto-lib-pem_oth.o crypto/pem/libcrypto-lib-pem_pk8.o crypto/pem/libcrypto-lib-pem_pkey.o crypto/pem/libcrypto-lib-pem_sign.o crypto/pem/libcrypto-lib-pem_x509.o crypto/pem/libcrypto-lib-pem_xaux.o crypto/pem/libcrypto-lib-pvkfmt.o crypto/pkcs12/libcrypto-lib-p12_add.o crypto/pkcs12/libcrypto-lib-p12_asn.o crypto/pkcs12/libcrypto-lib-p12_attr.o crypto/pkcs12/libcrypto-lib-p12_crpt.o crypto/pkcs12/libcrypto-lib-p12_crt.o crypto/pkcs12/libcrypto-lib-p12_decr.o crypto/pkcs12/libcrypto-lib-p12_init.o crypto/pkcs12/libcrypto-lib-p12_key.o crypto/pkcs12/libcrypto-lib-p12_kiss.o crypto/pkcs12/libcrypto-lib-p12_mutl.o crypto/pkcs12/libcrypto-lib-p12_npas.o crypto/pkcs12/libcrypto-lib-p12_p8d.o crypto/pkcs12/libcrypto-lib-p12_p8e.o crypto/pkcs12/libcrypto-lib-p12_sbag.o crypto/pkcs12/libcrypto-lib-p12_utl.o crypto/pkcs12/libcrypto-lib-pk12err.o crypto/pkcs7/libcrypto-lib-bio_pk7.o crypto/pkcs7/libcrypto-lib-pk7_asn1.o crypto/pkcs7/libcrypto-lib-pk7_attr.o crypto/pkcs7/libcrypto-lib-pk7_doit.o crypto/pkcs7/libcrypto-lib-pk7_lib.o crypto/pkcs7/libcrypto-lib-pk7_mime.o crypto/pkcs7/libcrypto-lib-pk7_smime.o crypto/pkcs7/libcrypto-lib-pkcs7err.o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/libcrypto-lib-poly1305.o crypto/poly1305/libcrypto-lib-poly1305_ameth.o crypto/property/libcrypto-lib-defn_cache.o crypto/property/libcrypto-lib-property.o crypto/property/libcrypto-lib-property_err.o crypto/property/libcrypto-lib-property_parse.o crypto/property/libcrypto-lib-property_string.o crypto/rand/libcrypto-lib-drbg_ctr.o crypto/rand/libcrypto-lib-drbg_hash.o crypto/rand/libcrypto-lib-drbg_hmac.o crypto/rand/libcrypto-lib-drbg_lib.o crypto/rand/libcrypto-lib-rand_crng_test.o crypto/rand/libcrypto-lib-rand_egd.o crypto/rand/libcrypto-lib-rand_err.o crypto/rand/libcrypto-lib-rand_lib.o crypto/rand/libcrypto-lib-rand_unix.o crypto/rand/libcrypto-lib-rand_vms.o crypto/rand/libcrypto-lib-rand_vxworks.o crypto/rand/libcrypto-lib-rand_win.o crypto/rand/libcrypto-lib-randfile.o crypto/rc2/libcrypto-lib-rc2_cbc.o crypto/rc2/libcrypto-lib-rc2_ecb.o crypto/rc2/libcrypto-lib-rc2_skey.o crypto/rc2/libcrypto-lib-rc2cfb64.o crypto/rc2/libcrypto-lib-rc2ofb64.o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/ripemd/libcrypto-lib-rmd_dgst.o crypto/ripemd/libcrypto-lib-rmd_one.o crypto/rsa/libcrypto-lib-rsa_ameth.o crypto/rsa/libcrypto-lib-rsa_asn1.o crypto/rsa/libcrypto-lib-rsa_chk.o crypto/rsa/libcrypto-lib-rsa_crpt.o crypto/rsa/libcrypto-lib-rsa_depr.o crypto/rsa/libcrypto-lib-rsa_err.o crypto/rsa/libcrypto-lib-rsa_gen.o crypto/rsa/libcrypto-lib-rsa_lib.o crypto/rsa/libcrypto-lib-rsa_meth.o crypto/rsa/libcrypto-lib-rsa_mp.o crypto/rsa/libcrypto-lib-rsa_none.o crypto/rsa/libcrypto-lib-rsa_oaep.o crypto/rsa/libcrypto-lib-rsa_ossl.o crypto/rsa/libcrypto-lib-rsa_pk1.o crypto/rsa/libcrypto-lib-rsa_pmeth.o crypto/rsa/libcrypto-lib-rsa_prn.o crypto/rsa/libcrypto-lib-rsa_pss.o crypto/rsa/libcrypto-lib-rsa_saos.o crypto/rsa/libcrypto-lib-rsa_sign.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_check.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_gen.o crypto/rsa/libcrypto-lib-rsa_ssl.o crypto/rsa/libcrypto-lib-rsa_x931.o crypto/rsa/libcrypto-lib-rsa_x931g.o crypto/seed/libcrypto-lib-seed.o crypto/seed/libcrypto-lib-seed_cbc.o crypto/seed/libcrypto-lib-seed_cfb.o crypto/seed/libcrypto-lib-seed_ecb.o crypto/seed/libcrypto-lib-seed_ofb.o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/libcrypto-lib-sha1_one.o crypto/sha/libcrypto-lib-sha1dgst.o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/libcrypto-lib-sha256.o crypto/sha/libcrypto-lib-sha3.o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/libcrypto-lib-sha512.o crypto/siphash/libcrypto-lib-siphash.o crypto/siphash/libcrypto-lib-siphash_ameth.o crypto/sm2/libcrypto-lib-sm2_crypt.o crypto/sm2/libcrypto-lib-sm2_err.o crypto/sm2/libcrypto-lib-sm2_pmeth.o crypto/sm2/libcrypto-lib-sm2_sign.o crypto/sm3/libcrypto-lib-m_sm3.o crypto/sm3/libcrypto-lib-sm3.o crypto/sm4/libcrypto-lib-sm4.o crypto/srp/libcrypto-lib-srp_lib.o crypto/srp/libcrypto-lib-srp_vfy.o crypto/stack/libcrypto-lib-stack.o crypto/store/libcrypto-lib-loader_file.o crypto/store/libcrypto-lib-store_err.o crypto/store/libcrypto-lib-store_init.o crypto/store/libcrypto-lib-store_lib.o crypto/store/libcrypto-lib-store_register.o crypto/store/libcrypto-lib-store_strings.o crypto/ts/libcrypto-lib-ts_asn1.o crypto/ts/libcrypto-lib-ts_conf.o crypto/ts/libcrypto-lib-ts_err.o crypto/ts/libcrypto-lib-ts_lib.o crypto/ts/libcrypto-lib-ts_req_print.o crypto/ts/libcrypto-lib-ts_req_utils.o crypto/ts/libcrypto-lib-ts_rsp_print.o crypto/ts/libcrypto-lib-ts_rsp_sign.o crypto/ts/libcrypto-lib-ts_rsp_utils.o crypto/ts/libcrypto-lib-ts_rsp_verify.o crypto/ts/libcrypto-lib-ts_verify_ctx.o crypto/txt_db/libcrypto-lib-txt_db.o crypto/ui/libcrypto-lib-ui_err.o crypto/ui/libcrypto-lib-ui_lib.o crypto/ui/libcrypto-lib-ui_null.o crypto/ui/libcrypto-lib-ui_openssl.o crypto/ui/libcrypto-lib-ui_util.o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/libcrypto-lib-wp_dgst.o crypto/x509/libcrypto-lib-by_dir.o crypto/x509/libcrypto-lib-by_file.o crypto/x509/libcrypto-lib-pcy_cache.o crypto/x509/libcrypto-lib-pcy_data.o crypto/x509/libcrypto-lib-pcy_lib.o crypto/x509/libcrypto-lib-pcy_map.o crypto/x509/libcrypto-lib-pcy_node.o crypto/x509/libcrypto-lib-pcy_tree.o crypto/x509/libcrypto-lib-t_crl.o crypto/x509/libcrypto-lib-t_req.o crypto/x509/libcrypto-lib-t_x509.o crypto/x509/libcrypto-lib-v3_addr.o crypto/x509/libcrypto-lib-v3_admis.o crypto/x509/libcrypto-lib-v3_akey.o crypto/x509/libcrypto-lib-v3_akeya.o crypto/x509/libcrypto-lib-v3_alt.o crypto/x509/libcrypto-lib-v3_asid.o crypto/x509/libcrypto-lib-v3_bcons.o crypto/x509/libcrypto-lib-v3_bitst.o crypto/x509/libcrypto-lib-v3_conf.o crypto/x509/libcrypto-lib-v3_cpols.o crypto/x509/libcrypto-lib-v3_crld.o crypto/x509/libcrypto-lib-v3_enum.o crypto/x509/libcrypto-lib-v3_extku.o crypto/x509/libcrypto-lib-v3_genn.o crypto/x509/libcrypto-lib-v3_ia5.o crypto/x509/libcrypto-lib-v3_info.o crypto/x509/libcrypto-lib-v3_int.o crypto/x509/libcrypto-lib-v3_lib.o crypto/x509/libcrypto-lib-v3_ncons.o crypto/x509/libcrypto-lib-v3_pci.o crypto/x509/libcrypto-lib-v3_pcia.o crypto/x509/libcrypto-lib-v3_pcons.o crypto/x509/libcrypto-lib-v3_pku.o crypto/x509/libcrypto-lib-v3_pmaps.o crypto/x509/libcrypto-lib-v3_prn.o crypto/x509/libcrypto-lib-v3_purp.o crypto/x509/libcrypto-lib-v3_skey.o crypto/x509/libcrypto-lib-v3_sxnet.o crypto/x509/libcrypto-lib-v3_tlsf.o crypto/x509/libcrypto-lib-v3_utl.o crypto/x509/libcrypto-lib-v3err.o crypto/x509/libcrypto-lib-x509_att.o crypto/x509/libcrypto-lib-x509_cmp.o crypto/x509/libcrypto-lib-x509_d2.o crypto/x509/libcrypto-lib-x509_def.o crypto/x509/libcrypto-lib-x509_err.o crypto/x509/libcrypto-lib-x509_ext.o crypto/x509/libcrypto-lib-x509_lu.o crypto/x509/libcrypto-lib-x509_meth.o crypto/x509/libcrypto-lib-x509_obj.o crypto/x509/libcrypto-lib-x509_r2x.o crypto/x509/libcrypto-lib-x509_req.o crypto/x509/libcrypto-lib-x509_set.o crypto/x509/libcrypto-lib-x509_trs.o crypto/x509/libcrypto-lib-x509_txt.o crypto/x509/libcrypto-lib-x509_v3.o crypto/x509/libcrypto-lib-x509_vfy.o crypto/x509/libcrypto-lib-x509_vpm.o crypto/x509/libcrypto-lib-x509cset.o crypto/x509/libcrypto-lib-x509name.o crypto/x509/libcrypto-lib-x509rset.o crypto/x509/libcrypto-lib-x509spki.o crypto/x509/libcrypto-lib-x509type.o crypto/x509/libcrypto-lib-x_all.o crypto/x509/libcrypto-lib-x_attrib.o crypto/x509/libcrypto-lib-x_crl.o crypto/x509/libcrypto-lib-x_exten.o crypto/x509/libcrypto-lib-x_name.o crypto/x509/libcrypto-lib-x_pubkey.o crypto/x509/libcrypto-lib-x_req.o crypto/x509/libcrypto-lib-x_x509.o crypto/x509/libcrypto-lib-x_x509a.o providers/common/ciphers/libcrypto-lib-block.o providers/common/ciphers/libcrypto-lib-cipher_aes.o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o providers/common/ciphers/libcrypto-lib-cipher_ccm.o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o providers/common/ciphers/libcrypto-lib-cipher_common.o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o providers/common/ciphers/libcrypto-lib-cipher_gcm.o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o providers/common/ciphers/libcrypto-lib-cipher_tdes.o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o providers/common/digests/libcrypto-lib-digest_common.o providers/common/digests/libcrypto-lib-sha2_prov.o providers/common/digests/libcrypto-lib-sha3_prov.o providers/common/kdfs/libcrypto-lib-hkdf.o providers/common/kdfs/libcrypto-lib-pbkdf2.o providers/common/kdfs/libcrypto-lib-sskdf.o providers/common/kdfs/libcrypto-lib-tls1_prf.o providers/common/libcrypto-lib-provider_err.o providers/common/libcrypto-lib-provider_util.o providers/common/libcrypto-lib-provlib.o providers/common/macs/libcrypto-lib-cmac_prov.o providers/common/macs/libcrypto-lib-gmac_prov.o providers/common/macs/libcrypto-lib-hmac_prov.o providers/common/macs/libcrypto-lib-kmac_prov.o providers/common/signature/libcrypto-lib-dsa.o providers/default/ciphers/libcrypto-lib-cipher_aria.o providers/default/ciphers/libcrypto-lib-cipher_aria_ccm.o providers/default/ciphers/libcrypto-lib-cipher_aria_ccm_hw.o providers/default/ciphers/libcrypto-lib-cipher_aria_gcm.o providers/default/ciphers/libcrypto-lib-cipher_aria_gcm_hw.o providers/default/ciphers/libcrypto-lib-cipher_aria_hw.o providers/default/ciphers/libcrypto-lib-cipher_camellia.o providers/default/ciphers/libcrypto-lib-cipher_camellia_hw.o providers/default/ciphers/libcrypto-lib-cipher_desx.o providers/default/ciphers/libcrypto-lib-cipher_desx_hw.o providers/default/ciphers/libcrypto-lib-cipher_tdes_default.o providers/default/ciphers/libcrypto-lib-cipher_tdes_default_hw.o providers/default/ciphers/libcrypto-lib-cipher_tdes_wrap.o providers/default/ciphers/libcrypto-lib-cipher_tdes_wrap_hw.o providers/default/digests/libcrypto-lib-blake2_prov.o providers/default/digests/libcrypto-lib-blake2b_prov.o providers/default/digests/libcrypto-lib-blake2s_prov.o providers/default/digests/libcrypto-lib-md5_prov.o providers/default/digests/libcrypto-lib-md5_sha1_prov.o providers/default/digests/libcrypto-lib-sm3_prov.o providers/default/kdfs/libcrypto-lib-scrypt.o providers/default/kdfs/libcrypto-lib-sshkdf.o providers/default/kdfs/libcrypto-lib-x942kdf.o providers/default/libcrypto-lib-defltprov.o providers/default/macs/libcrypto-lib-blake2b_mac.o providers/default/macs/libcrypto-lib-blake2s_mac.o providers/default/macs/libcrypto-lib-poly1305_prov.o providers/default/macs/libcrypto-lib-siphash_prov.o ar: creating libcrypto.a rm -f libcrypto.so && \ ln -s libcrypto.so.3 libcrypto.so clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-znodelete -shared -Wl,-Bsymbolic -Wl,-soname=libssl.so.3 \ -o libssl.so.3 -Wl,--version-script=libssl.ld crypto/libssl-shlib-packet.o ssl/libssl-shlib-bio_ssl.o ssl/libssl-shlib-d1_lib.o ssl/libssl-shlib-d1_msg.o ssl/libssl-shlib-d1_srtp.o ssl/libssl-shlib-methods.o ssl/libssl-shlib-pqueue.o ssl/libssl-shlib-s3_cbc.o ssl/libssl-shlib-s3_enc.o ssl/libssl-shlib-s3_lib.o ssl/libssl-shlib-s3_msg.o ssl/libssl-shlib-ssl_asn1.o ssl/libssl-shlib-ssl_cert.o ssl/libssl-shlib-ssl_ciph.o ssl/libssl-shlib-ssl_conf.o ssl/libssl-shlib-ssl_err.o ssl/libssl-shlib-ssl_init.o ssl/libssl-shlib-ssl_lib.o ssl/libssl-shlib-ssl_mcnf.o ssl/libssl-shlib-ssl_rsa.o ssl/libssl-shlib-ssl_sess.o ssl/libssl-shlib-ssl_stat.o ssl/libssl-shlib-ssl_txt.o ssl/libssl-shlib-ssl_utst.o ssl/libssl-shlib-t1_enc.o ssl/libssl-shlib-t1_lib.o ssl/libssl-shlib-t1_trce.o ssl/libssl-shlib-tls13_enc.o ssl/libssl-shlib-tls_srp.o ssl/record/libssl-shlib-dtls1_bitmap.o ssl/record/libssl-shlib-rec_layer_d1.o ssl/record/libssl-shlib-rec_layer_s3.o ssl/record/libssl-shlib-ssl3_buffer.o ssl/record/libssl-shlib-ssl3_record.o ssl/record/libssl-shlib-ssl3_record_tls13.o ssl/statem/libssl-shlib-extensions.o ssl/statem/libssl-shlib-extensions_clnt.o ssl/statem/libssl-shlib-extensions_cust.o ssl/statem/libssl-shlib-extensions_srvr.o ssl/statem/libssl-shlib-statem.o ssl/statem/libssl-shlib-statem_clnt.o ssl/statem/libssl-shlib-statem_dtls.o ssl/statem/libssl-shlib-statem_lib.o ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread ranlib libcrypto.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld engines/padlock-dso-e_padlock-x86_64.o engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld providers/common/digests/legacy-dso-digest_common.o providers/legacy/digests/legacy-dso-md4_prov.o providers/legacy/digests/legacy-dso-mdc2_prov.o providers/legacy/digests/legacy-dso-ripemd_prov.o providers/legacy/digests/legacy-dso-wp_prov.o providers/legacy/legacy-dso-legacyprov.o \ -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test fuzz/asn1parse-test-bin-asn1parse.o fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test fuzz/bignum-test-bin-bignum.o fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test fuzz/bndiv-test-bin-bndiv.o fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:15403: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:15424: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:15445: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Tue Sep 10 02:13:45 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 10 Sep 2019 02:13:45 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1568081625.545647.27332.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 1d3cd983f5 [test] ECC: check the bounds for auto computing cofactor d3a1128bc2 Fix build with VS2008 20bf3d8b22 Use simple names in core_names.h 864b89ce49 Move EVP_PKEY algorithm implementations into a union 9c45222ddc Revise EVP_PKEY param handling 21fb706722 Enable DH "keys" which only contain domain parameters 4f62f5d9af Add docs for the provider interface for signature operations 11031468c3 Add public API docs for newly added EVP_SIGNATURE related functions 390acbebfa Add support for verify/verify_recover functions to EVP_SIGNATURE 4889dadcb8 Implement DSA in the default provider dfcb5d29b5 Add the ability to perform signatures in a provider 2b95e8efcf DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. fa01370f7d Use BN_clear_free in DH_set0_key feeb7ecd2f Check the DH modulus bit length bfed4fc836 Uniform TEST_*() check usage in test/ectest.c 65936a5646 Fix spacing nit in test/ectest.c 3f37050e33 Fix typos in the OSSL_METHOD_STORE doc bacaa618c2 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters bd9faf117d Do no mention private headers in public headers Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: error: implicit declaration of function 'DSA_set0_pqg' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!DSA_set0_pqg(dsa, p, q, g)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: error: implicit declaration of function 'DSA_set0_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (pub_key != NULL && !DSA_set0_key(dsa, pub_key, priv_key)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: note: did you mean 'DSA_set0_pqg'? ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: note: 'DSA_set0_pqg' declared here if (!DSA_set0_pqg(dsa, p, q, g)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] if (pub_key != NULL && !DSA_set0_key(dsa, pub_key, priv_key)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:16: error: implicit declaration of function 'DSA_new' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if ((dsa = DSA_new()) == NULL ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:16: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:14: error: incompatible integer to pointer conversion assigning to 'DSA *' (aka 'struct dsa_st *') from 'int' [-Werror,-Wint-conversion] if ((dsa = DSA_new()) == NULL ^ ~~~~~~~~~ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:77:9: error: implicit declaration of function 'DSA_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] DSA_free(dsa); ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:77:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:89:50: error: use of undeclared identifier 'DSA_free' { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DSA_free }, ^ 10 errors generated. clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-cmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-cmac_prov.o -c -o providers/common/macs/libcrypto-lib-cmac_prov.o ../openssl/providers/common/macs/cmac_prov.c Makefile:12389: recipe for target 'providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o' failed make[1]: *** [providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Tue Sep 10 03:28:51 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 10 Sep 2019 03:28:51 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1568086131.737552.26177.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 1d3cd983f5 [test] ECC: check the bounds for auto computing cofactor d3a1128bc2 Fix build with VS2008 20bf3d8b22 Use simple names in core_names.h 864b89ce49 Move EVP_PKEY algorithm implementations into a union 9c45222ddc Revise EVP_PKEY param handling 21fb706722 Enable DH "keys" which only contain domain parameters 4f62f5d9af Add docs for the provider interface for signature operations 11031468c3 Add public API docs for newly added EVP_SIGNATURE related functions 390acbebfa Add support for verify/verify_recover functions to EVP_SIGNATURE 4889dadcb8 Implement DSA in the default provider dfcb5d29b5 Add the ability to perform signatures in a provider 2b95e8efcf DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. fa01370f7d Use BN_clear_free in DH_set0_key feeb7ecd2f Check the DH modulus bit length bfed4fc836 Uniform TEST_*() check usage in test/ectest.c 65936a5646 Fix spacing nit in test/ectest.c 3f37050e33 Fix typos in the OSSL_METHOD_STORE doc bacaa618c2 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters bd9faf117d Do no mention private headers in public headers Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_crld.d.tmp -MT crypto/x509/libcrypto-lib-v3_crld.o -c -o crypto/x509/libcrypto-lib-v3_crld.o ../openssl/crypto/x509/v3_crld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509/libcrypto-lib-v3_enum.o -c -o crypto/x509/libcrypto-lib-v3_enum.o ../openssl/crypto/x509/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509/libcrypto-lib-v3_extku.o -c -o crypto/x509/libcrypto-lib-v3_extku.o ../openssl/crypto/x509/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509/libcrypto-lib-v3_genn.o -c -o crypto/x509/libcrypto-lib-v3_genn.o ../openssl/crypto/x509/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509/libcrypto-lib-v3_ia5.o -c -o crypto/x509/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_info.d.tmp -MT crypto/x509/libcrypto-lib-v3_info.o -c -o crypto/x509/libcrypto-lib-v3_info.o ../openssl/crypto/x509/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_int.d.tmp -MT crypto/x509/libcrypto-lib-v3_int.o -c -o crypto/x509/libcrypto-lib-v3_int.o ../openssl/crypto/x509/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509/libcrypto-lib-v3_lib.o -c -o crypto/x509/libcrypto-lib-v3_lib.o ../openssl/crypto/x509/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509/libcrypto-lib-v3_ncons.o -c -o crypto/x509/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509/libcrypto-lib-v3_pci.o -c -o crypto/x509/libcrypto-lib-v3_pci.o ../openssl/crypto/x509/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcia.o -c -o crypto/x509/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcons.o -c -o crypto/x509/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509/libcrypto-lib-v3_pku.o -c -o crypto/x509/libcrypto-lib-v3_pku.o ../openssl/crypto/x509/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-cmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-cmac_prov.o -c -o providers/common/macs/libcrypto-lib-cmac_prov.o ../openssl/providers/common/macs/cmac_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-gmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-gmac_prov.o -c -o providers/common/macs/libcrypto-lib-gmac_prov.o ../openssl/providers/common/macs/gmac_prov.c ../openssl/providers/common/provider_util.c:52:9: error: implicit declaration of function 'ENGINE_finish' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ENGINE_finish(*engine); ^ ../openssl/providers/common/provider_util.c:52:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:19: error: implicit declaration of function 'ENGINE_by_id' is invalid in C99 [-Werror,-Wimplicit-function-declaration] *engine = ENGINE_by_id(p->data); ^ ../openssl/providers/common/provider_util.c:53:19: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:17: error: incompatible integer to pointer conversion assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int' [-Werror,-Wint-conversion] *engine = ENGINE_by_id(p->data); ^ ~~~~~~~~~~~~~~~~~~~~~ 5 errors generated. Makefile:12269: recipe for target 'providers/common/libcrypto-lib-provider_util.o' failed make[1]: *** [providers/common/libcrypto-lib-provider_util.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-engine' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Tue Sep 10 03:29:44 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 10 Sep 2019 03:29:44 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine no-shared Message-ID: <1568086184.674058.31390.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine no-shared Commit log since last time: 1d3cd983f5 [test] ECC: check the bounds for auto computing cofactor d3a1128bc2 Fix build with VS2008 20bf3d8b22 Use simple names in core_names.h 864b89ce49 Move EVP_PKEY algorithm implementations into a union 9c45222ddc Revise EVP_PKEY param handling 21fb706722 Enable DH "keys" which only contain domain parameters 4f62f5d9af Add docs for the provider interface for signature operations 11031468c3 Add public API docs for newly added EVP_SIGNATURE related functions 390acbebfa Add support for verify/verify_recover functions to EVP_SIGNATURE 4889dadcb8 Implement DSA in the default provider dfcb5d29b5 Add the ability to perform signatures in a provider 2b95e8efcf DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. fa01370f7d Use BN_clear_free in DH_set0_key feeb7ecd2f Check the DH modulus bit length bfed4fc836 Uniform TEST_*() check usage in test/ectest.c 65936a5646 Fix spacing nit in test/ectest.c 3f37050e33 Fix typos in the OSSL_METHOD_STORE doc bacaa618c2 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters bd9faf117d Do no mention private headers in public headers Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_crld.d.tmp -MT crypto/x509/libcrypto-lib-v3_crld.o -c -o crypto/x509/libcrypto-lib-v3_crld.o ../openssl/crypto/x509/v3_crld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509/libcrypto-lib-v3_enum.o -c -o crypto/x509/libcrypto-lib-v3_enum.o ../openssl/crypto/x509/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509/libcrypto-lib-v3_extku.o -c -o crypto/x509/libcrypto-lib-v3_extku.o ../openssl/crypto/x509/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509/libcrypto-lib-v3_genn.o -c -o crypto/x509/libcrypto-lib-v3_genn.o ../openssl/crypto/x509/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509/libcrypto-lib-v3_ia5.o -c -o crypto/x509/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_info.d.tmp -MT crypto/x509/libcrypto-lib-v3_info.o -c -o crypto/x509/libcrypto-lib-v3_info.o ../openssl/crypto/x509/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_int.d.tmp -MT crypto/x509/libcrypto-lib-v3_int.o -c -o crypto/x509/libcrypto-lib-v3_int.o ../openssl/crypto/x509/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509/libcrypto-lib-v3_lib.o -c -o crypto/x509/libcrypto-lib-v3_lib.o ../openssl/crypto/x509/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509/libcrypto-lib-v3_ncons.o -c -o crypto/x509/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509/libcrypto-lib-v3_pci.o -c -o crypto/x509/libcrypto-lib-v3_pci.o ../openssl/crypto/x509/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcia.o -c -o crypto/x509/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcons.o -c -o crypto/x509/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509/libcrypto-lib-v3_pku.o -c -o crypto/x509/libcrypto-lib-v3_pku.o ../openssl/crypto/x509/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-cmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-cmac_prov.o -c -o providers/common/macs/libcrypto-lib-cmac_prov.o ../openssl/providers/common/macs/cmac_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-gmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-gmac_prov.o -c -o providers/common/macs/libcrypto-lib-gmac_prov.o ../openssl/providers/common/macs/gmac_prov.c ../openssl/providers/common/provider_util.c:52:9: error: implicit declaration of function 'ENGINE_finish' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ENGINE_finish(*engine); ^ ../openssl/providers/common/provider_util.c:52:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:19: error: implicit declaration of function 'ENGINE_by_id' is invalid in C99 [-Werror,-Wimplicit-function-declaration] *engine = ENGINE_by_id(p->data); ^ ../openssl/providers/common/provider_util.c:53:19: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:17: error: incompatible integer to pointer conversion assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int' [-Werror,-Wint-conversion] *engine = ENGINE_by_id(p->data); ^ ~~~~~~~~~~~~~~~~~~~~~ 5 errors generated. Makefile:6455: recipe for target 'providers/common/libcrypto-lib-provider_util.o' failed make[1]: *** [providers/common/libcrypto-lib-provider_util.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-engine_no-shared' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Tue Sep 10 07:56:55 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 10 Sep 2019 07:56:55 +0000 Subject: Build failed: openssl master.27536 Message-ID: <20190910075655.1.066E80470BD672E4@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Sep 10 09:06:49 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 09:06:49 +0000 Subject: [openssl] master update Message-ID: <1568106409.232140.18394.nullmailer@dev.openssl.org> The branch master has been updated via fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e (commit) via e301c147a763f67dcc5ba63eb7e2ae40d83a68aa (commit) from 1d3cd983f56e0a580ee4216692ee3c9c7bf14de9 (commit) - Log ----------------------------------------------------------------- commit fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e Author: Bernd Edlinger Date: Fri Sep 6 21:54:13 2019 +0200 Fix a potential crash in rand_unix.c Due to the dynamic allocation that was added to rand_pool_add_begin this function could now return a null pointer where it was previously guaranteed to succeed. But the return value of this function does not need to be checked by design. Move rand_pool_grow from rand_pool_add_begin to rand_pool_bytes_needed. Make an allocation error persistent to avoid falling back to less secure or blocking entropy sources. Fixes: a6a66e4511ee ("Make rand_pool buffers more dynamic in their sizing.") Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9687) commit e301c147a763f67dcc5ba63eb7e2ae40d83a68aa Author: Bernd Edlinger Date: Sat Aug 24 11:38:32 2019 +0200 Fix a strict warnings error in rand_pool_acquire_entropy There was a warning about unused variables in this config: ./config --strict-warnings --with-rand-seed=rdcpu Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9687) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_lib.c | 115 +++++++++++++++++++++++++++++++++++------------- crypto/rand/rand_unix.c | 39 +++++++++------- 2 files changed, 106 insertions(+), 48 deletions(-) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index c865ece978..1ab2a8246c 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -545,6 +545,42 @@ size_t rand_pool_entropy_needed(RAND_POOL *pool) return 0; } +/* Increase the allocation size -- not usable for an attached pool */ +static int rand_pool_grow(RAND_POOL *pool, size_t len) +{ + if (len > pool->alloc_len - pool->len) { + unsigned char *p; + const size_t limit = pool->max_len / 2; + size_t newlen = pool->alloc_len; + + if (pool->attached || len > pool->max_len - pool->len) { + RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR); + return 0; + } + + do + newlen = newlen < limit ? newlen * 2 : pool->max_len; + while (len > newlen - pool->len); + + if (pool->secure) + p = OPENSSL_secure_zalloc(newlen); + else + p = OPENSSL_zalloc(newlen); + if (p == NULL) { + RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(p, pool->buffer, pool->len); + if (pool->secure) + OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); + else + OPENSSL_clear_free(pool->buffer, pool->alloc_len); + pool->buffer = p; + pool->alloc_len = newlen; + } + return 1; +} + /* * Returns the number of bytes needed to fill the pool, assuming * the input has 1 / |entropy_factor| entropy bits per data bit. @@ -574,6 +610,24 @@ size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor) /* to meet the min_len requirement */ bytes_needed = pool->min_len - pool->len; + /* + * Make sure the buffer is large enough for the requested amount + * of data. This guarantees that existing code patterns where + * rand_pool_add_begin, rand_pool_add_end or rand_pool_add + * are used to collect entropy data without any error handling + * whatsoever, continue to be valid. + * Furthermore if the allocation here fails once, make sure that + * we don't fall back to a less secure or even blocking random source, + * as that could happen by the existing code patterns. + * This is not a concern for additional data, therefore that + * is not needed if rand_pool_grow fails in other places. + */ + if (!rand_pool_grow(pool, bytes_needed)) { + /* persistent error for this pool */ + pool->max_len = pool->len = 0; + return 0; + } + return bytes_needed; } @@ -583,36 +637,6 @@ size_t rand_pool_bytes_remaining(RAND_POOL *pool) return pool->max_len - pool->len; } -static int rand_pool_grow(RAND_POOL *pool, size_t len) -{ - if (len > pool->alloc_len - pool->len) { - unsigned char *p; - const size_t limit = pool->max_len / 2; - size_t newlen = pool->alloc_len; - - do - newlen = newlen < limit ? newlen * 2 : pool->max_len; - while (len > newlen - pool->len); - - if (pool->secure) - p = OPENSSL_secure_zalloc(newlen); - else - p = OPENSSL_zalloc(newlen); - if (p == NULL) { - RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(p, pool->buffer, pool->len); - if (pool->secure) - OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); - else - OPENSSL_clear_free(pool->buffer, pool->alloc_len); - pool->buffer = p; - pool->alloc_len = newlen; - } - return 1; -} - /* * Add random bytes to the random pool. * @@ -636,6 +660,25 @@ int rand_pool_add(RAND_POOL *pool, } if (len > 0) { + /* + * This is to protect us from accidentally passing the buffer + * returned from rand_pool_add_begin. + * The check for alloc_len makes sure we do not compare the + * address of the end of the allocated memory to something + * different, since that comparison would have an + * indeterminate result. + */ + if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) { + RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR); + return 0; + } + /* + * We have that only for cases when a pool is used to collect + * additional data. + * For entropy data, as long as the allocation request stays within + * the limits given by rand_pool_bytes_needed this rand_pool_grow + * below is guaranteed to succeed, thus no allocation happens. + */ if (!rand_pool_grow(pool, len)) return 0; memcpy(pool->buffer + pool->len, buffer, len); @@ -673,8 +716,18 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) return NULL; } + /* + * As long as the allocation request stays within the limits given + * by rand_pool_bytes_needed this rand_pool_grow below is guaranteed + * to succeed, thus no allocation happens. + * We have that only for cases when a pool is used to collect + * additional data. Then the buffer might need to grow here, + * and of course the caller is responsible to check the return + * value of this function. + */ if (!rand_pool_grow(pool, len)) return NULL; + return pool->buffer + pool->len; } @@ -689,7 +742,7 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) */ int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) { - if (len > pool->max_len - pool->len) { + if (len > pool->alloc_len - pool->len) { RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW); return 0; } diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index fb8a7b7c6d..813964665f 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -557,12 +557,12 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # if defined(OPENSSL_RAND_SEED_NONE) return rand_pool_entropy_available(pool); # else - size_t bytes_needed; - size_t entropy_available = 0; - unsigned char *buffer; + size_t entropy_available; # if defined(OPENSSL_RAND_SEED_GETRANDOM) { + size_t bytes_needed; + unsigned char *buffer; ssize_t bytes; /* Maximum allowed number of consecutive unsuccessful attempts */ int attempts = 3; @@ -593,6 +593,8 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # if defined(OPENSSL_RAND_SEED_DEVRANDOM) if (wait_random_seeded()) { + size_t bytes_needed; + unsigned char *buffer; size_t i; bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); @@ -642,26 +644,29 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif # if defined(OPENSSL_RAND_SEED_EGD) - bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - if (bytes_needed > 0) { + { static const char *paths[] = { DEVRANDOM_EGD, NULL }; + size_t bytes_needed; + unsigned char *buffer; int i; - for (i = 0; paths[i] != NULL; i++) { + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + for (i = 0; bytes_needed > 0 && paths[i] != NULL; i++) { + size_t bytes = 0; + int num; + buffer = rand_pool_add_begin(pool, bytes_needed); - if (buffer != NULL) { - size_t bytes = 0; - int num = RAND_query_egd_bytes(paths[i], - buffer, (int)bytes_needed); - if (num == (int)bytes_needed) - bytes = bytes_needed; + num = RAND_query_egd_bytes(paths[i], + buffer, (int)bytes_needed); + if (num == (int)bytes_needed) + bytes = bytes_needed; - rand_pool_add_end(pool, bytes, 8 * bytes); - entropy_available = rand_pool_entropy_available(pool); - } - if (entropy_available > 0) - return entropy_available; + rand_pool_add_end(pool, bytes, 8 * bytes); + bytes_needed = rand_pool_bytes_needed(pool, 1); } + entropy_available = rand_pool_entropy_available(pool); + if (entropy_available > 0) + return entropy_available; } # endif From matt at openssl.org Tue Sep 10 09:07:07 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 09:07:07 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568106427.051429.19316.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 79f5e2f4b9d9886d1b0da09c2eb3e397bcf82876 (commit) via 1d36536457c14c92a2e728e8499260f396bd4657 (commit) from 63180182ecfe6474fbc50bc4021e558d11414e88 (commit) - Log ----------------------------------------------------------------- commit 79f5e2f4b9d9886d1b0da09c2eb3e397bcf82876 Author: Bernd Edlinger Date: Fri Sep 6 21:54:13 2019 +0200 Fix a potential crash in rand_unix.c Due to the dynamic allocation that was added to rand_pool_add_begin this function could now return a null pointer where it was previously guaranteed to succeed. But the return value of this function does not need to be checked by design. Move rand_pool_grow from rand_pool_add_begin to rand_pool_bytes_needed. Make an allocation error persistent to avoid falling back to less secure or blocking entropy sources. Fixes: a6a66e4511ee ("Make rand_pool buffers more dynamic in their sizing.") Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9687) (cherry picked from commit fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e) commit 1d36536457c14c92a2e728e8499260f396bd4657 Author: Bernd Edlinger Date: Sat Aug 24 11:38:32 2019 +0200 Fix a strict warnings error in rand_pool_acquire_entropy There was a warning about unused variables in this config: ./config --strict-warnings --with-rand-seed=rdcpu Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9687) (cherry picked from commit e301c147a763f67dcc5ba63eb7e2ae40d83a68aa) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_lib.c | 115 +++++++++++++++++++++++++++++++++++------------- crypto/rand/rand_unix.c | 39 +++++++++------- 2 files changed, 106 insertions(+), 48 deletions(-) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 945ea1e795..91b2652311 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -611,6 +611,42 @@ size_t rand_pool_entropy_needed(RAND_POOL *pool) return 0; } +/* Increase the allocation size -- not usable for an attached pool */ +static int rand_pool_grow(RAND_POOL *pool, size_t len) +{ + if (len > pool->alloc_len - pool->len) { + unsigned char *p; + const size_t limit = pool->max_len / 2; + size_t newlen = pool->alloc_len; + + if (pool->attached || len > pool->max_len - pool->len) { + RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR); + return 0; + } + + do + newlen = newlen < limit ? newlen * 2 : pool->max_len; + while (len > newlen - pool->len); + + if (pool->secure) + p = OPENSSL_secure_zalloc(newlen); + else + p = OPENSSL_zalloc(newlen); + if (p == NULL) { + RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(p, pool->buffer, pool->len); + if (pool->secure) + OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); + else + OPENSSL_clear_free(pool->buffer, pool->alloc_len); + pool->buffer = p; + pool->alloc_len = newlen; + } + return 1; +} + /* * Returns the number of bytes needed to fill the pool, assuming * the input has 1 / |entropy_factor| entropy bits per data bit. @@ -640,6 +676,24 @@ size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor) /* to meet the min_len requirement */ bytes_needed = pool->min_len - pool->len; + /* + * Make sure the buffer is large enough for the requested amount + * of data. This guarantees that existing code patterns where + * rand_pool_add_begin, rand_pool_add_end or rand_pool_add + * are used to collect entropy data without any error handling + * whatsoever, continue to be valid. + * Furthermore if the allocation here fails once, make sure that + * we don't fall back to a less secure or even blocking random source, + * as that could happen by the existing code patterns. + * This is not a concern for additional data, therefore that + * is not needed if rand_pool_grow fails in other places. + */ + if (!rand_pool_grow(pool, bytes_needed)) { + /* persistent error for this pool */ + pool->max_len = pool->len = 0; + return 0; + } + return bytes_needed; } @@ -649,36 +703,6 @@ size_t rand_pool_bytes_remaining(RAND_POOL *pool) return pool->max_len - pool->len; } -static int rand_pool_grow(RAND_POOL *pool, size_t len) -{ - if (len > pool->alloc_len - pool->len) { - unsigned char *p; - const size_t limit = pool->max_len / 2; - size_t newlen = pool->alloc_len; - - do - newlen = newlen < limit ? newlen * 2 : pool->max_len; - while (len > newlen - pool->len); - - if (pool->secure) - p = OPENSSL_secure_zalloc(newlen); - else - p = OPENSSL_zalloc(newlen); - if (p == NULL) { - RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(p, pool->buffer, pool->len); - if (pool->secure) - OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); - else - OPENSSL_clear_free(pool->buffer, pool->alloc_len); - pool->buffer = p; - pool->alloc_len = newlen; - } - return 1; -} - /* * Add random bytes to the random pool. * @@ -702,6 +726,25 @@ int rand_pool_add(RAND_POOL *pool, } if (len > 0) { + /* + * This is to protect us from accidentally passing the buffer + * returned from rand_pool_add_begin. + * The check for alloc_len makes sure we do not compare the + * address of the end of the allocated memory to something + * different, since that comparison would have an + * indeterminate result. + */ + if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) { + RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR); + return 0; + } + /* + * We have that only for cases when a pool is used to collect + * additional data. + * For entropy data, as long as the allocation request stays within + * the limits given by rand_pool_bytes_needed this rand_pool_grow + * below is guaranteed to succeed, thus no allocation happens. + */ if (!rand_pool_grow(pool, len)) return 0; memcpy(pool->buffer + pool->len, buffer, len); @@ -739,8 +782,18 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) return NULL; } + /* + * As long as the allocation request stays within the limits given + * by rand_pool_bytes_needed this rand_pool_grow below is guaranteed + * to succeed, thus no allocation happens. + * We have that only for cases when a pool is used to collect + * additional data. Then the buffer might need to grow here, + * and of course the caller is responsible to check the return + * value of this function. + */ if (!rand_pool_grow(pool, len)) return NULL; + return pool->buffer + pool->len; } @@ -755,7 +808,7 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) */ int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) { - if (len > pool->max_len - pool->len) { + if (len > pool->alloc_len - pool->len) { RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW); return 0; } diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 0cfa4e0625..69efcdeed7 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -573,12 +573,12 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # if defined(OPENSSL_RAND_SEED_NONE) return rand_pool_entropy_available(pool); # else - size_t bytes_needed; - size_t entropy_available = 0; - unsigned char *buffer; + size_t entropy_available; # if defined(OPENSSL_RAND_SEED_GETRANDOM) { + size_t bytes_needed; + unsigned char *buffer; ssize_t bytes; /* Maximum allowed number of consecutive unsuccessful attempts */ int attempts = 3; @@ -609,6 +609,8 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # if defined(OPENSSL_RAND_SEED_DEVRANDOM) if (wait_random_seeded()) { + size_t bytes_needed; + unsigned char *buffer; size_t i; bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); @@ -658,26 +660,29 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif # if defined(OPENSSL_RAND_SEED_EGD) - bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - if (bytes_needed > 0) { + { static const char *paths[] = { DEVRANDOM_EGD, NULL }; + size_t bytes_needed; + unsigned char *buffer; int i; - for (i = 0; paths[i] != NULL; i++) { + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + for (i = 0; bytes_needed > 0 && paths[i] != NULL; i++) { + size_t bytes = 0; + int num; + buffer = rand_pool_add_begin(pool, bytes_needed); - if (buffer != NULL) { - size_t bytes = 0; - int num = RAND_query_egd_bytes(paths[i], - buffer, (int)bytes_needed); - if (num == (int)bytes_needed) - bytes = bytes_needed; + num = RAND_query_egd_bytes(paths[i], + buffer, (int)bytes_needed); + if (num == (int)bytes_needed) + bytes = bytes_needed; - rand_pool_add_end(pool, bytes, 8 * bytes); - entropy_available = rand_pool_entropy_available(pool); - } - if (entropy_available > 0) - return entropy_available; + rand_pool_add_end(pool, bytes, 8 * bytes); + bytes_needed = rand_pool_bytes_needed(pool, 1); } + entropy_available = rand_pool_entropy_available(pool); + if (entropy_available > 0) + return entropy_available; } # endif From builds at travis-ci.org Tue Sep 10 09:27:27 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 09:27:27 +0000 Subject: Still Failing: openssl/openssl#28108 (master - fa3eb24) In-Reply-To: Message-ID: <5d776c7f1fb75_43fba583b8e0c202614@ab022c51-59b9-40da-ad62-10d4b369739e.mail> Build Update for openssl/openssl ------------------------------------- Build: #28108 Status: Still Failing Duration: 19 mins and 46 secs Commit: fa3eb24 (master) Author: Bernd Edlinger Message: Fix a potential crash in rand_unix.c Due to the dynamic allocation that was added to rand_pool_add_begin this function could now return a null pointer where it was previously guaranteed to succeed. But the return value of this function does not need to be checked by design. Move rand_pool_grow from rand_pool_add_begin to rand_pool_bytes_needed. Make an allocation error persistent to avoid falling back to less secure or blocking entropy sources. Fixes: a6a66e4511ee ("Make rand_pool buffers more dynamic in their sizing.") Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9687) View the changeset: https://github.com/openssl/openssl/compare/1d3cd983f56e...fa3eb248e29c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583072290?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Sep 10 09:39:01 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 09:39:01 +0000 Subject: Still Failing: openssl/openssl#28109 (OpenSSL_1_1_1-stable - 79f5e2f) In-Reply-To: Message-ID: <5d776f35a6915_43f97d1518cc42316d@de67c5be-d756-482a-bafc-2e6d5001223e.mail> Build Update for openssl/openssl ------------------------------------- Build: #28109 Status: Still Failing Duration: 19 mins and 58 secs Commit: 79f5e2f (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix a potential crash in rand_unix.c Due to the dynamic allocation that was added to rand_pool_add_begin this function could now return a null pointer where it was previously guaranteed to succeed. But the return value of this function does not need to be checked by design. Move rand_pool_grow from rand_pool_add_begin to rand_pool_bytes_needed. Make an allocation error persistent to avoid falling back to less secure or blocking entropy sources. Fixes: a6a66e4511ee ("Make rand_pool buffers more dynamic in their sizing.") Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9687) (cherry picked from commit fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e) View the changeset: https://github.com/openssl/openssl/compare/63180182ecfe...79f5e2f4b9d9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583072346?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Sep 10 09:52:29 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 09:52:29 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568109149.091950.26779.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7ff84d88036237dc36f4c2cf2dc814e4bf611084 (commit) from 79f5e2f4b9d9886d1b0da09c2eb3e397bcf82876 (commit) - Log ----------------------------------------------------------------- commit 7ff84d88036237dc36f4c2cf2dc814e4bf611084 Author: Matt Caswell Date: Tue Sep 10 10:26:07 2019 +0100 Update CHANGES and NEWS for the new release Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9841) ----------------------------------------------------------------------- Summary of changes: CHANGES | 28 ++++++++++++++++++++++++++++ NEWS | 15 ++++++++++++++- 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 1b9299fba7..6679f6ed5f 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,33 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random + number generator (RNG). This was intended to include protection in the + event of a fork() system call in order to ensure that the parent and child + processes did not share the same RNG state. However this protection was not + being used in the default case. + + A partial mitigation for this issue is that the output from a high + precision timer is mixed into the RNG state so the likelihood of a parent + and child process sharing state is significantly reduced. + + If an application already calls OPENSSL_init_crypto() explicitly using + OPENSSL_INIT_ATFORK then this problem does not occur at all. + (CVE-2019-1549) + [Matthias St. Pierre] + + *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations + where an attacker receives automated notification of the success or failure + of a decryption attempt an attacker, after sending a very large number of + messages to be decrypted, can recover a CMS/PKCS7 transported encryption + key or decrypt any RSA encrypted message that was encrypted with the public + RSA key, using a Bleichenbacher padding oracle attack. Applications are not + affected if they use a certificate together with the private RSA key to the + CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info + to decrypt. + (CVE-2019-1563) + [Bernd Edlinger] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ @@ -70,6 +97,7 @@ was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. + [Matthias St. Pierre] Changes between 1.1.1b and 1.1.1c [28 May 2019] diff --git a/NEWS b/NEWS index f6264bf6b7..22be168091 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,20 @@ Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [under development] - o + o Fixed a fork protection issue (CVE-2019-1549) + o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt() + (CVE-2019-1563) + o For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters + o Compute ECC cofactors if not provided during EC_GROUP construction + (CVE-2019-1547) + o Early start up entropy quality from the DEVRANDOM seed source has been + improved for older Linux systems + o Correct the extended master secret constant on EBCDIC systems + o Use Windows installation paths in the mingw builds (CVE-2019-1552) + o Changed DH_check to accept parameters with order q and 2q subgroups + o Significantly reduce secure memory usage by the randomness pools + o Revert the DEVRANDOM_WAIT feature for Linux systems Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019] From matt at openssl.org Tue Sep 10 09:53:51 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 09:53:51 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1568109231.988255.20007.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via d38234550ec4cdf10048dd26539d629cca7d6bcf (commit) from 78617373f2af1b735e66501a799969248251c54b (commit) - Log ----------------------------------------------------------------- commit d38234550ec4cdf10048dd26539d629cca7d6bcf Author: Matt Caswell Date: Tue Sep 10 10:26:07 2019 +0100 Update CHANGES and NEWS for the new release Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9842) ----------------------------------------------------------------------- Summary of changes: CHANGES | 12 ++++++++++++ NEWS | 8 +++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 3277a0dbd4..b4400d20cc 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,18 @@ Changes between 1.1.0k and 1.1.0l [xx XXX xxxx] + *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations + where an attacker receives automated notification of the success or failure + of a decryption attempt an attacker, after sending a very large number of + messages to be decrypted, can recover a CMS/PKCS7 transported encryption + key or decrypt any RSA encrypted message that was encrypted with the public + RSA key, using a Bleichenbacher padding oracle attack. Applications are not + affected if they use a certificate together with the private RSA key to the + CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info + to decrypt. + (CVE-2019-1563) + [Bernd Edlinger] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ diff --git a/NEWS b/NEWS index a27090521b..3d6d5a6f23 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,13 @@ Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [under development] - o + o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt() + (CVE-2019-1563) + o For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters + o Compute ECC cofactors if not provided during EC_GROUP construction + (CVE-2019-1547) + o Use Windows installation paths in the mingw builds (CVE-2019-1552) Major changes between OpenSSL 1.1.0j and OpenSSL 1.1.0k [28 May 2019] From matt at openssl.org Tue Sep 10 09:55:31 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 09:55:31 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568109331.477185.26052.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8bf7d77f33263c81b8e293347edc9a6e43f24d0e (commit) from 66fd724daa89996bb775ab8911479c11143b44df (commit) - Log ----------------------------------------------------------------- commit 8bf7d77f33263c81b8e293347edc9a6e43f24d0e Author: Matt Caswell Date: Tue Sep 10 10:26:07 2019 +0100 Update CHANGES and NEWS for the new release Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9843) ----------------------------------------------------------------------- Summary of changes: CHANGES | 12 ++++++++++++ NEWS | 9 ++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index e9b467bd04..eff1121106 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,18 @@ Changes between 1.0.2s and 1.0.2t [xx XXX xxxx] + *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations + where an attacker receives automated notification of the success or failure + of a decryption attempt an attacker, after sending a very large number of + messages to be decrypted, can recover a CMS/PKCS7 transported encryption + key or decrypt any RSA encrypted message that was encrypted with the public + RSA key, using a Bleichenbacher padding oracle attack. Applications are not + affected if they use a certificate together with the private RSA key to the + CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info + to decrypt. + (CVE-2019-1563) + [Bernd Edlinger] + *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ diff --git a/NEWS b/NEWS index 4bff4ae96a..c8159993e9 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,14 @@ Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2t [under development] - o + o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt() + (CVE-2019-1563) + o For built-in EC curves, ensure an EC_GROUP built from the curve name is + used even when parsing explicit parameters + o Compute ECC cofactors if not provided during EC_GROUP construction + (CVE-2019-1547) + o Document issue with installation paths in diverse Windows builds + (CVE-2019-1552) Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] From no-reply at appveyor.com Tue Sep 10 10:06:04 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 10 Sep 2019 10:06:04 +0000 Subject: Build completed: openssl master.27537 Message-ID: <20190910100604.1.E2C8D48A873B4DD7@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Sep 10 10:12:40 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 10:12:40 +0000 Subject: Still Failing: openssl/openssl#28115 (OpenSSL_1_1_1-stable - 7ff84d8) In-Reply-To: Message-ID: <5d77771878ac6_43f7eae84dc502721bc@514a0337-06fc-4c73-9c88-176bd925f9f1.mail> Build Update for openssl/openssl ------------------------------------- Build: #28115 Status: Still Failing Duration: 18 mins and 13 secs Commit: 7ff84d8 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Update CHANGES and NEWS for the new release Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9841) View the changeset: https://github.com/openssl/openssl/compare/79f5e2f4b9d9...7ff84d880362 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583089159?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Sep 10 10:48:04 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 10:48:04 +0000 Subject: [openssl] master update Message-ID: <1568112484.548654.24839.nullmailer@dev.openssl.org> The branch master has been updated via 5840ed0cd1e6487d247efbc1a04136a41d7b3a37 (commit) from fa3eb248e29ca8031e6a14e8a2c6f3cd58b5450e (commit) - Log ----------------------------------------------------------------- commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37 Author: Bernd Edlinger Date: Sun Sep 1 00:16:28 2019 +0200 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9777) ----------------------------------------------------------------------- Summary of changes: CHANGES | 14 ++++++++++++++ crypto/cms/cms_env.c | 18 +++++++++++++++++- crypto/cms/cms_lcl.h | 2 ++ crypto/cms/cms_smime.c | 4 ++++ crypto/pkcs7/pk7_doit.c | 12 ++++++++---- 5 files changed, 45 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 3d2f94303a..29ab546d91 100644 --- a/CHANGES +++ b/CHANGES @@ -27,6 +27,20 @@ (CVE-2019-1547) [Billy Bob Brumley] + *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. + An attack is simple, if the first CMS_recipientInfo is valid but the + second CMS_recipientInfo is chosen ciphertext. If the second + recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct + encryption key will be replaced by garbage, and the message cannot be + decoded, but if the RSA decryption fails, the correct encryption key is + used and the recipient will not notice the attack. + As a work around for this potential attack the length of the decrypted + key must be equal to the cipher default key length, in case the + certifiate is not given and all recipientInfo are tried out. + The old behaviour can be re-enabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag. + [Bernd Edlinger] + *) Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. The RAND subsystem will wait for /dev/random to be producing output before seeding from /dev/urandom. diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index acfbf8c50a..27e98ce0a7 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -363,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, unsigned char *ek = NULL; size_t eklen; int ret = 0; + size_t fixlen = 0; CMS_EncryptedContentInfo *ec; ec = cms->d.envelopedData->encryptedContentInfo; @@ -371,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, return 0; } + if (cms->d.envelopedData->encryptedContentInfo->havenocert + && !cms->d.envelopedData->encryptedContentInfo->debug) { + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm); + + if (ciph == NULL) { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER); + return 0; + } + + fixlen = EVP_CIPHER_key_length(ciph); + } + ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); if (ktri->pctx == NULL) return 0; @@ -401,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) { + ktri->encryptedKey->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); goto err; } diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 08f086b589..40d9c4bb7d 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -125,6 +125,8 @@ struct CMS_EncryptedContentInfo_st { size_t keylen; /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ int debug; + /* Set to 1 if we have no cert and need extra safety measures for MMA */ + int havenocert; }; struct CMS_RecipientInfo_st { diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 5f1a47d768..ae95ff2dd2 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -743,6 +743,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, cms->d.envelopedData->encryptedContentInfo->debug = 1; else cms->d.envelopedData->encryptedContentInfo->debug = 0; + if (!cert) + cms->d.envelopedData->encryptedContentInfo->havenocert = 1; + else + cms->d.envelopedData->encryptedContentInfo->havenocert = 0; if (!pk && !cert && !dcont && !out) return 1; if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index cc09bbf1f2..030718a1cb 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -137,7 +137,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, } static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) + PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, + size_t fixlen) { EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; @@ -170,7 +171,9 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, } if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) { + ri->enc_key->data, ri->enc_key->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { ret = 0; PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); goto err; @@ -499,13 +502,14 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ri = sk_PKCS7_RECIP_INFO_value(rsk, i); - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, + EVP_CIPHER_key_length(evp_cipher)) < 0) goto err; ERR_clear_error(); } } else { /* Only exit on fatal errors, not decrypt failure */ - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0) goto err; ERR_clear_error(); } From matt at openssl.org Tue Sep 10 10:48:16 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 10:48:16 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568112496.757216.26025.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 08229ad838c50f644d7e928e2eef147b4308ad64 (commit) from 7ff84d88036237dc36f4c2cf2dc814e4bf611084 (commit) - Log ----------------------------------------------------------------- commit 08229ad838c50f644d7e928e2eef147b4308ad64 Author: Bernd Edlinger Date: Sun Sep 1 00:16:28 2019 +0200 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9777) (cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37) ----------------------------------------------------------------------- Summary of changes: CHANGES | 14 ++++++++++++++ crypto/cms/cms_env.c | 18 +++++++++++++++++- crypto/cms/cms_lcl.h | 2 ++ crypto/cms/cms_smime.c | 4 ++++ crypto/pkcs7/pk7_doit.c | 12 ++++++++---- 5 files changed, 45 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 6679f6ed5f..c1388ad6fd 100644 --- a/CHANGES +++ b/CHANGES @@ -54,6 +54,20 @@ (CVE-2019-1547) [Billy Bob Brumley] + *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. + An attack is simple, if the first CMS_recipientInfo is valid but the + second CMS_recipientInfo is chosen ciphertext. If the second + recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct + encryption key will be replaced by garbage, and the message cannot be + decoded, but if the RSA decryption fails, the correct encryption key is + used and the recipient will not notice the attack. + As a work around for this potential attack the length of the decrypted + key must be equal to the cipher default key length, in case the + certifiate is not given and all recipientInfo are tried out. + The old behaviour can be re-enabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag. + [Bernd Edlinger] + *) Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. The RAND subsystem will wait for /dev/random to be producing output before seeding from /dev/urandom. diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index bb95af75e3..25df1c40b1 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -363,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, unsigned char *ek = NULL; size_t eklen; int ret = 0; + size_t fixlen = 0; CMS_EncryptedContentInfo *ec; ec = cms->d.envelopedData->encryptedContentInfo; @@ -371,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, return 0; } + if (cms->d.envelopedData->encryptedContentInfo->havenocert + && !cms->d.envelopedData->encryptedContentInfo->debug) { + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm); + + if (ciph == NULL) { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER); + return 0; + } + + fixlen = EVP_CIPHER_key_length(ciph); + } + ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); if (ktri->pctx == NULL) return 0; @@ -401,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) { + ktri->encryptedKey->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); goto err; } diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index b5c06b7f6c..8eddb02493 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -125,6 +125,8 @@ struct CMS_EncryptedContentInfo_st { size_t keylen; /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ int debug; + /* Set to 1 if we have no cert and need extra safety measures for MMA */ + int havenocert; }; struct CMS_RecipientInfo_st { diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 5dcf803f4b..3a26108b8c 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -743,6 +743,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, cms->d.envelopedData->encryptedContentInfo->debug = 1; else cms->d.envelopedData->encryptedContentInfo->debug = 0; + if (!cert) + cms->d.envelopedData->encryptedContentInfo->havenocert = 1; + else + cms->d.envelopedData->encryptedContentInfo->havenocert = 0; if (!pk && !cert && !dcont && !out) return 1; if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index ee08e602a1..15a6160cfe 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -137,7 +137,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, } static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) + PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, + size_t fixlen) { EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; @@ -170,7 +171,9 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, } if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) { + ri->enc_key->data, ri->enc_key->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { ret = 0; PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); goto err; @@ -499,13 +502,14 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ri = sk_PKCS7_RECIP_INFO_value(rsk, i); - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, + EVP_CIPHER_key_length(evp_cipher)) < 0) goto err; ERR_clear_error(); } } else { /* Only exit on fatal errors, not decrypt failure */ - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0) goto err; ERR_clear_error(); } From matt at openssl.org Tue Sep 10 10:48:41 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 10:48:41 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1568112521.268054.29726.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 631f94db0065c78181ca9ba5546ebc8bb3884b97 (commit) from d38234550ec4cdf10048dd26539d629cca7d6bcf (commit) - Log ----------------------------------------------------------------- commit 631f94db0065c78181ca9ba5546ebc8bb3884b97 Author: Bernd Edlinger Date: Sun Sep 1 00:16:28 2019 +0200 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9777) (cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37) ----------------------------------------------------------------------- Summary of changes: CHANGES | 14 ++++++++++++++ crypto/cms/cms_env.c | 18 +++++++++++++++++- crypto/cms/cms_lcl.h | 2 ++ crypto/cms/cms_smime.c | 4 ++++ crypto/pkcs7/pk7_doit.c | 12 ++++++++---- 5 files changed, 45 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index b4400d20cc..b12cf3ae07 100644 --- a/CHANGES +++ b/CHANGES @@ -39,6 +39,20 @@ (CVE-2019-1547) [Billy Bob Brumley] + *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. + An attack is simple, if the first CMS_recipientInfo is valid but the + second CMS_recipientInfo is chosen ciphertext. If the second + recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct + encryption key will be replaced by garbage, and the message cannot be + decoded, but if the RSA decryption fails, the correct encryption key is + used and the recipient will not notice the attack. + As a work around for this potential attack the length of the decrypted + key must be equal to the cipher default key length, in case the + certifiate is not given and all recipientInfo are tried out. + The old behaviour can be re-enabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag. + [Bernd Edlinger] + *) Use Windows installation paths in the mingw builds Mingw isn't a POSIX environment per se, which means that Windows diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index fe5076ec02..269e97f3fa 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -363,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, unsigned char *ek = NULL; size_t eklen; int ret = 0; + size_t fixlen = 0; CMS_EncryptedContentInfo *ec; ec = cms->d.envelopedData->encryptedContentInfo; @@ -371,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, return 0; } + if (cms->d.envelopedData->encryptedContentInfo->havenocert + && !cms->d.envelopedData->encryptedContentInfo->debug) { + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm); + + if (ciph == NULL) { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER); + return 0; + } + + fixlen = EVP_CIPHER_key_length(ciph); + } + ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); if (ktri->pctx == NULL) return 0; @@ -401,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) { + ktri->encryptedKey->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); goto err; } diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index d0c0e81363..671fd801b4 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -129,6 +129,8 @@ struct CMS_EncryptedContentInfo_st { size_t keylen; /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ int debug; + /* Set to 1 if we have no cert and need extra safety measures for MMA */ + int havenocert; }; struct CMS_RecipientInfo_st { diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 5dcf803f4b..3a26108b8c 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -743,6 +743,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, cms->d.envelopedData->encryptedContentInfo->debug = 1; else cms->d.envelopedData->encryptedContentInfo->debug = 0; + if (!cert) + cms->d.envelopedData->encryptedContentInfo->havenocert = 1; + else + cms->d.envelopedData->encryptedContentInfo->havenocert = 0; if (!pk && !cert && !dcont && !out) return 1; if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index e6e80f08d3..ee23a52db8 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -137,7 +137,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, } static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) + PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, + size_t fixlen) { EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; @@ -170,7 +171,9 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, } if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) { + ri->enc_key->data, ri->enc_key->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { ret = 0; PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); goto err; @@ -499,13 +502,14 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ri = sk_PKCS7_RECIP_INFO_value(rsk, i); - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, + EVP_CIPHER_key_length(evp_cipher)) < 0) goto err; ERR_clear_error(); } } else { /* Only exit on fatal errors, not decrypt failure */ - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0) goto err; ERR_clear_error(); } From matt at openssl.org Tue Sep 10 10:48:58 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 10:48:58 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568112538.364567.14589.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f (commit) from 8bf7d77f33263c81b8e293347edc9a6e43f24d0e (commit) - Log ----------------------------------------------------------------- commit e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f Author: Bernd Edlinger Date: Sun Sep 1 00:16:28 2019 +0200 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9777) (cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37) ----------------------------------------------------------------------- Summary of changes: CHANGES | 14 ++++++++++++++ crypto/cms/cms_env.c | 18 +++++++++++++++++- crypto/cms/cms_lcl.h | 2 ++ crypto/cms/cms_smime.c | 4 ++++ crypto/pkcs7/pk7_doit.c | 12 ++++++++---- 5 files changed, 45 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index eff1121106..dbe5c1d043 100644 --- a/CHANGES +++ b/CHANGES @@ -39,6 +39,20 @@ (CVE-2019-1547) [Billy Bob Brumley] + *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. + An attack is simple, if the first CMS_recipientInfo is valid but the + second CMS_recipientInfo is chosen ciphertext. If the second + recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct + encryption key will be replaced by garbage, and the message cannot be + decoded, but if the RSA decryption fails, the correct encryption key is + used and the recipient will not notice the attack. + As a work around for this potential attack the length of the decrypted + key must be equal to the cipher default key length, in case the + certifiate is not given and all recipientInfo are tried out. + The old behaviour can be re-enabled in the CMS code by setting the + CMS_DEBUG_DECRYPT flag. + [Bernd Edlinger] + *) Document issue with installation paths in diverse Windows builds '/usr/local/ssl' is an unsafe prefix for location to install OpenSSL diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 93c06cb00a..77c8f0a483 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -422,6 +422,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, unsigned char *ek = NULL; size_t eklen; int ret = 0; + size_t fixlen = 0; CMS_EncryptedContentInfo *ec; ec = cms->d.envelopedData->encryptedContentInfo; @@ -430,6 +431,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, return 0; } + if (cms->d.envelopedData->encryptedContentInfo->havenocert + && !cms->d.envelopedData->encryptedContentInfo->debug) { + X509_ALGOR *calg = ec->contentEncryptionAlgorithm; + const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm); + + if (ciph == NULL) { + CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER); + return 0; + } + + fixlen = EVP_CIPHER_key_length(ciph); + } + ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); if (!ktri->pctx) return 0; @@ -460,7 +474,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) { + ktri->encryptedKey->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); goto err; } diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 20f2c25f5a..f1f78e6a47 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -172,6 +172,8 @@ struct CMS_EncryptedContentInfo_st { size_t keylen; /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ int debug; + /* Set to 1 if we have no cert and need extra safety measures for MMA */ + int havenocert; }; struct CMS_RecipientInfo_st { diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 07e3472e10..0b3d96ca62 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -737,6 +737,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, cms->d.envelopedData->encryptedContentInfo->debug = 1; else cms->d.envelopedData->encryptedContentInfo->debug = 0; + if (!cert) + cms->d.envelopedData->encryptedContentInfo->havenocert = 1; + else + cms->d.envelopedData->encryptedContentInfo->havenocert = 0; if (!pk && !cert && !dcont && !out) return 1; if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 6a463680d7..63bc88269f 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -191,7 +191,8 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, } static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) + PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, + size_t fixlen) { EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; @@ -224,7 +225,9 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, } if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) { + ri->enc_key->data, ri->enc_key->length) <= 0 + || eklen == 0 + || (fixlen != 0 && eklen != fixlen)) { ret = 0; PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); goto err; @@ -571,13 +574,14 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ri = sk_PKCS7_RECIP_INFO_value(rsk, i); - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, + EVP_CIPHER_key_length(evp_cipher)) < 0) goto err; ERR_clear_error(); } } else { /* Only exit on fatal errors, not decrypt failure */ - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0) goto err; ERR_clear_error(); } From builds at travis-ci.org Tue Sep 10 11:08:31 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 11:08:31 +0000 Subject: Still Failing: openssl/openssl#28118 (master - 5840ed0) In-Reply-To: Message-ID: <5d77842f16b15_43fd6c0e9097c3587b4@29100a95-8a70-42d5-94a5-d5545f5e8487.mail> Build Update for openssl/openssl ------------------------------------- Build: #28118 Status: Still Failing Duration: 19 mins and 37 secs Commit: 5840ed0 (master) Author: Bernd Edlinger Message: Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9777) View the changeset: https://github.com/openssl/openssl/compare/fa3eb248e29c...5840ed0cd1e6 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583107819?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Sep 10 11:08:35 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 11:08:35 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568113715.395369.21912.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a95b0815c7d2dc0e03875fa553bb8309a206ab0a (commit) from 08229ad838c50f644d7e928e2eef147b4308ad64 (commit) - Log ----------------------------------------------------------------- commit a95b0815c7d2dc0e03875fa553bb8309a206ab0a Author: Matt Caswell Date: Tue Sep 10 11:51:59 2019 +0100 Remove duplicate CHANGES entry Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9844) ----------------------------------------------------------------------- Summary of changes: CHANGES | 13 +------------ NEWS | 2 +- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index c1388ad6fd..8c5dbd1de4 100644 --- a/CHANGES +++ b/CHANGES @@ -24,18 +24,6 @@ (CVE-2019-1549) [Matthias St. Pierre] - *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations - where an attacker receives automated notification of the success or failure - of a decryption attempt an attacker, after sending a very large number of - messages to be decrypted, can recover a CMS/PKCS7 transported encryption - key or decrypt any RSA encrypted message that was encrypted with the public - RSA key, using a Bleichenbacher padding oracle attack. Applications are not - affected if they use a certificate together with the private RSA key to the - CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info - to decrypt. - (CVE-2019-1563) - [Bernd Edlinger] - *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ @@ -66,6 +54,7 @@ certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. + (CVE-2019-1563) [Bernd Edlinger] *) Early start up entropy quality from the DEVRANDOM seed source has been diff --git a/NEWS b/NEWS index 22be168091..bd33f9be19 100644 --- a/NEWS +++ b/NEWS @@ -8,7 +8,7 @@ Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [under development] o Fixed a fork protection issue (CVE-2019-1549) - o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt() + o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) o For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters From matt at openssl.org Tue Sep 10 11:09:21 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 11:09:21 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1568113761.015087.4033.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 68dc4faeb395fb66448e310db6279e47dd879d23 (commit) from 631f94db0065c78181ca9ba5546ebc8bb3884b97 (commit) - Log ----------------------------------------------------------------- commit 68dc4faeb395fb66448e310db6279e47dd879d23 Author: Matt Caswell Date: Tue Sep 10 11:55:41 2019 +0100 Remove duplicate CHANGES entry (1.1.0) Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9845) ----------------------------------------------------------------------- Summary of changes: CHANGES | 13 +------------ NEWS | 2 +- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index b12cf3ae07..4f3e51a0b0 100644 --- a/CHANGES +++ b/CHANGES @@ -9,18 +9,6 @@ Changes between 1.1.0k and 1.1.0l [xx XXX xxxx] - *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations - where an attacker receives automated notification of the success or failure - of a decryption attempt an attacker, after sending a very large number of - messages to be decrypted, can recover a CMS/PKCS7 transported encryption - key or decrypt any RSA encrypted message that was encrypted with the public - RSA key, using a Bleichenbacher padding oracle attack. Applications are not - affected if they use a certificate together with the private RSA key to the - CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info - to decrypt. - (CVE-2019-1563) - [Bernd Edlinger] - *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ @@ -51,6 +39,7 @@ certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. + (CVE-2019-1563) [Bernd Edlinger] *) Use Windows installation paths in the mingw builds diff --git a/NEWS b/NEWS index 3d6d5a6f23..6218a9fc1b 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [under development] - o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt() + o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) o For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters From matt at openssl.org Tue Sep 10 11:10:06 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 11:10:06 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568113806.985806.19920.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 26080054209056b899fe677ee8393972a924cde5 (commit) from e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f (commit) - Log ----------------------------------------------------------------- commit 26080054209056b899fe677ee8393972a924cde5 Author: Matt Caswell Date: Tue Sep 10 11:58:18 2019 +0100 Remove duplicate CHANGES entry Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9846) ----------------------------------------------------------------------- Summary of changes: CHANGES | 13 +------------ NEWS | 2 +- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index dbe5c1d043..867106458c 100644 --- a/CHANGES +++ b/CHANGES @@ -9,18 +9,6 @@ Changes between 1.0.2s and 1.0.2t [xx XXX xxxx] - *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations - where an attacker receives automated notification of the success or failure - of a decryption attempt an attacker, after sending a very large number of - messages to be decrypted, can recover a CMS/PKCS7 transported encryption - key or decrypt any RSA encrypted message that was encrypted with the public - RSA key, using a Bleichenbacher padding oracle attack. Applications are not - affected if they use a certificate together with the private RSA key to the - CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info - to decrypt. - (CVE-2019-1563) - [Bernd Edlinger] - *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key or calling `EC_GROUP_new_from_ecpkparameters()`/ @@ -51,6 +39,7 @@ certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. + (CVE-2019-1563) [Bernd Edlinger] *) Document issue with installation paths in diverse Windows builds diff --git a/NEWS b/NEWS index c8159993e9..0d219d207c 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2t [under development] - o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt() + o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) o For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters From builds at travis-ci.org Tue Sep 10 11:20:31 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 11:20:31 +0000 Subject: Still Failing: openssl/openssl#28119 (OpenSSL_1_1_1-stable - 08229ad) In-Reply-To: Message-ID: <5d7786fe6f7ff_43f97d042f764257851@de67c5be-d756-482a-bafc-2e6d5001223e.mail> Build Update for openssl/openssl ------------------------------------- Build: #28119 Status: Still Failing Duration: 24 mins and 39 secs Commit: 08229ad (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9777) (cherry picked from commit 5840ed0cd1e6487d247efbc1a04136a41d7b3a37) View the changeset: https://github.com/openssl/openssl/compare/7ff84d880362...08229ad838c5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583107846?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Sep 10 11:40:43 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 11:40:43 +0000 Subject: Still Failing: openssl/openssl#28125 (OpenSSL_1_1_1-stable - a95b081) In-Reply-To: Message-ID: <5d778bbae16bd_43f996dd55a0c3789d4@b2143f78-9b2c-4cb1-9979-c0d17774c4ad.mail> Build Update for openssl/openssl ------------------------------------- Build: #28125 Status: Still Failing Duration: 16 mins and 4 secs Commit: a95b081 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Remove duplicate CHANGES entry Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9844) View the changeset: https://github.com/openssl/openssl/compare/08229ad838c5...a95b0815c7d2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583114809?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 10 12:24:23 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 10 Sep 2019 12:24:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-scrypt Message-ID: <1568118263.106586.9638.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-scrypt Commit log since last time: 1d3cd983f5 [test] ECC: check the bounds for auto computing cofactor d3a1128bc2 Fix build with VS2008 20bf3d8b22 Use simple names in core_names.h 864b89ce49 Move EVP_PKEY algorithm implementations into a union 9c45222ddc Revise EVP_PKEY param handling 21fb706722 Enable DH "keys" which only contain domain parameters 4f62f5d9af Add docs for the provider interface for signature operations 11031468c3 Add public API docs for newly added EVP_SIGNATURE related functions 390acbebfa Add support for verify/verify_recover functions to EVP_SIGNATURE 4889dadcb8 Implement DSA in the default provider dfcb5d29b5 Add the ability to perform signatures in a provider 2b95e8efcf DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. fa01370f7d Use BN_clear_free in DH_set0_key feeb7ecd2f Check the DH modulus bit length bfed4fc836 Uniform TEST_*() check usage in test/ectest.c 65936a5646 Fix spacing nit in test/ectest.c 3f37050e33 Fix typos in the OSSL_METHOD_STORE doc bacaa618c2 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters bd9faf117d Do no mention private headers in public headers Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 6 Non-zero exit status: 1 Files=176, Tests=1662, 293 wallclock secs ( 3.21 usr 0.48 sys + 277.02 cusr 25.78 csys = 306.49 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-scrypt' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Tue Sep 10 13:03:25 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 13:03:25 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568120605.073199.30757.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 1cb7eff45b4a213f216c779c291d8622f9a84170 (commit) from a95b0815c7d2dc0e03875fa553bb8309a206ab0a (commit) - Log ----------------------------------------------------------------- commit 1cb7eff45b4a213f216c779c291d8622f9a84170 Author: Matt Caswell Date: Tue Sep 10 13:56:40 2019 +0100 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9847) ----------------------------------------------------------------------- Summary of changes: apps/apps.h | 2 +- apps/ca.c | 2 +- apps/dgst.c | 2 +- apps/openssl.c | 2 +- apps/req.c | 2 +- apps/s_apps.h | 2 +- apps/storeutl.c | 2 +- crypto/aes/asm/aes-s390x.pl | 2 +- crypto/asn1/a_time.c | 2 +- crypto/asn1/a_type.c | 2 +- crypto/asn1/x_bignum.c | 2 +- crypto/bio/bss_dgram.c | 2 +- crypto/bn/bn_div.c | 2 +- crypto/bn/bn_lcl.h | 2 +- crypto/bn/bn_rand.c | 2 +- crypto/bn/bn_sqrt.c | 2 +- crypto/cms/cms_att.c | 2 +- crypto/cms/cms_env.c | 2 +- crypto/cms/cms_lcl.h | 2 +- crypto/cms/cms_sd.c | 2 +- crypto/cms/cms_smime.c | 2 +- crypto/ctype.c | 2 +- crypto/dh/dh_lib.c | 2 +- crypto/dsa/dsa_ameth.c | 2 +- crypto/dsa/dsa_err.c | 2 +- crypto/dso/dso_dlfcn.c | 2 +- crypto/ec/asm/ecp_nistz256-sparcv9.pl | 2 +- crypto/ec/asm/x25519-ppc64.pl | 2 +- crypto/ec/ec_asn1.c | 2 +- crypto/ec/ec_curve.c | 2 +- crypto/ec/ecdsa_ossl.c | 2 +- crypto/ec/ecp_nistputil.c | 2 +- crypto/engine/eng_openssl.c | 2 +- crypto/evp/bio_ok.c | 2 +- crypto/evp/e_rc5.c | 2 +- crypto/evp/evp_lib.c | 2 +- crypto/evp/m_sha3.c | 2 +- crypto/include/internal/ctype.h | 2 +- crypto/include/internal/rand_int.h | 2 +- crypto/lhash/lhash.c | 2 +- crypto/pem/pvkfmt.c | 2 +- crypto/pkcs7/pk7_doit.c | 2 +- crypto/rand/rand_lcl.h | 2 +- crypto/rsa/rsa_err.c | 2 +- crypto/rsa/rsa_lib.c | 2 +- crypto/s390xcap.c | 2 +- crypto/sha/asm/keccak1600-armv4.pl | 2 +- crypto/sha/asm/sha512-sparcv9.pl | 2 +- crypto/sm2/sm2_sign.c | 2 +- crypto/store/loader_file.c | 2 +- crypto/store/store_lib.c | 2 +- crypto/threads_none.c | 2 +- crypto/threads_pthread.c | 2 +- crypto/ui/ui_lib.c | 2 +- crypto/whrlpool/wp_block.c | 2 +- crypto/x509/by_dir.c | 2 +- crypto/x509/t_req.c | 2 +- crypto/x509/x509_att.c | 2 +- crypto/x509/x509_cmp.c | 2 +- crypto/x509/x509_err.c | 2 +- crypto/x509/x509_vfy.c | 2 +- crypto/x509v3/v3_alt.c | 2 +- crypto/x509v3/v3_purp.c | 2 +- demos/evp/aesgcm.c | 2 +- doc/man1/engine.pod | 2 +- doc/man1/errstr.pod | 2 +- doc/man1/pkeyparam.pod | 2 +- doc/man3/ADMISSIONS.pod | 2 +- doc/man3/ASYNC_start_job.pod | 2 +- doc/man3/BIO_f_ssl.pod | 2 +- doc/man3/BIO_find_type.pod | 2 +- doc/man3/BIO_new.pod | 2 +- doc/man3/BIO_s_accept.pod | 2 +- doc/man3/BIO_s_bio.pod | 2 +- doc/man3/BIO_s_connect.pod | 2 +- doc/man3/BIO_s_fd.pod | 2 +- doc/man3/BIO_set_callback.pod | 2 +- doc/man3/BN_generate_prime.pod | 2 +- doc/man3/BN_mod_mul_montgomery.pod | 2 +- doc/man3/CMS_final.pod | 2 +- doc/man3/CRYPTO_THREAD_run_once.pod | 2 +- doc/man3/DSA_generate_key.pod | 2 +- doc/man3/DSA_sign.pod | 2 +- doc/man3/EVP_DigestInit.pod | 2 +- doc/man3/EVP_DigestSignInit.pod | 2 +- doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod | 2 +- doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod | 2 +- doc/man3/EVP_PKEY_decrypt.pod | 2 +- doc/man3/EVP_PKEY_derive.pod | 2 +- doc/man3/EVP_PKEY_encrypt.pod | 2 +- doc/man3/EVP_PKEY_sign.pod | 2 +- doc/man3/EVP_PKEY_verify.pod | 2 +- doc/man3/EVP_PKEY_verify_recover.pod | 2 +- doc/man3/EVP_SealInit.pod | 2 +- doc/man3/EVP_SignInit.pod | 2 +- doc/man3/EVP_VerifyInit.pod | 2 +- doc/man3/EVP_md5.pod | 2 +- doc/man3/EVP_rc5_32_12_16_cbc.pod | 2 +- doc/man3/OCSP_REQUEST_new.pod | 2 +- doc/man3/OPENSSL_fork_prepare.pod | 2 +- doc/man3/OSSL_STORE_LOADER.pod | 2 +- doc/man3/OSSL_STORE_expect.pod | 2 +- doc/man3/PKCS12_newpass.pod | 2 +- doc/man3/RAND_set_rand_method.pod | 2 +- doc/man3/RSA_blinding_on.pod | 2 +- doc/man3/RSA_generate_key.pod | 2 +- doc/man3/RSA_sign_ASN1_OCTET_STRING.pod | 2 +- doc/man3/SSL_CTX_config.pod | 2 +- doc/man3/SSL_CTX_dane_enable.pod | 2 +- doc/man3/SSL_CTX_get0_param.pod | 2 +- doc/man3/SSL_CTX_set_cipher_list.pod | 2 +- doc/man3/SSL_CTX_set_session_id_context.pod | 2 +- doc/man3/SSL_CTX_set_verify.pod | 2 +- doc/man3/SSL_SESSION_get0_hostname.pod | 2 +- doc/man3/SSL_library_init.pod | 2 +- doc/man3/SSL_set1_host.pod | 2 +- doc/man3/X509_STORE_CTX_get_error.pod | 2 +- doc/man3/X509_STORE_CTX_set_verify_cb.pod | 2 +- doc/man3/X509_STORE_new.pod | 2 +- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 +- doc/man3/X509_get_extension_flags.pod | 2 +- doc/man5/x509v3_config.pod | 2 +- doc/man7/Ed25519.pod | 2 +- doc/man7/RAND.pod | 2 +- doc/man7/SM2.pod | 2 +- doc/man7/X25519.pod | 2 +- doc/man7/bio.pod | 2 +- doc/man7/scrypt.pod | 2 +- engines/e_afalg.c | 2 +- include/internal/constant_time_locl.h | 2 +- include/openssl/bio.h | 2 +- include/openssl/cms.h | 2 +- include/openssl/ec.h | 2 +- include/openssl/store.h | 2 +- include/openssl/tls1.h | 2 +- ssl/d1_msg.c | 2 +- ssl/s3_lib.c | 2 +- ssl/ssl_cert.c | 2 +- ssl/ssl_sess.c | 2 +- ssl/t1_lib.c | 2 +- test/asn1_time_test.c | 2 +- test/certs/mkcert.sh | 2 +- test/conf_include_test.c | 2 +- test/dhtest.c | 2 +- test/enginetest.c | 2 +- test/recipes/70-test_sslmessages.t | 2 +- test/recipes/70-test_tls13kexmodes.t | 2 +- test/recipes/70-test_tls13messages.t | 2 +- test/recipes/90-test_sslapi.t | 2 +- test/testutil.h | 2 +- test/testutil/driver.c | 2 +- util/mkdef.pl | 2 +- util/mkerr.pl | 2 +- util/perl/OpenSSL/Test.pm | 2 +- util/perl/TLSProxy/CertificateRequest.pm | 2 +- util/perl/checkhandshake.pm | 2 +- 156 files changed, 156 insertions(+), 156 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index 87a5962e01..4a3e1a8857 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/ca.c b/apps/ca.c index be7e21a6f2..a4a77126f2 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/dgst.c b/apps/dgst.c index 6e86fa410a..d6f5a0e2e7 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/openssl.c b/apps/openssl.c index 044e7680de..9648f35b02 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/req.c b/apps/req.c index 6dd119be7a..f9d6fba109 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/s_apps.h b/apps/s_apps.h index 810f3ed351..f94e659e71 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/storeutl.c b/apps/storeutl.c index 7dbf9dec93..644fe28499 100644 --- a/apps/storeutl.c +++ b/apps/storeutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 933a447b5c..815fde8fcd 100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 0980d7cae8..c36dd95001 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 84e78df0f1..732328e050 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index c1e3e523a0..6c93ea7510 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 26441c9ddf..551821609f 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 44948c99b2..7fc0132830 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 6ec39ed41e..7f823a6178 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 214768311a..051f29e343 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index ac8c4b979f..c3e66b033b 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c index 588db4dd25..0566019753 100644 --- a/crypto/cms/cms_att.c +++ b/crypto/cms/cms_att.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 25df1c40b1..26fb81f79a 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 8eddb02493..68aa01271b 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 1cb6757289..3841513f8b 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 3a26108b8c..10815639f8 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ctype.c b/crypto/ctype.c index 61ea6f6a69..e05f84cd40 100644 --- a/crypto/ctype.c +++ b/crypto/ctype.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 8d13b3c262..e7e7ef08e9 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index c82e3bdd05..49aa1ae23b 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index a7176af8ac..8dcf0548ac 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index e2b87e8075..ba3b55fcbf 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl index 016025e813..4383bea4a7 100755 --- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/asm/x25519-ppc64.pl b/crypto/ec/asm/x25519-ppc64.pl index bd9bf8ab11..6e8b36420f 100755 --- a/crypto/ec/asm/x25519-ppc64.pl +++ b/crypto/ec/asm/x25519-ppc64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 8d8dc95e45..1ce1181fc1 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 07acf2652c..477349d441 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 554420449f..c35ed2dcd0 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c index 8bd39508f8..f89a2f0aac 100644 --- a/crypto/ec/ecp_nistputil.c +++ b/crypto/ec/ecp_nistputil.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 0ec56ed4af..d9b3067a13 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 54d83bdcc2..300db6cd32 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index 79b36475ca..dc5589b688 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 67f942f85c..4935c2a94a 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c index b6bbf58211..01cf57d313 100644 --- a/crypto/evp/m_sha3.c +++ b/crypto/evp/m_sha3.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/include/internal/ctype.h b/crypto/include/internal/ctype.h index 80f1f8c7fd..9f3a58339c 100644 --- a/crypto/include/internal/ctype.h +++ b/crypto/include/internal/ctype.h @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index a4947bc465..10347ab0e3 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index ed66f5af5c..485d4c3fff 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 609e3ad9ca..2bbee4a306 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 15a6160cfe..f63fbc50ea 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index 1c2b266330..306c59f6ef 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 228e071216..0687c1e626 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 2e9effeefa..e737a28898 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index a40efe0e90..5d58b2d807 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/asm/keccak1600-armv4.pl b/crypto/sha/asm/keccak1600-armv4.pl index 38fadced04..cb8ccc90f5 100755 --- a/crypto/sha/asm/keccak1600-armv4.pl +++ b/crypto/sha/asm/keccak1600-armv4.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl index b4f92002f1..c215909633 100644 --- a/crypto/sha/asm/sha512-sparcv9.pl +++ b/crypto/sha/asm/sha512-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index de33607761..50ecb4d68c 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 41e25457e5..6f569ee62d 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 06bc7f7afd..7de2e31f55 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/threads_none.c b/crypto/threads_none.c index 7348af02c1..aabf0e0dc0 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 7e8603de66..1774a2b2ac 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 8dce57872c..f550972d3e 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index f4f994bc47..2ae5c38aba 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index a601433dac..b691a83a0d 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index f315447ce1..dc3b4f262d 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 65daa492a1..3c4566d2e7 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index c65222df69..833bfce1bf 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 7ef97148c2..c110d90809 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index fcd588279a..6be2c71e86 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index c357721bd6..dfcb9094f4 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 67dece68c3..2f06289d19 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c index 4c10632984..3cef27f991 100644 --- a/demos/evp/aesgcm.c +++ b/demos/evp/aesgcm.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/engine.pod b/doc/man1/engine.pod index 42d9fdc4f1..d49f04292b 100644 --- a/doc/man1/engine.pod +++ b/doc/man1/engine.pod @@ -109,7 +109,7 @@ L =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/errstr.pod b/doc/man1/errstr.pod index 9f46777a3e..94198c123e 100644 --- a/doc/man1/errstr.pod +++ b/doc/man1/errstr.pod @@ -36,7 +36,7 @@ to produce the error message: =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/pkeyparam.pod b/doc/man1/pkeyparam.pod index 0a66184ddf..bddabc2707 100644 --- a/doc/man1/pkeyparam.pod +++ b/doc/man1/pkeyparam.pod @@ -78,7 +78,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ADMISSIONS.pod b/doc/man3/ADMISSIONS.pod index a1d4a3b5d1..eaf63b2197 100644 --- a/doc/man3/ADMISSIONS.pod +++ b/doc/man3/ADMISSIONS.pod @@ -169,7 +169,7 @@ L, =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASYNC_start_job.pod b/doc/man3/ASYNC_start_job.pod index 7c2595926e..b06db76708 100644 --- a/doc/man3/ASYNC_start_job.pod +++ b/doc/man3/ASYNC_start_job.pod @@ -321,7 +321,7 @@ added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod index 596b7231d8..59cccbd4e5 100644 --- a/doc/man3/BIO_f_ssl.pod +++ b/doc/man3/BIO_f_ssl.pod @@ -298,7 +298,7 @@ be modified to handle this fix or they may free up an already freed BIO. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_find_type.pod b/doc/man3/BIO_find_type.pod index 8288bce5b4..b18b615a33 100644 --- a/doc/man3/BIO_find_type.pod +++ b/doc/man3/BIO_find_type.pod @@ -60,7 +60,7 @@ Traverse a chain looking for digest BIOs: =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_new.pod b/doc/man3/BIO_new.pod index 37022c5d8e..c33eb9d02e 100644 --- a/doc/man3/BIO_new.pod +++ b/doc/man3/BIO_new.pod @@ -61,7 +61,7 @@ Create a memory BIO: =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_accept.pod b/doc/man3/BIO_s_accept.pod index 65400b0e6c..37b6f4d839 100644 --- a/doc/man3/BIO_s_accept.pod +++ b/doc/man3/BIO_s_accept.pod @@ -224,7 +224,7 @@ down each and finally closes both down. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_bio.pod b/doc/man3/BIO_s_bio.pod index d0dc666030..f78fe13489 100644 --- a/doc/man3/BIO_s_bio.pod +++ b/doc/man3/BIO_s_bio.pod @@ -191,7 +191,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod index 6b920f8f49..4f145297c5 100644 --- a/doc/man3/BIO_s_connect.pod +++ b/doc/man3/BIO_s_connect.pod @@ -203,7 +203,7 @@ Use BIO_set_conn_address() and BIO_get_conn_address() instead. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_fd.pod b/doc/man3/BIO_s_fd.pod index cdfe19f265..6291373cf3 100644 --- a/doc/man3/BIO_s_fd.pod +++ b/doc/man3/BIO_s_fd.pod @@ -88,7 +88,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_set_callback.pod b/doc/man3/BIO_set_callback.pod index 7f06e48d40..291456baa4 100644 --- a/doc/man3/BIO_set_callback.pod +++ b/doc/man3/BIO_set_callback.pod @@ -230,7 +230,7 @@ in crypto/bio/bio_cb.c =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index fbccd5170b..31fbc1ffa1 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -206,7 +206,7 @@ and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_mod_mul_montgomery.pod b/doc/man3/BN_mod_mul_montgomery.pod index 20c5975394..7f47e94c2b 100644 --- a/doc/man3/BN_mod_mul_montgomery.pod +++ b/doc/man3/BN_mod_mul_montgomery.pod @@ -80,7 +80,7 @@ BN_MONT_CTX_init() was removed in OpenSSL 1.1.0 =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_final.pod b/doc/man3/CMS_final.pod index e40ee5bdee..15fd15a68c 100644 --- a/doc/man3/CMS_final.pod +++ b/doc/man3/CMS_final.pod @@ -36,7 +36,7 @@ L =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod index 76d4be45be..b919e2e478 100644 --- a/doc/man3/CRYPTO_THREAD_run_once.pod +++ b/doc/man3/CRYPTO_THREAD_run_once.pod @@ -161,7 +161,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_generate_key.pod b/doc/man3/DSA_generate_key.pod index 8701b95015..bb1bb36690 100644 --- a/doc/man3/DSA_generate_key.pod +++ b/doc/man3/DSA_generate_key.pod @@ -31,7 +31,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_sign.pod b/doc/man3/DSA_sign.pod index 82d8ce9403..0d76b8c3f9 100644 --- a/doc/man3/DSA_sign.pod +++ b/doc/man3/DSA_sign.pod @@ -61,7 +61,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index f346d494bd..3e3e342297 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -381,7 +381,7 @@ The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 096e1823fc..0bbc3d0ff8 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -158,7 +158,7 @@ were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod index 45669e6a19..974bbed9b9 100644 --- a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod @@ -156,7 +156,7 @@ L =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod b/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod index 59592c80cc..9a8d7a8875 100644 --- a/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod +++ b/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod @@ -99,7 +99,7 @@ L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod index 879cff65ce..08d0ec32bd 100644 --- a/doc/man3/EVP_PKEY_decrypt.pod +++ b/doc/man3/EVP_PKEY_decrypt.pod @@ -95,7 +95,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod index 65bff3e20a..76b3c3986b 100644 --- a/doc/man3/EVP_PKEY_derive.pod +++ b/doc/man3/EVP_PKEY_derive.pod @@ -93,7 +93,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_encrypt.pod b/doc/man3/EVP_PKEY_encrypt.pod index 29b8cdb5e1..2a3bf2a097 100644 --- a/doc/man3/EVP_PKEY_encrypt.pod +++ b/doc/man3/EVP_PKEY_encrypt.pod @@ -100,7 +100,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod index 7d84d3de76..175aeed584 100644 --- a/doc/man3/EVP_PKEY_sign.pod +++ b/doc/man3/EVP_PKEY_sign.pod @@ -105,7 +105,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod index 95eb742cdb..616fd5577f 100644 --- a/doc/man3/EVP_PKEY_verify.pod +++ b/doc/man3/EVP_PKEY_verify.pod @@ -93,7 +93,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod index 9b12e3ea4b..a3a7818d79 100644 --- a/doc/man3/EVP_PKEY_verify_recover.pod +++ b/doc/man3/EVP_PKEY_verify_recover.pod @@ -104,7 +104,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod index b3333f9ddf..2c2c89a71b 100644 --- a/doc/man3/EVP_SealInit.pod +++ b/doc/man3/EVP_SealInit.pod @@ -82,7 +82,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index 2eadcb2d2e..c26b7f7d5d 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -103,7 +103,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod index 3f36e00f89..647c99bceb 100644 --- a/doc/man3/EVP_VerifyInit.pod +++ b/doc/man3/EVP_VerifyInit.pod @@ -85,7 +85,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_md5.pod b/doc/man3/EVP_md5.pod index f042b412f2..ed0f99c99d 100644 --- a/doc/man3/EVP_md5.pod +++ b/doc/man3/EVP_md5.pod @@ -54,7 +54,7 @@ L =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_rc5_32_12_16_cbc.pod b/doc/man3/EVP_rc5_32_12_16_cbc.pod index 6e411b067c..9eb8bd9dc3 100644 --- a/doc/man3/EVP_rc5_32_12_16_cbc.pod +++ b/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -71,7 +71,7 @@ L =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_REQUEST_new.pod b/doc/man3/OCSP_REQUEST_new.pod index ee9b21bfee..283c226bc4 100644 --- a/doc/man3/OCSP_REQUEST_new.pod +++ b/doc/man3/OCSP_REQUEST_new.pod @@ -108,7 +108,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_fork_prepare.pod b/doc/man3/OPENSSL_fork_prepare.pod index 8fdcefb498..a47a07a390 100644 --- a/doc/man3/OPENSSL_fork_prepare.pod +++ b/doc/man3/OPENSSL_fork_prepare.pod @@ -53,7 +53,7 @@ These functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index c886142eed..b0c15b01c3 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -254,7 +254,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod index 0b336a3d5a..ff3fb2a69d 100644 --- a/doc/man3/OSSL_STORE_expect.pod +++ b/doc/man3/OSSL_STORE_expect.pod @@ -69,7 +69,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_newpass.pod b/doc/man3/PKCS12_newpass.pod index 335fb04fcd..5fc041bfbd 100644 --- a/doc/man3/PKCS12_newpass.pod +++ b/doc/man3/PKCS12_newpass.pod @@ -107,7 +107,7 @@ L =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod index ab06c57d10..83a6cac17a 100644 --- a/doc/man3/RAND_set_rand_method.pod +++ b/doc/man3/RAND_set_rand_method.pod @@ -60,7 +60,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_blinding_on.pod b/doc/man3/RSA_blinding_on.pod index 7e016adca9..5db127f16e 100644 --- a/doc/man3/RSA_blinding_on.pod +++ b/doc/man3/RSA_blinding_on.pod @@ -33,7 +33,7 @@ RSA_blinding_off() returns no value. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod index fcac08e090..491ba41e50 100644 --- a/doc/man3/RSA_generate_key.pod +++ b/doc/man3/RSA_generate_key.pod @@ -100,7 +100,7 @@ RSA_generate_key_ex() instead. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod index 9f40291b31..6e8a53b53e 100644 --- a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod +++ b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod @@ -57,7 +57,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_config.pod b/doc/man3/SSL_CTX_config.pod index 398a0d5139..76c4d3238c 100644 --- a/doc/man3/SSL_CTX_config.pod +++ b/doc/man3/SSL_CTX_config.pod @@ -81,7 +81,7 @@ The SSL_CTX_config() and SSL_config() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod index 73572971a9..7168bd64fd 100644 --- a/doc/man3/SSL_CTX_dane_enable.pod +++ b/doc/man3/SSL_CTX_dane_enable.pod @@ -372,7 +372,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_get0_param.pod b/doc/man3/SSL_CTX_get0_param.pod index 37dc130f05..55cddfded6 100644 --- a/doc/man3/SSL_CTX_get0_param.pod +++ b/doc/man3/SSL_CTX_get0_param.pod @@ -54,7 +54,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod index 78dd428b5d..66ade10283 100644 --- a/doc/man3/SSL_CTX_set_cipher_list.pod +++ b/doc/man3/SSL_CTX_set_cipher_list.pod @@ -102,7 +102,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_session_id_context.pod b/doc/man3/SSL_CTX_set_session_id_context.pod index 9270b101cb..4036d3c7b3 100644 --- a/doc/man3/SSL_CTX_set_session_id_context.pod +++ b/doc/man3/SSL_CTX_set_session_id_context.pod @@ -82,7 +82,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod index 2e5ee7915a..1e759c3de0 100644 --- a/doc/man3/SSL_CTX_set_verify.pod +++ b/doc/man3/SSL_CTX_set_verify.pod @@ -348,7 +348,7 @@ and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index c4d285371e..475f700a88 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -64,7 +64,7 @@ SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_library_init.pod b/doc/man3/SSL_library_init.pod index d0c11724ba..e486fae89d 100644 --- a/doc/man3/SSL_library_init.pod +++ b/doc/man3/SSL_library_init.pod @@ -47,7 +47,7 @@ deprecated in OpenSSL 1.1.0 by OPENSSL_init_ssl(). =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod index d1e540851e..4ae9f6e7f3 100644 --- a/doc/man3/SSL_set1_host.pod +++ b/doc/man3/SSL_set1_host.pod @@ -108,7 +108,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index c88279bb19..bdbf86ae96 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -328,7 +328,7 @@ L. =head1 COPYRIGHT -Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 8fe4655325..7cd661f215 100644 --- a/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -202,7 +202,7 @@ and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_new.pod b/doc/man3/X509_STORE_new.pod index 2b6ac189cd..a28c8a20a8 100644 --- a/doc/man3/X509_STORE_new.pod +++ b/doc/man3/X509_STORE_new.pod @@ -48,7 +48,7 @@ functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 2b20dae6f6..7593dea7da 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -376,7 +376,7 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. =head1 COPYRIGHT -Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod index 80e526c3c7..2dfe2ef372 100644 --- a/doc/man3/X509_get_extension_flags.pod +++ b/doc/man3/X509_get_extension_flags.pod @@ -183,7 +183,7 @@ X509_get_proxy_pathlen() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index 06d0aea974..803b12b3ed 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -534,7 +534,7 @@ L =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/Ed25519.pod b/doc/man7/Ed25519.pod index fd04dbb2d1..6442e0ea43 100644 --- a/doc/man7/Ed25519.pod +++ b/doc/man7/Ed25519.pod @@ -77,7 +77,7 @@ L, =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod index bc6db303c2..7ce44ad9b6 100644 --- a/doc/man7/RAND.pod +++ b/doc/man7/RAND.pod @@ -77,7 +77,7 @@ L =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/SM2.pod b/doc/man7/SM2.pod index 0cd6ad0aa2..c8fceffa1c 100644 --- a/doc/man7/SM2.pod +++ b/doc/man7/SM2.pod @@ -69,7 +69,7 @@ L =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/X25519.pod b/doc/man7/X25519.pod index cdb56599d1..4851f8a1d9 100644 --- a/doc/man7/X25519.pod +++ b/doc/man7/X25519.pod @@ -64,7 +64,7 @@ L =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/bio.pod b/doc/man7/bio.pod index 98f2caa4e7..23b231b44e 100644 --- a/doc/man7/bio.pod +++ b/doc/man7/bio.pod @@ -76,7 +76,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/scrypt.pod b/doc/man7/scrypt.pod index 89a816e625..a005133747 100644 --- a/doc/man7/scrypt.pod +++ b/doc/man7/scrypt.pod @@ -105,7 +105,7 @@ L =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_afalg.c b/engines/e_afalg.c index ae9fee807a..7f62d77e5b 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h index ac0c62bf4c..0193a653d4 100644 --- a/include/internal/constant_time_locl.h +++ b/include/internal/constant_time_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/bio.h b/include/openssl/bio.h index d67117a147..e1fddfb796 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/cms.h b/include/openssl/cms.h index 72d45d8c2c..c7627968c7 100644 --- a/include/openssl/cms.h +++ b/include/openssl/cms.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 9d1d152b25..5af9ebdc7f 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/include/openssl/store.h b/include/openssl/store.h index cda8c97916..a40a7339e6 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 8a6b6ee443..76d9fda46e 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c index aecd321b36..6365b365e7 100644 --- a/ssl/d1_msg.c +++ b/ssl/d1_msg.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 55c0192d29..066bf47221 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 4805c6ae55..9df9fb9677 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index c880ab4e4b..52cfa7ef6d 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 52d58ddd4f..b482019c4c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c index a9a898a246..b43763d050 100644 --- a/test/asn1_time_test.c +++ b/test/asn1_time_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index 4b258e104e..ebb71c1778 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -1,6 +1,6 @@ #! /bin/bash # -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2016 Viktor Dukhovni . # All rights reserved. # diff --git a/test/conf_include_test.c b/test/conf_include_test.c index 74c571d2f5..ff0319a1c7 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/dhtest.c b/test/dhtest.c index d264bbba1b..9d5609b943 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/enginetest.c b/test/enginetest.c index a837b09c6c..c3dc5bb7ff 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index 5ee99feab8..212791fc05 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index e5fcf8e271..98989b4703 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 435fef57c6..171a12fa12 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 4dd70bf18d..adbcb4fe68 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/testutil.h b/test/testutil.h index 0e9e3d5c9e..2a610d7bff 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 89a3a0ba43..670f5b80ce 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/util/mkdef.pl b/util/mkdef.pl index 07974b56b5..3ac79821b0 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/mkerr.pl b/util/mkerr.pl index 948391e856..df085fb3db 100755 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index 4eaea099d6..49fb88feb7 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/TLSProxy/CertificateRequest.pm b/util/perl/TLSProxy/CertificateRequest.pm index 193bea168a..bc4105335d 100644 --- a/util/perl/TLSProxy/CertificateRequest.pm +++ b/util/perl/TLSProxy/CertificateRequest.pm @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/util/perl/checkhandshake.pm b/util/perl/checkhandshake.pm index 07bf6608b3..04441b5615 100644 --- a/util/perl/checkhandshake.pm +++ b/util/perl/checkhandshake.pm @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy From matt at openssl.org Tue Sep 10 13:03:52 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 13:03:52 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1568120632.030920.32236.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via f4764841dc100c7584c62c46b32ad11b7aa937c7 (commit) from 68dc4faeb395fb66448e310db6279e47dd879d23 (commit) - Log ----------------------------------------------------------------- commit f4764841dc100c7584c62c46b32ad11b7aa937c7 Author: Matt Caswell Date: Tue Sep 10 13:59:11 2019 +0100 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9848) ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- README | 2 +- apps/req.c | 2 +- crypto/asn1/x_bignum.c | 2 +- crypto/bn/bn_rand.c | 2 +- crypto/cms/cms_env.c | 2 +- crypto/cms/cms_lcl.h | 2 +- crypto/cms/cms_smime.c | 2 +- crypto/dh/dh_lib.c | 2 +- crypto/ec/ec_asn1.c | 2 +- crypto/ec/ec_curve.c | 2 +- crypto/ec/ec_lib.c | 2 +- crypto/pem/pvkfmt.c | 2 +- crypto/pkcs7/pk7_doit.c | 2 +- crypto/rsa/rsa_lib.c | 2 +- crypto/x509/by_dir.c | 2 +- crypto/x509/t_req.c | 2 +- crypto/x509/x509_cmp.c | 2 +- include/internal/constant_time_locl.h | 2 +- include/openssl/opensslv.h | 2 +- include/openssl/x509.h | 2 +- test/recipes/30-test_evp_data/evppkey.txt | 2 +- 22 files changed, 22 insertions(+), 22 deletions(-) diff --git a/Configure b/Configure index cf5a8bec59..56e98f0b79 100755 --- a/Configure +++ b/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/README b/README index b3dc2c313e..f23492a120 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ OpenSSL 1.1.0l-dev - Copyright (c) 1998-2018 The OpenSSL Project + Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/apps/req.c b/apps/req.c index 863c2873a7..442d398701 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index c1e3e523a0..6c93ea7510 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index bff1d249af..6b469aefb9 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 269e97f3fa..6404f41c58 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 671fd801b4..9c4f136956 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 3a26108b8c..10815639f8 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index cac831da0b..ceadd13ce4 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 9ea7ff193a..b00bef1df5 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 6559e28a6f..2d28d7f70b 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index eaf44ccef9..7c53cd9e97 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 22e56d953d..f548c9a844 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index ee23a52db8..1ceb9c1355 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 4a1250127c..8ea918c156 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index c3ab3621d1..b73dace115 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 3207dfaccc..815f0056a2 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 4e74a74a51..bf1ad2d464 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h index b702675db8..d458631a74 100644 --- a/include/internal/constant_time_locl.h +++ b/include/internal/constant_time_locl.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 94cb908872..73f1ee3c97 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 75b39d17da..916afaf73b 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index 061ecb22ed..f767695ca4 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy From matt at openssl.org Tue Sep 10 13:04:19 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 13:04:19 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568120659.310007.28641.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 32ef0494231971bb5be4ea9e5ad680a8d373a1d2 (commit) from 26080054209056b899fe677ee8393972a924cde5 (commit) - Log ----------------------------------------------------------------- commit 32ef0494231971bb5be4ea9e5ad680a8d373a1d2 Author: Matt Caswell Date: Tue Sep 10 14:01:06 2019 +0100 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9849) ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_env.c | 2 +- crypto/cms/cms_lcl.h | 2 +- crypto/cms/cms_smime.c | 2 +- crypto/constant_time_locl.h | 2 +- crypto/ec/ec.h | 2 +- crypto/ec/ec_asn1.c | 2 +- crypto/ec/ec_curve.c | 2 +- crypto/ec/ec_lcl.h | 2 +- crypto/pem/pvkfmt.c | 2 +- crypto/rsa/rsa_chk.c | 2 +- crypto/x509v3/v3_alt.c | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 77c8f0a483..e46348fd4f 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index f1f78e6a47..9ec13f5a4a 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 0b3d96ca62..f2d81bd2dc 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/constant_time_locl.h b/crypto/constant_time_locl.h index 94e20bcfc8..f322e7823a 100644 --- a/crypto/constant_time_locl.h +++ b/crypto/constant_time_locl.h @@ -6,7 +6,7 @@ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley * (Google). * ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 2014-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index b62613da55..012703666e 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -7,7 +7,7 @@ * \author Originally written by Bodo Moeller for the OpenSSL project */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index a9b90787c5..865130f67e 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 9d4c71637b..a6c5083286 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 76deef170d..14afa3c169 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index ff5674a99f..9ea21e3c74 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -3,7 +3,7 @@ * 2005. */ /* ==================================================================== - * Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved. + * Copyright (c) 2005-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 3ea4e02974..fb62c35c88 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -1,6 +1,6 @@ /* crypto/rsa/rsa_chk.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index bba2e41380..a594b07292 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2019 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From builds at travis-ci.org Tue Sep 10 13:26:07 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 13:26:07 +0000 Subject: Still Failing: openssl/openssl#28131 (OpenSSL_1_1_1-stable - 1cb7eff) In-Reply-To: Message-ID: <5d77a46eef98c_43f97d159b81830188b@de67c5be-d756-482a-bafc-2e6d5001223e.mail> Build Update for openssl/openssl ------------------------------------- Build: #28131 Status: Still Failing Duration: 19 mins and 7 secs Commit: 1cb7eff (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9847) View the changeset: https://github.com/openssl/openssl/compare/a95b0815c7d2...1cb7eff45b4a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583158243?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Sep 10 13:34:48 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 13:34:48 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568122488.207981.613.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via b5decf674be30a469e3863bd49bfedfbb32dfd0b (commit) from 32ef0494231971bb5be4ea9e5ad680a8d373a1d2 (commit) - Log ----------------------------------------------------------------- commit b5decf674be30a469e3863bd49bfedfbb32dfd0b Author: Matt Caswell Date: Tue Sep 10 14:32:15 2019 +0100 Fix the NEWS file The NEWS file was missing an entry for 1.0.2s. This confuses the release scripts - so add an empty entry. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9852) ----------------------------------------------------------------------- Summary of changes: NEWS | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 0d219d207c..9cf2ee8000 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,7 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2t [under development] + Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [under development] o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) @@ -16,6 +16,10 @@ o Document issue with installation paths in diverse Windows builds (CVE-2019-1552) + Major changes between OpenSSL 1.0.2r and OpenSSL 1.0.2s [28 May 2019] + + o None + Major changes between OpenSSL 1.0.2q and OpenSSL 1.0.2r [26 Feb 2019] o 0-byte record padding oracle (CVE-2019-1559) From matt at openssl.org Tue Sep 10 13:58:38 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 13:58:38 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568123918.819985.4204.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5c184ff280ee042e3b7e07701b61adbcbe2958d7 (commit) via 894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596 (commit) from 1cb7eff45b4a213f216c779c291d8622f9a84170 (commit) - Log ----------------------------------------------------------------- commit 5c184ff280ee042e3b7e07701b61adbcbe2958d7 Author: Matt Caswell Date: Tue Sep 10 14:14:31 2019 +0100 Prepare for 1.1.1e-dev Reviewed-by: Richard Levitte commit 894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596 Author: Matt Caswell Date: Tue Sep 10 14:13:07 2019 +0100 Prepare for 1.1.1d release Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++- NEWS | 6 +++++- README | 2 +- include/openssl/opensslv.h | 4 ++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 8c5dbd1de4..18e47078b6 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] + Changes between 1.1.1d and 1.1.1e [xx XXX xxxx] + + *) + + Changes between 1.1.1c and 1.1.1d [10 Sep 2019] *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the diff --git a/NEWS b/NEWS index bd33f9be19..4af390505d 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [under development] + Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [under development] + + o + + Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] o Fixed a fork protection issue (CVE-2019-1549) o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey diff --git a/README b/README index 200f4707f9..dc608cc25e 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1d-dev + OpenSSL 1.1.1e-dev Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 704c819e6c..032fb78c1c 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101040L -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1d-dev xx XXX xxxx" +# define OPENSSL_VERSION_NUMBER 0x10101050L +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1e-dev xx XXX xxxx" /*- * The macros below are to be used for shared library (.so, .dll, ...) From matt at openssl.org Tue Sep 10 13:59:02 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 13:59:02 +0000 Subject: [openssl] OpenSSL_1_1_0-stable update Message-ID: <1568123942.552740.5408.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 4eabf3d6541e83ae4443384ca3c4cf516930bfd8 (commit) via 7ea5bd2b52d0e81eaef3d109b3b12545306f201c (commit) from f4764841dc100c7584c62c46b32ad11b7aa937c7 (commit) - Log ----------------------------------------------------------------- commit 4eabf3d6541e83ae4443384ca3c4cf516930bfd8 Author: Matt Caswell Date: Tue Sep 10 14:17:46 2019 +0100 Prepare for 1.1.0m-dev Reviewed-by: Richard Levitte commit 7ea5bd2b52d0e81eaef3d109b3b12545306f201c Author: Matt Caswell Date: Tue Sep 10 14:16:54 2019 +0100 Prepare for 1.1.0l release Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++- NEWS | 6 +++++- README | 2 +- include/openssl/opensslv.h | 6 +++--- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 4f3e51a0b0..58825db187 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.1.0k and 1.1.0l [xx XXX xxxx] + Changes between 1.1.0l and 1.1.0m [xx XXX xxxx] + + *) + + Changes between 1.1.0k and 1.1.0l [10 Sep 2019] *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key diff --git a/NEWS b/NEWS index 6218a9fc1b..3914bc3014 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [under development] + Major changes between OpenSSL 1.1.0l and OpenSSL 1.1.0m [under development] + + o + + Major changes between OpenSSL 1.1.0k and OpenSSL 1.1.0l [10 Sep 2019] o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) diff --git a/README b/README index f23492a120..9ef3cf9ed5 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.0l-dev + OpenSSL 1.1.0m-dev Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 73f1ee3c97..bd577f8943 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,11 +39,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101000c0L +# define OPENSSL_VERSION_NUMBER 0x101000d0L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0l-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0m-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0l-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0m-dev xx XXX xxxx" # endif /*- From matt at openssl.org Tue Sep 10 13:59:23 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 13:59:23 +0000 Subject: [openssl] OpenSSL_1_0_2-stable update Message-ID: <1568123963.653735.25942.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via a1ff24ad2ced610716635b31c41aad0b11238e88 (commit) via cd7c7fc20b9feeb900632389401f514ac6b82f16 (commit) via c98ce139b5f7956bbab33b7e182ea4bcee1192d8 (commit) from b5decf674be30a469e3863bd49bfedfbb32dfd0b (commit) - Log ----------------------------------------------------------------- commit a1ff24ad2ced610716635b31c41aad0b11238e88 Author: Matt Caswell Date: Tue Sep 10 14:37:06 2019 +0100 Prepare for 1.0.2u-dev Reviewed-by: Richard Levitte commit cd7c7fc20b9feeb900632389401f514ac6b82f16 Author: Matt Caswell Date: Tue Sep 10 14:36:07 2019 +0100 Prepare for 1.0.2t release Reviewed-by: Richard Levitte commit c98ce139b5f7956bbab33b7e182ea4bcee1192d8 Author: Matt Caswell Date: Tue Sep 10 14:36:07 2019 +0100 make update Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++- NEWS | 6 +++++- README | 2 +- crypto/bn/Makefile | 4 ++-- crypto/ec/Makefile | 2 +- crypto/opensslv.h | 6 +++--- openssl.spec | 2 +- util/libeay.num | 1 + 8 files changed, 19 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 867106458c..df613740a9 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,11 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. - Changes between 1.0.2s and 1.0.2t [xx XXX xxxx] + Changes between 1.0.2t and 1.0.2u [xx XXX xxxx] + + *) + + Changes between 1.0.2s and 1.0.2t [10 Sep 2019] *) For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a serialized key diff --git a/NEWS b/NEWS index 9cf2ee8000..44add13f6a 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [under development] + Major changes between OpenSSL 1.0.2t and OpenSSL 1.0.2u [under development] + + o + + Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019] o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) diff --git a/README b/README index a9e3121f8c..949262f2bd 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2t-dev + OpenSSL 1.0.2u-dev Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 9fc4447cfc..7a3bf5d059 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -297,8 +297,8 @@ bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_lib.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h -bn_lib.o: bn_lib.c +bn_lib.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h +bn_lib.o: ../cryptlib.h bn_lcl.h bn_lib.c bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 6628390ba4..e9d65e3e3d 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -156,7 +156,7 @@ ec_curve.o: ../../include/openssl/err.h ../../include/openssl/lhash.h ec_curve.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_curve.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_curve.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h +ec_curve.o: ../../include/openssl/symhacks.h ../bn_int.h ec_curve.c ec_lcl.h ec_cvt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ec_cvt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 4f725bb02d..6cd4fffb59 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10002140L +# define OPENSSL_VERSION_NUMBER 0x10002150L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2t-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2u-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2t-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2u-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index 475ddcf901..9c23c4e1a5 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2t +Version: 1.0.2u Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/util/libeay.num b/util/libeay.num index 2e5221402b..3a72e46d92 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4432,3 +4432,4 @@ EVP_PKEY_meth_get_cleanup 4786 EXIST::FUNCTION: EVP_PKEY_meth_get_encrypt 4787 EXIST::FUNCTION: EVP_PKEY_meth_get_copy 4788 EXIST::FUNCTION: ossl_safe_getenv 4789 EXIST::FUNCTION: +OPENSSL_rdtsc 4790 EXIST::FUNCTION: From matt at openssl.org Tue Sep 10 14:00:07 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 14:00:07 +0000 Subject: [openssl] OpenSSL_1_0_2t create Message-ID: <1568124007.927210.7062.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2t has been created at 61d3564aa3f1633d76c64d67a5e6cc1ebbd79e4b (tag) tagging cd7c7fc20b9feeb900632389401f514ac6b82f16 (commit) replaces OpenSSL_1_0_2s tagged by Matt Caswell on Tue Sep 10 14:36:07 2019 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.0.2t release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl13pscRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJGE/gf/ZA1d97vZnvRiCrLvXH4VAiBQwbw6+tQ9 oSlqew/puvOQJb+VlYthCH3tHJWThxJPQt/Tis2+cxB9kukxC3nMfeSHcd8apoGR Ey4MVBtVLzjgLsNGNPjm4LePa+wWdjYzdvjvC7Olnpdc5Nlircb/ucBTCEuo35UV XM8Uykg0xawQldVFdUAdvOURZAN5SWAr+eSDtCXrOGXXA4Ekdmq40kwGhotklBuO xAbUJtDcvdoR/4vWKCkYWx63gwBB4KiQZ3BoxhoYdf6nAIA4zl25SffH4316VBcH 2sOMiswv/0C+NM6NHeKBpuOKCRTasQ+jr0AjygIkj18mgpSrhveZ1Q== =sVYc -----END PGP SIGNATURE----- Acheev Bhagat (1): Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print Bernd Edlinger (6): Fix building linux-armv4 with --strict-warnings Fix a warning about missing prototype on arm Add value_barriers in constant time select functions Use trusty for travis builds Fix error handling in X509_chain_up_ref Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Billy Brumley (1): [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it Cesar Pereida Garcia (2): Fix SCA vulnerability when using PVK and MSBLOB key formats [crypto/rsa] Fix multiple SCA vulnerabilities during RSA key validation. Dr. Matthias St. Pierre (1): Configure: clang: add -Wno-unknown-warning-option Matt Caswell (6): Update CHANGES and NEWS for the new release Remove duplicate CHANGES entry Update copyright year Fix the NEWS file make update Prepare for 1.0.2t release Nicola Tuveri (6): Fix a SCA leak using BN_bn2bin() Make BN_num_bits() consttime upon BN_FLG_CONSTTIME Uniform bn_bn2binpad() and bn_bn2lebinpad() implementations [ec/ecp_nistp*.c] remove flip_endian() [ec/ecp_nistp*.c] restyle: use {} around `else` too [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Richard Levitte (2): Prepare for 1.0.2t-dev Document issue with default installation paths on diverse Windows targets ----------------------------------------------------------------------- From matt at openssl.org Tue Sep 10 14:00:07 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 14:00:07 +0000 Subject: [openssl] OpenSSL_1_1_0l create Message-ID: <1568124007.975680.7111.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_1_0l has been created at 76ad5a6b6e65ecda9b9002a0caeb8a776e4fb44c (tag) tagging 7ea5bd2b52d0e81eaef3d109b3b12545306f201c (commit) replaces OpenSSL_1_1_0k tagged by Matt Caswell on Tue Sep 10 14:16:54 2019 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.1.0l release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl13okYRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJF0pQf+M52CAukvSh59mMB7pbcvTC5sc3+fJ0H6 9054aSNBDzE0pOYzOEZfxEcTo8rcCEr+c+GszE6zomm1PSSVvPnMsF+O2Vbc+pB4 nt9wtZva1rxfQQiliKQOsaJuxMaku4GKJOg23TEra7Y1aTcJrgDRFgrTusWG4n1t XJZvvi+mQFJa+i4n0G4c4AGxl6yb+XD1gUitM1/zZnCZPyGQAfQTAngt4nIKvD3m EyhrAonhutPIpKkZxpds1yA0Fh4/rWfql0tI5/siNmNJWKPCZq7ul9CYtwOdmWM7 k/acO2QXCUYRcSyN8AZsijIJLPNeBiW59fRQe9OnVhvycIfpgS/LFQ== =Oxa5 -----END PGP SIGNATURE----- Bernd Edlinger (5): Add value_barriers in constant time select functions Fix error handling in X509_chain_up_ref Fix a SCA leak in BN_generate_dsa_nonce Use BN_clear_free in DH_set0_key Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Billy Brumley (2): [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it [test/recipes/30-test_evp_data] computing ECC cofactors: regression test Cesar Pereida Garcia (2): Fix SCA vulnerability when using PVK and MSBLOB key formats [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. Dr. Matthias St. Pierre (1): Configure: clang: add -Wno-unknown-warning-option Krists Krilovs (1): Fix wrong lock claimed in x509 dir lookup. Matt Caswell (4): Update CHANGES and NEWS for the new release Remove duplicate CHANGES entry (1.1.0) Update copyright year Prepare for 1.1.0l release Nicola Tuveri (6): Fix a SCA leak using BN_bn2bin() Make BN_num_bits() consttime upon BN_FLG_CONSTTIME Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations [ec/ecp_nistp*.c] remove flip_endian() [ec/ecp_nistp*.c] restyle: use {} around `else` too [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Pauli (1): Avoid NULL pointer dereference. Richard Levitte (3): Prepare for 1.1.0l-dev Fix default installation paths on mingw Makefile.shared: fix to allow strings and spaces in passed variables ----------------------------------------------------------------------- From matt at openssl.org Tue Sep 10 14:00:08 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 14:00:08 +0000 Subject: [openssl] OpenSSL_1_1_1d create Message-ID: <1568124008.022009.7164.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_1_1d has been created at 150886311c80c1d06786d152039650ecb6ff6746 (tag) tagging 894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596 (commit) replaces OpenSSL_1_1_1c tagged by Matt Caswell on Tue Sep 10 14:13:07 2019 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.1.1d release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl13oWMRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJFAnQgAoT80YMDLGdz4xIqoEzbkxiS5HUiI1Urq gd7yX6IN+K3iB6uNDLToX8GuAI7BT5XYGfx9QhsI2MauRlTPPUBwFvndRl3qzwJj CE7Qz8LlPw4uz8V/VaihIR3f8TZokq1hIssmoY7eEeVYELyL4nV4Y5Uf0KW/u52v rTbqn8yMvLNUVCWEhKVnaQKbzjFVEkIocE9pWl5xH7qQQcVg0HnUT8Qp/DexFI/p VB5V1GjsKMrHUTG9GgErGdzJdqj95RPdYUC6UAall+sNYtdQ8a+RzIdxXoXTDL6E FEt1+wsxkUD8AKQF3ajwOB8jIO3pzuV9d2h8mxxBP+5iAQpJg+cbDA== =0Ff9 -----END PGP SIGNATURE----- Acheev Bhagat (2): Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print Remove redundant include Antoine C?ur (2): Fix Typos Fix Typos Benjamin Kaduk (3): Add regression test for #9099 Revert "Delay setting the sig algs until after the cert_cb has been called" Move 'shared_sigalgs' from cert_st to ssl_st Bernd Edlinger (26): Fix a URL to the NMBRTHRY list archive Fix error handling at openssl_strerror_r Handle CTRL-C as non-redoable abort signal Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data Fix an endless loop in BN_generate_prime_ex Fix a C++ comment in the refcount.h Add value_barriers in constant time select functions Change DH parameters to generate the order q subgroup instead of 2q Allocate DRBG additional data pool from non-secure memory Use OPENSSL_strlcpy instead of strncpy in e_afalg.c Fix error handling in X509_chain_up_ref Add a fallback definition for __NR_getrandom for ARM linux Add a fallback definition for __NR_getrandom for x86 linux Remove ifndef FIPS_MODE from rand_unix.c Cleanup includes in rand_unix.c Fix error handling in x509_lu.c Fix a SCA leak in BN_generate_dsa_nonce Remove x86/x86_64 BSAES and AES_ASM support Change DH_generate_parameters back to order 2q subgroup DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. Use BN_clear_free in DH_set0_key Fix build with VS2008 Fix a strict warnings error in rand_pool_acquire_entropy Fix a potential crash in rand_unix.c Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Billy Brawner (1): Suppress 'No server certificate CA names sent' message Billy Brumley (4): [crypto/ec] for ECC parameters with NULL or zero cofactor, compute it [test] computing ECC cofactors: regression test CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it [test] ECC: check the bounds for auto computing cofactor Cesar Pereida Garcia (3): Fix SCA vulnerability when using PVK and MSBLOB key formats [crypto/asn1] Fix multiple SCA vulnerabilities during RSA key validation. [crypto/rsa] Set the constant-time flag in multi-prime RSA too David Benjamin (2): Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment. Don't generate an unnecessary Diffie-Hellman key in TLS 1.3 clients. David Makepeace (1): Fixed typo in code comment. [skip ci] David Woodhouse (1): Fix bogus check for EVP_PKEY mandatory digest in check_cert_usable() David von Oheimb (1): make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA Denis Ovsienko (1): Remove some duplicate words from the documentation Dmitry Belyavskiy (1): Avoid NULL pointer dereference. Fixes #9043. Dr. Matthias St. Pierre (20): crypto/conf: openssl_config_int() returns unitialized value Remove last references to DEBUG_SAFESTACK Document deprecation of version-specific SSL/TLS methods Fix typo in macro argument of SSL_set1_client_sigalgs_list() Revert the DEVRANDOM_WAIT feature Add CHANGES entries for the DEVRANDOM_WAIT feature and its removal man: fix documentation for RSA_generate_key() man: clarify the 'random number generator must be seeded' requirement Add regenerated header files man: fix typo in OPENSSL_fork_prepare.pod Remove external HEADER_SYMHACKS_H include guard Remove HEADER_BSS_FILE_C module include guard Remove OPENSSL_X509V3_H include detector from openssl/cms.h Remove HEADER_X509_H include detector from apps Add missing accessors for X509 AuthorityKeyIdentifier INSTALL: clarify documentation of the --api=x.y.z deprecation option Configure: clang: move -Wno-unknown-warning-option to the front drbg: ensure fork-safety without using a pthread_atfork handler drbg: add fork id to additional data on UNIX systems drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) Iuri Rezende Souza (1): Typo BIO_SOCK_REUSADDR => BIO_SOCK_REUSEADDR Johannes (1): Correct documented return value for BIO_get_mem_data() John Schember (1): iOS build: Replace %20 with space in config script Krists Krilovs (1): Fix wrong lock claimed in x509 dir lookup. Lei Maohui (1): Fix build error for aarch64 big endian. Martin Peylo (1): Adding Test.pm with workaround for Perl abs2rel bug Martin Ukrop (1): Fix reversed meaning of error codes Matt Caswell (24): Defer sending a KeyUpdate until after pending writes are complete Write a test for receiving a KeyUpdate (update requested) while writing Move a fall through comment Update the d2i docs to reflect reality Fix a race condition in supported groups handling Fix a race condition in ciphers handling Following the previous 2 commits also move ecpointformats out of session Ensure that rc5 doesn't try to use a key longer than 2040 bits Fix the return value for SSL_get0_chain_certs() Fix SSL_MODE_RELEASE_BUFFERS functionality Correct the Extended Master Secret string for EBCDIC Fix ECDSA_SIG docs Clarify the INSTALL instructions Ensure RSA PSS correctly returns the right default digest Add Restricted PSS certificate and key Add TLS tests for RSA-PSS Restricted certificates Fix SSL_check_chain() Extend tests of SSL_check_chain() Don't send a status_request extension in a CertificateRequest message Teach TLSProxy how to parse CertificateRequest messages Update CHANGES and NEWS for the new release Remove duplicate CHANGES entry Update copyright year Prepare for 1.1.1d release Miquel Ruiz (1): Add SSL_shutdown to SSL_get_error's documentation Mykola Baibuz (1): doc: fix link in BN_new.pod Nicola Tuveri (8): Fix a SCA leak using BN_bn2bin() Make BN_num_bits() consttime upon BN_FLG_CONSTTIME Uniform BN_bn2binpad() and BN_bn2lebinpad() implementations [ec/ecp_nistp*.c] remove flip_endian() [ec/ecp_nistp*.c] restyle: use {} around `else` too Append CVE-2019-1547 to related CHANGES entry [ec] Match built-in curves on EC_GROUP_new_from_ecparameters Fix spacing nit in test/ectest.c Omid Najafi (1): Fix syntax error for the armv4 assembler Patrick Steuer (3): s390x assembly pack: fix restoring of SIGILL action Directly return from final sha3/keccak_final if no bytes are requested Test for out-of-bounds write when requesting zero bytes from shake Paul Yang (2): Add documentation for X509_cmp and related APIs Add description in X509_STORE manipulation Pauli (14): Fix broken change from b3d113e. ARIA documentation titled itself AES Add documentation for CRYPTO_memcmp. Allow AES XTS decryption using duplicate keys. Excise AES-XTS FIPS check. Remove DRBG from SSL structure. Avoid double clearing some BIGNUMs Make rand_pool buffers more dynamic in their sizing. Add weak platform independent PRNG to test framework. Start up DEVRANDOM entropy improvement for older Linux devices. Avoid overflowing FDSET when using select(2). Fix NITs in comments and CHANGES for DEVRANDOM seeded check. Don't include the DEVRANDOM being seeded logic on Android. Remove duplicate CHANGES text. Rebecca Cran (2): Swap #if blocks in uid.c so target platform gets checked before host Fix UEFI build on FreeBSD by not including system headers Retropotenza (1): Fix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux Rich Salz (3): util/mkerr.pl: Add an inclusion of symhacks.h in all error files .travis.yml: Use travis_terminate on failure Fix some pod-page ordering nits Richard Levitte (12): Prepare for 1.1.1d-dev Configure: link AIX modules correctly Configurations/unix-Makefile.tmpl: not -v for rm apps/ca.c: only output DER with SPKAC input and when -out is chosen test/enginetest.c: Make sure no config file is loaded Cygwin: enable the use of Dl_info and dladdr() Fix default installation paths on mingw engines/build.info: if the padlock engine is disabled, don't build it! Configurations/unit-Makefile.tmpl: Don't clean away dotted files crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally openssl dgst, openssl enc: check for end of input test/evp_test.c: distinguish parsing errors from processing errors Sambit Kumar Dash (2): Update EVP_VerifyInit.pod Update X509_STORE_new.pod Shane Lontis (3): Add the content type attribute to additional CMS signerinfo. Cleanup use of X509 STORE locks Change EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes Shigeki Ohtsu (1): Fix doc to remove const arg in GEN_SESSION_CB Todd Short (1): Fix SSL_CTX_set_session_id_context() docs Tomas Mraz (6): The SHA256 is not a mandatory digest for DSA. BIO_lookup_ex: Retry with AI_ADDRCONFIG cleared if getaddrinfo fails Fix and document BIO_FLAGS_NONCLEAR_RST behavior on memory BIO Clarify documentation of SSL_CTX_set_verify client side behavior BIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set BIO_lookup_ex: Do not retry on EAI_MEMORY Viktor Dukhovni (1): Actually silently ignore GET / OCSP requests Vitezslav Cizek (1): build_SYS_str_reasons: Fix a crash caused by overlong locales Vladimir Kotal (2): make ecp_nistz256_point_add_vis3() local mention what happens if OPENSSL_NO_RC2 is defined agnosticdev (2): issue-8998: Ensure that the alert is generated and reaches the remote issue-9316: Update return documentation for RAND_set_rand_engine joe2018Outlookcom (1): Fix warning C4164 in MSVC. opensslonzos-github (1): Add missing EBCDIC strings raja-ashok (4): Fix typo mistake on calls to SSL_ctrl in ssl.h Use allow_early_data_cb from SSL instead of SSL_CTX Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list Test SSL_set_ciphersuites ----------------------------------------------------------------------- From matt at openssl.org Tue Sep 10 14:07:46 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 14:07:46 +0000 Subject: [web] master update Message-ID: <1568124466.173371.24595.nullmailer@dev.openssl.org> The branch master has been updated via 81c6d01b55625c3071296caced494d5d61866083 (commit) from b9cdda6cdbe4e87b1e2db37b23cddaca5fb7da9a (commit) - Log ----------------------------------------------------------------- commit 81c6d01b55625c3071296caced494d5d61866083 Author: Matt Caswell Date: Tue Sep 10 12:05:36 2019 +0100 Website updates for new releases Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/136) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 4 ++ news/secadv/20190910.txt | 107 +++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 164 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 274 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20190910.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 491bee5..3671610 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,10 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +10-Sep-2019: Security Advisory: three low severity fixes +10-Sep-2019: OpenSSL 1.1.1d is now available, including bug and security fixes +10-Sep-2019: OpenSSL 1.1.0l is now available, including security fixes +10-Sep-2019: OpenSSL 1.0.2t is now available, including security fixes 30-Jul-2019: Security Advisory: one low severity fix in Windows builds 28-May-2019: OpenSSL 1.1.1c is now available, including bug and security fixes 28-May-2019: OpenSSL 1.1.0k is now available, including bug and security fixes diff --git a/news/secadv/20190910.txt b/news/secadv/20190910.txt new file mode 100644 index 0000000..0358352 --- /dev/null +++ b/news/secadv/20190910.txt @@ -0,0 +1,107 @@ +OpenSSL Security Advisory [10 September 2019] +============================================= + +ECDSA remote timing attack (CVE-2019-1547) +========================================== + +Severity: Low + +Normally in OpenSSL EC groups always have a co-factor present and this is used +in side channel resistant code paths. However, in some cases, it is possible to +construct a group using explicit parameters (instead of using a named curve). In +those cases it is possible that such a group does not have the cofactor present. +This can occur even where all the parameters match a known named curve. + +If such a curve is used then OpenSSL falls back to non-side channel resistant +code paths which may result in full key recovery during an ECDSA signature +operation. + +In order to be vulnerable an attacker would have to have the ability to time +the creation of a large number of signatures where explicit parameters with no +co-factor present are in use by an application using libcrypto. + +For the avoidance of doubt libssl is not vulnerable because explicit parameters +are never used. + +OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. + +OpenSSL 1.1.1 users should upgrade to 1.1.1d +OpenSSL 1.1.0 users should upgrade to 1.1.0l +OpenSSL 1.0.2 users should upgrade to 1.0.2t + +This issue was reported by Cesar Pereida Garc?a, Sohaib ul Hassan, +Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley. The +fix was developed by Billy Brumley. It was reported to OpenSSL on 5th August +2019. + + +Fork Protection (CVE-2019-1549) +=============================== + +Severity: Low + +OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was +intended to include protection in the event of a fork() system call in order to +ensure that the parent and child processes did not share the same RNG state. +However this protection was not being used in the default case. + +A partial mitigation for this issue is that the output from a high precision +timer is mixed into the RNG state so the likelihood of a parent and child +process sharing state is significantly reduced. + +If an application already calls OPENSSL_init_crypto() explicitly using +OPENSSL_INIT_ATFORK then this problem does not occur at all. + +OpenSSL version 1.1.1 is affected by this issue. + +OpenSSL 1.1.1 users should upgrade to 1.1.1d + +This issue was reported by Matt Caswell. The fix was developed by Matthias +St. Pierre. It was reported to OpenSSL on 27th May 2019. + + +Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) +============================================================================ + +Severity: Low + +In situations where an attacker receives automated notification of the success +or failure of a decryption attempt an attacker, after sending a very large +number of messages to be decrypted, can recover a CMS/PKCS7 transported +encryption key or decrypt any RSA encrypted message that was encrypted with the +public RSA key, using a Bleichenbacher padding oracle attack. Applications are +not affected if they use a certificate together with the private RSA key to the +CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to +decrypt. + +OpenSSL 1.1.1 users should upgrade to 1.1.1d +OpenSSL 1.1.0 users should upgrade to 1.1.0l +OpenSSL 1.0.2 users should upgrade to 1.0.2t + +This issue was reported by and the fix developed by Bernd Edlinger. It was +reported to OpenSSL on 21st August 2019. + + +Note +===== + +OpenSSL 1.0.2 is currently only receiving security updates. Support for 1.0.2 +will end on 31st December 2019. + +Support for 1.1.0 ends on 11th September 2019 so 1.1.0l is expected to be the +last 1.1.0 release. + +Users of these versions should upgrade to OpenSSL 1.1.1. + + +Referenses +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20190910.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index e66f6d8..c3532a5 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,169 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Timing side channel + ECDSA remote timing attack + + Normally in OpenSSL EC groups always have a co-factor present and this is used + in side channel resistant code paths. However, in some cases, it is possible to + construct a group using explicit parameters (instead of using a named curve). In + those cases it is possible that such a group does not have the cofactor present. + This can occur even where all the parameters match a known named curve. + + If such a curve is used then OpenSSL falls back to non-side channel resistant + code paths which may result in full key recovery during an ECDSA signature + operation. + + In order to be vulnerable an attacker would have to have the ability to time + the creation of a large number of signatures where explicit parameters with no + co-factor present are in use by an application using libcrypto. + + For the avoidance of doubt libssl is not vulnerable because explicit parameters + are never used. + + + + + + + + + + + + + + + Random Number Generation + Fork Protection + + OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was + intended to include protection in the event of a fork() system call in order to + ensure that the parent and child processes did not share the same RNG state. + However this protection was not being used in the default case. + + A partial mitigation for this issue is that the output from a high precision + timer is mixed into the RNG state so the likelihood of a parent and child + process sharing state is significantly reduced. + + If an application already calls OPENSSL_init_crypto() explicitly using + OPENSSL_INIT_ATFORK then this problem does not occur at all. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Padding Oracle + Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey + + In situations where an attacker receives automated notification of the success + or failure of a decryption attempt an attacker, after sending a very large + number of messages to be decrypted, can recover a CMS/PKCS7 transported + encryption key or decrypt any RSA encrypted message that was encrypted with the + public RSA key, using a Bleichenbacher padding oracle attack. Applications are + not affected if they use a certificate together with the private RSA key to the + CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to + decrypt. + + + + From builds at travis-ci.org Tue Sep 10 14:19:59 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 14:19:59 +0000 Subject: Still Failing: openssl/openssl#28140 (OpenSSL_1_1_1-stable - 5c184ff) In-Reply-To: Message-ID: <5d77b10f24206_43fd10ef5d4c0348827@ba93e6d7-0d92-4b20-8660-e5839d484c62.mail> Build Update for openssl/openssl ------------------------------------- Build: #28140 Status: Still Failing Duration: 20 mins and 27 secs Commit: 5c184ff (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Prepare for 1.1.1e-dev Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/1cb7eff45b4a...5c184ff280ee View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583182930?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Sep 10 14:24:41 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 14:24:41 +0000 Subject: Passed: openssl/openssl#28143 (OpenSSL_1_0_2t - cd7c7fc) In-Reply-To: Message-ID: <5d77b228799a7_43f7eae877500352551@514a0337-06fc-4c73-9c88-176bd925f9f1.mail> Build Update for openssl/openssl ------------------------------------- Build: #28143 Status: Passed Duration: 4 mins and 29 secs Commit: cd7c7fc (OpenSSL_1_0_2t) Author: Matt Caswell Message: Prepare for 1.0.2t release Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_0_2t View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583183684?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Sep 10 14:38:19 2019 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Sep 2019 14:38:19 +0000 Subject: [web] master update Message-ID: <1568126299.169735.11082.nullmailer@dev.openssl.org> The branch master has been updated via 6239182447d80939a1e2170e4f7b79917561c165 (commit) from 81c6d01b55625c3071296caced494d5d61866083 (commit) - Log ----------------------------------------------------------------- commit 6239182447d80939a1e2170e4f7b79917561c165 Author: Matt Caswell Date: Tue Sep 10 15:34:03 2019 +0100 Fix typo in advisories Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/137) ----------------------------------------------------------------------- Summary of changes: news/secadv/20190730.txt | 2 +- news/secadv/20190910.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/news/secadv/20190730.txt b/news/secadv/20190730.txt index cff9b85..88a50f5 100644 --- a/news/secadv/20190730.txt +++ b/news/secadv/20190730.txt @@ -55,7 +55,7 @@ will end on 11th September 2019. Users of these versions should upgrade to OpenSSL 1.1.1. -Referenses +References ========== URL for this Security Advisory: diff --git a/news/secadv/20190910.txt b/news/secadv/20190910.txt index 0358352..9af565e 100644 --- a/news/secadv/20190910.txt +++ b/news/secadv/20190910.txt @@ -94,7 +94,7 @@ last 1.1.0 release. Users of these versions should upgrade to OpenSSL 1.1.1. -Referenses +References ========== URL for this Security Advisory: From builds at travis-ci.org Tue Sep 10 14:39:19 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 14:39:19 +0000 Subject: Passed: openssl/openssl#28144 (OpenSSL_1_1_0l - 7ea5bd2) In-Reply-To: Message-ID: <5d77b596c29a5_43f9940472e1c37405a@dac6e69f-8f73-4b2d-aef0-07007cdc2081.mail> Build Update for openssl/openssl ------------------------------------- Build: #28144 Status: Passed Duration: 16 mins and 53 secs Commit: 7ea5bd2 (OpenSSL_1_1_0l) Author: Matt Caswell Message: Prepare for 1.1.0l release Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_1_0l View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583183703?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Sep 10 14:48:42 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 14:48:42 +0000 Subject: Failed: openssl/openssl#28145 (OpenSSL_1_1_1d - 894da2f) In-Reply-To: Message-ID: <5d77b7ca5b38f_43fd10efac28c36224@ba93e6d7-0d92-4b20-8660-e5839d484c62.mail> Build Update for openssl/openssl ------------------------------------- Build: #28145 Status: Failed Duration: 21 mins and 2 secs Commit: 894da2f (OpenSSL_1_1_1d) Author: Matt Caswell Message: Prepare for 1.1.1d release Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/OpenSSL_1_1_1d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583183766?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 10 14:56:05 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 10 Sep 2019 14:56:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1568127365.230599.8547.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 1d3cd983f5 [test] ECC: check the bounds for auto computing cofactor d3a1128bc2 Fix build with VS2008 20bf3d8b22 Use simple names in core_names.h 864b89ce49 Move EVP_PKEY algorithm implementations into a union 9c45222ddc Revise EVP_PKEY param handling 21fb706722 Enable DH "keys" which only contain domain parameters 4f62f5d9af Add docs for the provider interface for signature operations 11031468c3 Add public API docs for newly added EVP_SIGNATURE related functions 390acbebfa Add support for verify/verify_recover functions to EVP_SIGNATURE 4889dadcb8 Implement DSA in the default provider dfcb5d29b5 Add the ability to perform signatures in a provider 2b95e8efcf DH_check_pub_key_ex was accidentally calling DH_check, so results were undefined. fa01370f7d Use BN_clear_free in DH_set0_key feeb7ecd2f Check the DH modulus bit length bfed4fc836 Uniform TEST_*() check usage in test/ectest.c 65936a5646 Fix spacing nit in test/ectest.c 3f37050e33 Fix typos in the OSSL_METHOD_STORE doc bacaa618c2 [ec] Match built-in curves on EC_GROUP_new_from_ecparameters bd9faf117d Do no mention private headers in public headers Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=176, Tests=1663, 885 wallclock secs ( 3.17 usr 0.38 sys + 857.99 cusr 37.46 csys = 899.00 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue Sep 10 16:49:24 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 10 Sep 2019 16:49:24 +0000 Subject: Build failed: openssl OpenSSL_1_0_2-stable.27571 Message-ID: <20190910164924.1.6A1B321DEDCB22D9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Sep 10 17:38:14 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 10 Sep 2019 17:38:14 +0000 Subject: Build completed: openssl OpenSSL_1_1_1d.27572 Message-ID: <20190910173814.1.133786D58EF61997@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Sep 10 18:53:22 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 10 Sep 2019 18:53:22 +0000 Subject: Build failed: openssl OpenSSL_1_0_2t.27574 Message-ID: <20190910185322.1.9692217444D9015F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Sep 10 19:21:07 2019 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 10 Sep 2019 19:21:07 +0000 Subject: Build completed: openssl master.27575 Message-ID: <20190910192107.1.BFBC7CB631694F2B@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Sep 10 22:29:06 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 10 Sep 2019 22:29:06 +0000 Subject: [openssl] master update Message-ID: <1568154546.863574.8842.nullmailer@dev.openssl.org> The branch master has been updated via 4a3dd6292385a23134e113a01463f9516004ae85 (commit) via f20a59cb1c21e360f000e541e2e41aceca515929 (commit) via d111712f6a7ae0ce37062d75fa3fa72e277e7455 (commit) via 64da55a64f141bb068f034ab0df34ec2a044e482 (commit) via 085f1d11a01e62c5abfe6486ee9dce00a808d977 (commit) via 6ce4ff19158273ccf3313d5ece6adbd8bda0ac4b (commit) via 7e56c626936f7070070cf989053dc0011a9bca9c (commit) via 92475712a9ca5e53913c4d1541ea9d044e183108 (commit) from 5840ed0cd1e6487d247efbc1a04136a41d7b3a37 (commit) - Log ----------------------------------------------------------------- commit 4a3dd6292385a23134e113a01463f9516004ae85 Author: Pauli Date: Mon Sep 9 10:14:32 2019 +1000 Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) commit f20a59cb1c21e360f000e541e2e41aceca515929 Author: Pauli Date: Sun Sep 8 18:39:11 2019 +1000 Coverity 1453634: Resource leaks (RESOURCE_LEAK) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) commit d111712f6a7ae0ce37062d75fa3fa72e277e7455 Author: Pauli Date: Mon Sep 9 08:04:45 2019 +1000 Coverity 1453633: Error handling issues (CHECKED_RETURN) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) commit 64da55a64f141bb068f034ab0df34ec2a044e482 Author: Pauli Date: Sun Sep 8 18:37:13 2019 +1000 Coverity 1453632 & 1453635: Null pointer dereferences (FORWARD_NULL) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) commit 085f1d11a01e62c5abfe6486ee9dce00a808d977 Author: Pauli Date: Sun Sep 8 18:33:12 2019 +1000 Coverity 1453630: Null pointer dereferences (FORWARD_NULL) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) commit 6ce4ff19158273ccf3313d5ece6adbd8bda0ac4b Author: Pauli Date: Sun Sep 8 18:29:58 2019 +1000 Coverity 1453628: Null pointer dereferences (REVERSE_INULL) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) commit 7e56c626936f7070070cf989053dc0011a9bca9c Author: Pauli Date: Sun Sep 8 18:28:56 2019 +1000 Coverity 1453627: Null pointer dereferences (REVERSE_INULL) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) commit 92475712a9ca5e53913c4d1541ea9d044e183108 Author: Pauli Date: Sun Sep 8 18:25:34 2019 +1000 Coverity 1414465: Resource leaks (RESOURCE_LEAK) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) ----------------------------------------------------------------------- Summary of changes: crypto/evp/kdf_lib.c | 2 +- crypto/rsa/rsa_ossl.c | 4 ++++ providers/common/kdfs/pbkdf2.c | 4 +++- providers/common/macs/gmac_prov.c | 3 ++- providers/common/macs/kmac_prov.c | 4 +++- ssl/t1_enc.c | 3 ++- test/evp_test.c | 9 ++++++--- 7 files changed, 21 insertions(+), 8 deletions(-) diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index aa0c5e341f..dedb250988 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -59,7 +59,7 @@ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src) { EVP_KDF_CTX *dst; - if (src->data == NULL || src == NULL || src->meth->dupctx == NULL) + if (src == NULL || src->data == NULL || src->meth->dupctx == NULL) return NULL; dst = OPENSSL_malloc(sizeof(*dst)); diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 29bd97bd1b..5d5efdbd69 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -470,6 +470,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, goto err; j = BN_bn2binpad(ret, buf, num); + if (j < 0) + goto err; switch (padding) { case RSA_PKCS1_PADDING: @@ -569,6 +571,8 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, goto err; i = BN_bn2binpad(ret, buf, num); + if (i < 0) + goto err; switch (padding) { case RSA_PKCS1_PADDING: diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c index ce395576dd..c8480125b2 100644 --- a/providers/common/kdfs/pbkdf2.c +++ b/providers/common/kdfs/pbkdf2.c @@ -107,7 +107,9 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx) params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_sha1, 0); - ossl_prov_digest_load_from_params(&ctx->digest, params, provctx); + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) + /* This is an error, but there is no way to indicate such directly */ + ossl_prov_digest_reset(&ctx->digest); ctx->iter = PKCS5_DEFAULT_ITER; ctx->lower_bound_checks = KDF_PBKDF2_DEFAULT_CHECKS; } diff --git a/providers/common/macs/gmac_prov.c b/providers/common/macs/gmac_prov.c index 2da176d8b0..67f3e48407 100644 --- a/providers/common/macs/gmac_prov.c +++ b/providers/common/macs/gmac_prov.c @@ -174,7 +174,8 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(macctx->provctx); const OSSL_PARAM *p; - if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx)) + if (ctx == NULL + || !ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx)) return 0; if (EVP_CIPHER_mode(ossl_prov_cipher_cipher(&macctx->cipher)) diff --git a/providers/common/macs/kmac_prov.c b/providers/common/macs/kmac_prov.c index 53598418db..99bcbf7da9 100644 --- a/providers/common/macs/kmac_prov.c +++ b/providers/common/macs/kmac_prov.c @@ -174,8 +174,10 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params) if (kctx == NULL) return 0; if (!ossl_prov_digest_load_from_params(&kctx->digest, params, - PROV_LIBRARY_CONTEXT_OF(provctx))) + PROV_LIBRARY_CONTEXT_OF(provctx))) { + kmac_free(kctx); return 0; + } kctx->out_len = EVP_MD_size(ossl_prov_digest_md(&kctx->digest)); return kctx; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 4419d3f10b..6726d8fb7d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -35,7 +35,7 @@ static int tls1_PRF(SSL *s, EVP_KDF *kdf; EVP_KDF_CTX *kctx = NULL; OSSL_PARAM params[8], *p = params; - const char *mdname = EVP_MD_name(md); + const char *mdname; if (md == NULL) { /* Should never happen */ @@ -53,6 +53,7 @@ static int tls1_PRF(SSL *s, EVP_KDF_free(kdf); if (kctx == NULL) goto err; + mdname = EVP_MD_name(md); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, strlen(mdname) + 1); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, diff --git a/test/evp_test.c b/test/evp_test.c index 2f7506e6e6..67a818d98d 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2008,8 +2008,10 @@ static int kdf_test_init(EVP_TEST *t, const char *name) *kdata->p = OSSL_PARAM_construct_end(); kdf = EVP_KDF_fetch(NULL, name, NULL); - if (kdf == NULL) + if (kdf == NULL) { + OPENSSL_free(kdata); return 0; + } kdata->ctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kdata->ctx == NULL) { @@ -2045,14 +2047,15 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, if (p != NULL) *p++ = '\0'; - rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, strlen(p)); + rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, + p != NULL ? strlen(p) : 0); *++kdata->p = OSSL_PARAM_construct_end(); if (!rv) { t->err = "KDF_PARAM_ERROR"; OPENSSL_free(name); return 0; } - if (strcmp(name, "digest") == 0 && p != NULL) { + if (p != NULL && strcmp(name, "digest") == 0) { /* If p has an OID and lookup fails assume disabled algorithm */ int nid = OBJ_sn2nid(p); From builds at travis-ci.org Tue Sep 10 22:49:29 2019 From: builds at travis-ci.org (Travis CI) Date: Tue, 10 Sep 2019 22:49:29 +0000 Subject: Still Failing: openssl/openssl#28148 (master - 4a3dd62) In-Reply-To: Message-ID: <5d782878a52d6_43fb1450cfb80113331@98765dca-ebfa-4935-9d4d-ae7497538293.mail> Build Update for openssl/openssl ------------------------------------- Build: #28148 Status: Still Failing Duration: 19 mins and 24 secs Commit: 4a3dd62 (master) Author: Pauli Message: Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS) Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/9805) View the changeset: https://github.com/openssl/openssl/compare/5840ed0cd1e6...4a3dd6292385 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583394413?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Sep 10 23:01:24 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 10 Sep 2019 23:01:24 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1568156484.131868.11828.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 5840ed0cd1 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey fa3eb248e2 Fix a potential crash in rand_unix.c e301c147a7 Fix a strict warnings error in rand_pool_acquire_entropy Build log ended with (last 100 lines): ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 7 Non-zero exit status: 1 ../../openssl/test/recipes/30-test_evp_extra.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 ../../openssl/test/recipes/30-test_pkey_meth_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=176, Tests=1462, 648 wallclock secs ( 1.13 usr 0.33 sys + 576.00 cusr 69.93 csys = 647.39 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Wed Sep 11 00:29:56 2019 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 11 Sep 2019 00:29:56 +0000 Subject: [openssl] master update Message-ID: <1568161796.546319.28001.nullmailer@dev.openssl.org> The branch master has been updated via 64115f05ac950390e80e3993703513cda439fca0 (commit) via 69333af49d8ddba6b551506ddbbccea73aee4a6b (commit) via 2e548ac9a103f9366675d58dd52ced1889688231 (commit) via 27e27cd7ef5df70289058101df1ad2aa9b5ab139 (commit) via 1732c260db11273792ea465e29c2018b7bab52e5 (commit) via d810cc197737cc34fac60eee04720ad3fb0088bf (commit) from 4a3dd6292385a23134e113a01463f9516004ae85 (commit) - Log ----------------------------------------------------------------- commit 64115f05ac950390e80e3993703513cda439fca0 Author: Pauli Date: Mon Sep 9 11:42:22 2019 +1000 Usages of KDFs converted to use the name macros Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9814) commit 69333af49d8ddba6b551506ddbbccea73aee4a6b Author: Pauli Date: Mon Sep 9 11:42:00 2019 +1000 Register KDF's using their name macros rather than strings Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9814) commit 2e548ac9a103f9366675d58dd52ced1889688231 Author: Pauli Date: Mon Sep 9 11:39:10 2019 +1000 Make FIPS provider use KDF name for PBKDF2 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9814) commit 27e27cd7ef5df70289058101df1ad2aa9b5ab139 Author: Pauli Date: Mon Sep 9 11:37:11 2019 +1000 Update tests to (mostly) use KDF names Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9814) commit 1732c260db11273792ea465e29c2018b7bab52e5 Author: Pauli Date: Mon Sep 9 11:36:48 2019 +1000 Convert SSL functions to use KDF names not SN_ strings Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9814) commit d810cc197737cc34fac60eee04720ad3fb0088bf Author: Pauli Date: Mon Sep 9 11:35:25 2019 +1000 Add macros for the KDF algorithm names. This avoids the problems with PBKDF2 and SCRYPT not being of the same form as the rest. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9814) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_kdf.c | 2 +- crypto/ec/ecdh_kdf.c | 2 +- crypto/evp/p5_crpt2.c | 2 +- crypto/evp/pbe_scrypt.c | 2 +- include/openssl/core_names.h | 10 ++++++++++ providers/default/defltprov.c | 16 ++++++++-------- providers/fips/fipsprov.c | 10 +++++----- ssl/t1_enc.c | 2 +- ssl/tls13_enc.c | 4 ++-- test/evp_kdf_test.c | 22 +++++++++++----------- 10 files changed, 41 insertions(+), 31 deletions(-) diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 781d34a94f..a1bbea3013 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -39,7 +39,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, if (oid_sn == NULL) return 0; - kdf = EVP_KDF_fetch(provctx, SN_x942kdf, NULL); + kdf = EVP_KDF_fetch(provctx, OSSL_KDF_NAME_X942KDF, NULL); if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL) goto err; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index 55e676d20a..a19080940a 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -24,7 +24,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, EVP_KDF_CTX *kctx = NULL; OSSL_PARAM params[4], *p = params; const char *mdname = EVP_MD_name(md); - EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_x963kdf, NULL); + EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL); if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index c12d35c8ab..96a72730f3 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -40,7 +40,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, if (salt == NULL && saltlen == 0) salt = (unsigned char *)empty; - kdf = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL); + kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c index 7a9f6f47a4..62b9687949 100644 --- a/crypto/evp/pbe_scrypt.c +++ b/crypto/evp/pbe_scrypt.c @@ -62,7 +62,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; - kdf = EVP_KDF_fetch(NULL, SN_id_scrypt, NULL); + kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 27b4588ce1..b11bc614a8 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -128,6 +128,16 @@ extern "C" { #define OSSL_KDF_PARAM_SSHKDF_TYPE "type" /* int */ #define OSSL_KDF_PARAM_SIZE "size" /* size_t */ +/* Known KDF names */ +#define OSSL_KDF_NAME_HKDF "HKDF" +#define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +#define OSSL_KDF_NAME_SCRYPT "id-scrypt" +#define OSSL_KDF_NAME_SSHKDF "SSHKDF" +#define OSSL_KDF_NAME_SSKDF "SSKDF" +#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +#define OSSL_KDF_NAME_X942KDF "X942KDF" +#define OSSL_KDF_NAME_X963KDF "X963KDF" + /* PKEY parameters */ /* Diffie-Hellman/DSA Parameters */ #define OSSL_PKEY_PARAM_FFC_P "p" diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 9ce918aea5..3f2ad610a9 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -212,17 +212,17 @@ static const OSSL_ALGORITHM deflt_macs[] = { }; static const OSSL_ALGORITHM deflt_kdfs[] = { - { "HKDF", "default=yes", kdf_hkdf_functions }, - { "SSKDF", "default=yes", kdf_sskdf_functions }, - { "PBKDF2", "default=yes", kdf_pbkdf2_functions }, - { "SSHKDF", "default=yes", kdf_sshkdf_functions }, - { "X963KDF", "default=yes", kdf_x963_kdf_functions }, - { "TLS1-PRF", "default=yes", kdf_tls1_prf_functions }, + { OSSL_KDF_NAME_HKDF, "default=yes", kdf_hkdf_functions }, + { OSSL_KDF_NAME_SSKDF, "default=yes", kdf_sskdf_functions }, + { OSSL_KDF_NAME_PBKDF2, "default=yes", kdf_pbkdf2_functions }, + { OSSL_KDF_NAME_SSHKDF, "default=yes", kdf_sshkdf_functions }, + { OSSL_KDF_NAME_X963KDF, "default=yes", kdf_x963_kdf_functions }, + { OSSL_KDF_NAME_TLS1_PRF, "default=yes", kdf_tls1_prf_functions }, #ifndef OPENSSL_NO_CMS - { "X942KDF", "default=yes", kdf_x942_kdf_functions }, + { OSSL_KDF_NAME_X942KDF, "default=yes", kdf_x942_kdf_functions }, #endif #ifndef OPENSSL_NO_SCRYPT - { "id-scrypt", "default=yes", kdf_scrypt_functions }, + { OSSL_KDF_NAME_SCRYPT, "default=yes", kdf_scrypt_functions }, #endif { NULL, NULL, NULL } }; diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 59cd4080f4..e5bb9b41d6 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -122,7 +122,7 @@ static int dummy_evp_call(void *provctx) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); EVP_MD_CTX *ctx = EVP_MD_CTX_new(); EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); - EVP_KDF *kdf = EVP_KDF_fetch(libctx, "pbkdf2", NULL); + EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL); char msg[] = "Hello World!"; const unsigned char exptd[] = { 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, @@ -346,10 +346,10 @@ static const OSSL_ALGORITHM fips_macs[] = { }; static const OSSL_ALGORITHM fips_kdfs[] = { - { "HKDF", "fips=yes", kdf_hkdf_functions }, - { "SSKDF", "fips=yes", kdf_sskdf_functions }, - { "PBKDF2", "fips=yes", kdf_pbkdf2_functions }, - { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions }, + { OSSL_KDF_NAME_HKDF, "fips=yes", kdf_hkdf_functions }, + { OSSL_KDF_NAME_SSKDF, "fips=yes", kdf_sskdf_functions }, + { OSSL_KDF_NAME_PBKDF2, "fips=yes", kdf_pbkdf2_functions }, + { OSSL_KDF_NAME_TLS1_PRF, "fips=yes", kdf_tls1_prf_functions }, { NULL, NULL, NULL } }; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 6726d8fb7d..fc082530db 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -46,7 +46,7 @@ static int tls1_PRF(SSL *s, SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); return 0; } - kdf = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL); + kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_TLS1_PRF, NULL); if (kdf == NULL) goto err; kctx = EVP_KDF_CTX_new(kdf); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index f7c472d1fb..2339a05aad 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -36,7 +36,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, #else static const unsigned char label_prefix[] = "tls13 "; #endif - EVP_KDF *kdf = EVP_KDF_fetch(NULL, SN_hkdf, NULL); + EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_HKDF, NULL); EVP_KDF_CTX *kctx; OSSL_PARAM params[5], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; @@ -194,7 +194,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, #endif unsigned char preextractsec[EVP_MAX_MD_SIZE]; - kdf = EVP_KDF_fetch(NULL, SN_hkdf, NULL); + kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_HKDF, NULL); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index abc4dccd46..6d8517ff87 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -49,7 +49,7 @@ static int test_kdf_tls1_prf(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_tls1_prf)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -79,7 +79,7 @@ static int test_kdf_hkdf(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_hkdf)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -120,7 +120,7 @@ static int test_kdf_pbkdf2(void) *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); *p = OSSL_PARAM_construct_end(); - if (!TEST_ptr(kctx = get_kdfbyname(LN_id_pbkdf2)) + if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)) @@ -190,7 +190,7 @@ static int test_kdf_scrypt(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_id_scrypt)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) /* failure test *//* && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/ @@ -234,7 +234,7 @@ static int test_kdf_ss_hash(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_sskdf)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -288,7 +288,7 @@ static int test_kdf_x963(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_x963kdf)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -331,7 +331,7 @@ static int test_kdf_ss_hmac(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_sskdf)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -377,7 +377,7 @@ static int test_kdf_ss_kmac(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_sskdf)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -435,7 +435,7 @@ static int test_kdf_sshkdf(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_sshkdf)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); @@ -451,7 +451,7 @@ static int test_kdf_get_kdf(void) int ok = 1; if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2)) - || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL)) + || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL)) || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)), NULL)) || !TEST_ptr_eq(kdf1, kdf2)) @@ -509,7 +509,7 @@ static int test_kdf_x942_asn1(void) *p = OSSL_PARAM_construct_end(); ret = - TEST_ptr(kctx = get_kdfbyname(SN_x942kdf)) + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); From builds at travis-ci.org Wed Sep 11 00:55:54 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 11 Sep 2019 00:55:54 +0000 Subject: Still Failing: openssl/openssl#28152 (master - 64115f0) In-Reply-To: Message-ID: <5d78461a39ac0_43fca1ed169883327dd@5dc20462-ddc2-45da-b611-79936ddc3c19.mail> Build Update for openssl/openssl ------------------------------------- Build: #28152 Status: Still Failing Duration: 25 mins and 14 secs Commit: 64115f0 (master) Author: Pauli Message: Usages of KDFs converted to use the name macros Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9814) View the changeset: https://github.com/openssl/openssl/compare/4a3dd6292385...64115f05ac95 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583429790?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Sep 11 02:15:58 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 11 Sep 2019 02:15:58 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1568168158.462762.4597.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 5840ed0cd1 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey fa3eb248e2 Fix a potential crash in rand_unix.c e301c147a7 Fix a strict warnings error in rand_pool_acquire_entropy Build log ended with (last 100 lines): clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_md5-bin-buildtest_md5.d.tmp -MT test/buildtest_c_md5-bin-buildtest_md5.o -c -o test/buildtest_c_md5-bin-buildtest_md5.o test/buildtest_md5.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_mdc2-bin-buildtest_mdc2.d.tmp -MT test/buildtest_c_mdc2-bin-buildtest_mdc2.o -c -o test/buildtest_c_mdc2-bin-buildtest_mdc2.o test/buildtest_mdc2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_modes-bin-buildtest_modes.d.tmp -MT test/buildtest_c_modes-bin-buildtest_modes.o -c -o test/buildtest_c_modes-bin-buildtest_modes.o test/buildtest_modes.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_obj_mac-bin-buildtest_obj_mac.d.tmp -MT test/buildtest_c_obj_mac-bin-buildtest_obj_mac.o -c -o test/buildtest_c_obj_mac-bin-buildtest_obj_mac.o test/buildtest_obj_mac.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_objects-bin-buildtest_objects.d.tmp -MT test/buildtest_c_objects-bin-buildtest_objects.o -c -o test/buildtest_c_objects-bin-buildtest_objects.o test/buildtest_objects.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ocsp-bin-buildtest_ocsp.d.tmp -MT test/buildtest_c_ocsp-bin-buildtest_ocsp.o -c -o test/buildtest_c_ocsp-bin-buildtest_ocsp.o test/buildtest_ocsp.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_opensslv-bin-buildtest_opensslv.d.tmp -MT test/buildtest_c_opensslv-bin-buildtest_opensslv.o -c -o test/buildtest_c_opensslv-bin-buildtest_opensslv.o test/buildtest_opensslv.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ossl_typ-bin-buildtest_ossl_typ.d.tmp -MT test/buildtest_c_ossl_typ-bin-buildtest_ossl_typ.o -c -o test/buildtest_c_ossl_typ-bin-buildtest_ossl_typ.o test/buildtest_ossl_typ.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_params-bin-buildtest_params.d.tmp -MT test/buildtest_c_params-bin-buildtest_params.o -c -o test/buildtest_c_params-bin-buildtest_params.o test/buildtest_params.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pem-bin-buildtest_pem.d.tmp -MT test/buildtest_c_pem-bin-buildtest_pem.o -c -o test/buildtest_c_pem-bin-buildtest_pem.o test/buildtest_pem.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pem2-bin-buildtest_pem2.d.tmp -MT test/buildtest_c_pem2-bin-buildtest_pem2.o -c -o test/buildtest_c_pem2-bin-buildtest_pem2.o test/buildtest_pem2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pkcs12-bin-buildtest_pkcs12.d.tmp -MT test/buildtest_c_pkcs12-bin-buildtest_pkcs12.o -c -o test/buildtest_c_pkcs12-bin-buildtest_pkcs12.o test/buildtest_pkcs12.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pkcs7-bin-buildtest_pkcs7.d.tmp -MT test/buildtest_c_pkcs7-bin-buildtest_pkcs7.o -c -o test/buildtest_c_pkcs7-bin-buildtest_pkcs7.o test/buildtest_pkcs7.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_provider-bin-buildtest_provider.d.tmp -MT test/buildtest_c_provider-bin-buildtest_provider.o -c -o test/buildtest_c_provider-bin-buildtest_provider.o test/buildtest_provider.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rand-bin-buildtest_rand.d.tmp -MT test/buildtest_c_rand-bin-buildtest_rand.o -c -o test/buildtest_c_rand-bin-buildtest_rand.o test/buildtest_rand.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.d.tmp -MT test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.o -c -o test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.o test/buildtest_rand_drbg.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rc2-bin-buildtest_rc2.d.tmp -MT test/buildtest_c_rc2-bin-buildtest_rc2.o -c -o test/buildtest_c_rc2-bin-buildtest_rc2.o test/buildtest_rc2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rc4-bin-buildtest_rc4.d.tmp -MT test/buildtest_c_rc4-bin-buildtest_rc4.o -c -o test/buildtest_c_rc4-bin-buildtest_rc4.o test/buildtest_rc4.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ripemd-bin-buildtest_ripemd.d.tmp -MT test/buildtest_c_ripemd-bin-buildtest_ripemd.o -c -o test/buildtest_c_ripemd-bin-buildtest_ripemd.o test/buildtest_ripemd.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rsa-bin-buildtest_rsa.d.tmp -MT test/buildtest_c_rsa-bin-buildtest_rsa.o -c -o test/buildtest_c_rsa-bin-buildtest_rsa.o test/buildtest_rsa.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_safestack-bin-buildtest_safestack.d.tmp -MT test/buildtest_c_safestack-bin-buildtest_safestack.o -c -o test/buildtest_c_safestack-bin-buildtest_safestack.o test/buildtest_safestack.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_seed-bin-buildtest_seed.d.tmp -MT test/buildtest_c_seed-bin-buildtest_seed.o -c -o test/buildtest_c_seed-bin-buildtest_seed.o test/buildtest_seed.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_sha-bin-buildtest_sha.d.tmp -MT test/buildtest_c_sha-bin-buildtest_sha.o -c -o test/buildtest_c_sha-bin-buildtest_sha.o test/buildtest_sha.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_srp-bin-buildtest_srp.d.tmp -MT test/buildtest_c_srp-bin-buildtest_srp.o -c -o test/buildtest_c_srp-bin-buildtest_srp.o test/buildtest_srp.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_srtp-bin-buildtest_srtp.d.tmp -MT test/buildtest_c_srtp-bin-buildtest_srtp.o -c -o test/buildtest_c_srtp-bin-buildtest_srtp.o test/buildtest_srtp.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ssl-bin-buildtest_ssl.d.tmp -MT test/buildtest_c_ssl-bin-buildtest_ssl.o -c -o test/buildtest_c_ssl-bin-buildtest_ssl.o test/buildtest_ssl.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ssl2-bin-buildtest_ssl2.d.tmp -MT test/buildtest_c_ssl2-bin-buildtest_ssl2.o -c -o test/buildtest_c_ssl2-bin-buildtest_ssl2.o test/buildtest_ssl2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_stack-bin-buildtest_stack.d.tmp -MT test/buildtest_c_stack-bin-buildtest_stack.o -c -o test/buildtest_c_stack-bin-buildtest_stack.o test/buildtest_stack.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_store-bin-buildtest_store.d.tmp -MT test/buildtest_c_store-bin-buildtest_store.o -c -o test/buildtest_c_store-bin-buildtest_store.o test/buildtest_store.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_symhacks-bin-buildtest_symhacks.d.tmp -MT test/buildtest_c_symhacks-bin-buildtest_symhacks.o -c -o test/buildtest_c_symhacks-bin-buildtest_symhacks.o test/buildtest_symhacks.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_tls1-bin-buildtest_tls1.d.tmp -MT test/buildtest_c_tls1-bin-buildtest_tls1.o -c -o test/buildtest_c_tls1-bin-buildtest_tls1.o test/buildtest_tls1.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ts-bin-buildtest_ts.d.tmp -MT test/buildtest_c_ts-bin-buildtest_ts.o -c -o test/buildtest_c_ts-bin-buildtest_ts.o test/buildtest_ts.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_txt_db-bin-buildtest_txt_db.d.tmp -MT test/buildtest_c_txt_db-bin-buildtest_txt_db.o -c -o test/buildtest_c_txt_db-bin-buildtest_txt_db.o test/buildtest_txt_db.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ui-bin-buildtest_ui.d.tmp -MT test/buildtest_c_ui-bin-buildtest_ui.o -c -o test/buildtest_c_ui-bin-buildtest_ui.o test/buildtest_ui.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_whrlpool-bin-buildtest_whrlpool.d.tmp -MT test/buildtest_c_whrlpool-bin-buildtest_whrlpool.o -c -o test/buildtest_c_whrlpool-bin-buildtest_whrlpool.o test/buildtest_whrlpool.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509-bin-buildtest_x509.d.tmp -MT test/buildtest_c_x509-bin-buildtest_x509.o -c -o test/buildtest_c_x509-bin-buildtest_x509.o test/buildtest_x509.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.d.tmp -MT test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.o -c -o test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.o test/buildtest_x509_vfy.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509v3-bin-buildtest_x509v3.d.tmp -MT test/buildtest_c_x509v3-bin-buildtest_x509v3.o -c -o test/buildtest_c_x509v3-bin-buildtest_x509v3.o test/buildtest_x509v3.c rm -f test/rsa_complex ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/rsa_complex test/rsa_complex-bin-rsa_complex.o \ -ldl -pthread rm -f test/shlibloadtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/shlibloadtest test/shlibloadtest-bin-shlibloadtest.o \ -ldl -pthread ar r libcrypto.a crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/libcrypto-lib-aes_cfb.o crypto/aes/libcrypto-lib-aes_ecb.o crypto/aes/libcrypto-lib-aes_ige.o crypto/aes/libcrypto-lib-aes_misc.o crypto/aes/libcrypto-lib-aes_ofb.o crypto/aes/libcrypto-lib-aes_wrap.o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aria/libcrypto-lib-aria.o crypto/asn1/libcrypto-lib-a_bitstr.o crypto/asn1/libcrypto-lib-a_d2i_fp.o crypto/asn1/libcrypto-lib-a_digest.o crypto/asn1/libcrypto-lib-a_dup.o crypto/asn1/libcrypto-lib-a_gentm.o crypto/asn1/libcrypto-lib-a_i2d_fp.o crypto/asn1/libcrypto-lib-a_int.o crypto/asn1/libcrypto-lib-a_mbstr.o crypto/asn1/libcrypto-lib-a_object.o crypto/asn1/libcrypto-lib-a_octet.o crypto/asn1/libcrypto-lib-a_print.o crypto/asn1/libcrypto-lib-a_sign.o crypto/asn1/libcrypto-lib-a_strex.o crypto/asn1/libcrypto-lib-a_strnid.o crypto/asn1/libcrypto-lib-a_time.o crypto/asn1/libcrypto-lib-a_type.o crypto/asn1/libcrypto-lib-a_utctm.o crypto/asn1/libcrypto-lib-a_utf8.o crypto/asn1/libcrypto-lib-a_verify.o crypto/asn1/libcrypto-lib-ameth_lib.o crypto/asn1/libcrypto-lib-asn1_err.o crypto/asn1/libcrypto-lib-asn1_gen.o crypto/asn1/libcrypto-lib-asn1_item_list.o crypto/asn1/libcrypto-lib-asn1_lib.o crypto/asn1/libcrypto-lib-asn1_par.o crypto/asn1/libcrypto-lib-asn_mime.o crypto/asn1/libcrypto-lib-asn_moid.o crypto/asn1/libcrypto-lib-asn_mstbl.o crypto/asn1/libcrypto-lib-asn_pack.o crypto/asn1/libcrypto-lib-bio_asn1.o crypto/asn1/libcrypto-lib-bio_ndef.o crypto/asn1/libcrypto-lib-d2i_param.o crypto/asn1/libcrypto-lib-d2i_pr.o crypto/asn1/libcrypto-lib-d2i_pu.o crypto/asn1/libcrypto-lib-evp_asn1.o crypto/asn1/libcrypto-lib-f_int.o crypto/asn1/libcrypto-lib-f_string.o crypto/asn1/libcrypto-lib-i2d_param.o crypto/asn1/libcrypto-lib-i2d_pr.o crypto/asn1/libcrypto-lib-i2d_pu.o crypto/asn1/libcrypto-lib-n_pkey.o crypto/asn1/libcrypto-lib-nsseq.o crypto/asn1/libcrypto-lib-p5_pbe.o crypto/asn1/libcrypto-lib-p5_pbev2.o crypto/asn1/libcrypto-lib-p5_scrypt.o crypto/asn1/libcrypto-lib-p8_pkey.o crypto/asn1/libcrypto-lib-t_bitst.o crypto/asn1/libcrypto-lib-t_pkey.o crypto/asn1/libcrypto-lib-t_spki.o crypto/asn1/libcrypto-lib-tasn_dec.o crypto/asn1/libcrypto-lib-tasn_enc.o crypto/asn1/libcrypto-lib-tasn_fre.o crypto/asn1/libcrypto-lib-tasn_new.o crypto/asn1/libcrypto-lib-tasn_prn.o crypto/asn1/libcrypto-lib-tasn_scn.o crypto/asn1/libcrypto-lib-tasn_typ.o crypto/asn1/libcrypto-lib-tasn_utl.o crypto/asn1/libcrypto-lib-x_algor.o crypto/asn1/libcrypto-lib-x_bignum.o crypto/asn1/libcrypto-lib-x_info.o crypto/asn1/libcrypto-lib-x_int64.o crypto/asn1/libcrypto-lib-x_long.o crypto/asn1/libcrypto-lib-x_pkey.o crypto/asn1/libcrypto-lib-x_sig.o crypto/asn1/libcrypto-lib-x_spki.o crypto/asn1/libcrypto-lib-x_val.o crypto/async/arch/libcrypto-lib-async_null.o crypto/async/arch/libcrypto-lib-async_posix.o crypto/async/arch/libcrypto-lib-async_win.o crypto/async/libcrypto-lib-async.o crypto/async/libcrypto-lib-async_err.o crypto/async/libcrypto-lib-async_wait.o crypto/bf/libcrypto-lib-bf_cfb64.o crypto/bf/libcrypto-lib-bf_ecb.o crypto/bf/libcrypto-lib-bf_enc.o crypto/bf/libcrypto-lib-bf_ofb64.o crypto/bf/libcrypto-lib-bf_skey.o crypto/bio/libcrypto-lib-b_addr.o crypto/bio/libcrypto-lib-b_dump.o crypto/bio/libcrypto-lib-b_print.o crypto/bio/libcrypto-lib-b_sock.o crypto/bio/libcrypto-lib-b_sock2.o crypto/bio/libcrypto-lib-bf_buff.o crypto/bio/libcrypto-lib-bf_lbuf.o crypto/bio/libcrypto-lib-bf_nbio.o crypto/bio/libcrypto-lib-bf_null.o crypto/bio/libcrypto-lib-bio_cb.o crypto/bio/libcrypto-lib-bio_err.o crypto/bio/libcrypto-lib-bio_lib.o crypto/bio/libcrypto-lib-bio_meth.o crypto/bio/libcrypto-lib-bss_acpt.o crypto/bio/libcrypto-lib-bss_bio.o crypto/bio/libcrypto-lib-bss_conn.o crypto/bio/libcrypto-lib-bss_dgram.o crypto/bio/libcrypto-lib-bss_fd.o crypto/bio/libcrypto-lib-bss_file.o crypto/bio/libcrypto-lib-bss_log.o crypto/bio/libcrypto-lib-bss_mem.o crypto/bio/libcrypto-lib-bss_null.o crypto/bio/libcrypto-lib-bss_sock.o crypto/blake2/libcrypto-lib-m_blake2b.o crypto/blake2/libcrypto-lib-m_blake2s.o crypto/bn/asm/libcrypto-lib-x86_64-gcc.o crypto/bn/libcrypto-lib-bn_add.o crypto/bn/libcrypto-lib-bn_blind.o crypto/bn/libcrypto-lib-bn_const.o crypto/bn/libcrypto-lib-bn_conv.o crypto/bn/libcrypto-lib-bn_ctx.o crypto/bn/libcrypto-lib-bn_depr.o crypto/bn/libcrypto-lib-bn_dh.o crypto/bn/libcrypto-lib-bn_div.o crypto/bn/libcrypto-lib-bn_err.o crypto/bn/libcrypto-lib-bn_exp.o crypto/bn/libcrypto-lib-bn_exp2.o crypto/bn/libcrypto-lib-bn_gcd.o crypto/bn/libcrypto-lib-bn_gf2m.o crypto/bn/libcrypto-lib-bn_intern.o crypto/bn/libcrypto-lib-bn_kron.o crypto/bn/libcrypto-lib-bn_lib.o crypto/bn/libcrypto-lib-bn_mod.o crypto/bn/libcrypto-lib-bn_mont.o crypto/bn/libcrypto-lib-bn_mpi.o crypto/bn/libcrypto-lib-bn_mul.o crypto/bn/libcrypto-lib-bn_nist.o crypto/bn/libcrypto-lib-bn_prime.o crypto/bn/libcrypto-lib-bn_print.o crypto/bn/libcrypto-lib-bn_rand.o crypto/bn/libcrypto-lib-bn_recp.o crypto/bn/libcrypto-lib-bn_rsa_fips186_4.o crypto/bn/libcrypto-lib-bn_shift.o crypto/bn/libcrypto-lib-bn_sqr.o crypto/bn/libcrypto-lib-bn_sqrt.o crypto/bn/libcrypto-lib-bn_srp.o crypto/bn/libcrypto-lib-bn_word.o crypto/bn/libcrypto-lib-bn_x931p.o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/libcrypto-lib-rsaz_exp.o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/buffer/libcrypto-lib-buf_err.o crypto/buffer/libcrypto-lib-buffer.o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/libcrypto-lib-cmll_cfb.o crypto/camellia/libcrypto-lib-cmll_ctr.o crypto/camellia/libcrypto-lib-cmll_ecb.o crypto/camellia/libcrypto-lib-cmll_misc.o crypto/camellia/libcrypto-lib-cmll_ofb.o crypto/cast/libcrypto-lib-c_cfb64.o crypto/cast/libcrypto-lib-c_ecb.o crypto/cast/libcrypto-lib-c_enc.o crypto/cast/libcrypto-lib-c_ofb64.o crypto/cast/libcrypto-lib-c_skey.o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/cmac/libcrypto-lib-cm_ameth.o crypto/cmac/libcrypto-lib-cmac.o crypto/cmp/libcrypto-lib-cmp_asn.o crypto/cmp/libcrypto-lib-cmp_err.o crypto/cms/libcrypto-lib-cms_asn1.o crypto/cms/libcrypto-lib-cms_att.o crypto/cms/libcrypto-lib-cms_cd.o crypto/cms/libcrypto-lib-cms_dd.o crypto/cms/libcrypto-lib-cms_enc.o crypto/cms/libcrypto-lib-cms_env.o crypto/cms/libcrypto-lib-cms_err.o crypto/cms/libcrypto-lib-cms_ess.o crypto/cms/libcrypto-lib-cms_io.o crypto/cms/libcrypto-lib-cms_kari.o crypto/cms/libcrypto-lib-cms_lib.o crypto/cms/libcrypto-lib-cms_pwri.o crypto/cms/libcrypto-lib-cms_sd.o crypto/cms/libcrypto-lib-cms_smime.o crypto/comp/libcrypto-lib-c_zlib.o crypto/comp/libcrypto-lib-comp_err.o crypto/comp/libcrypto-lib-comp_lib.o crypto/conf/libcrypto-lib-conf_api.o crypto/conf/libcrypto-lib-conf_def.o crypto/conf/libcrypto-lib-conf_err.o crypto/conf/libcrypto-lib-conf_lib.o crypto/conf/libcrypto-lib-conf_mall.o crypto/conf/libcrypto-lib-conf_mod.o crypto/conf/libcrypto-lib-conf_sap.o crypto/conf/libcrypto-lib-conf_ssl.o crypto/crmf/libcrypto-lib-crmf_asn.o crypto/crmf/libcrypto-lib-crmf_err.o crypto/crmf/libcrypto-lib-crmf_lib.o crypto/crmf/libcrypto-lib-crmf_pbm.o crypto/ct/libcrypto-lib-ct_b64.o crypto/ct/libcrypto-lib-ct_err.o crypto/ct/libcrypto-lib-ct_log.o crypto/ct/libcrypto-lib-ct_oct.o crypto/ct/libcrypto-lib-ct_policy.o crypto/ct/libcrypto-lib-ct_prn.o crypto/ct/libcrypto-lib-ct_sct.o crypto/ct/libcrypto-lib-ct_sct_ctx.o crypto/ct/libcrypto-lib-ct_vfy.o crypto/ct/libcrypto-lib-ct_x509v3.o crypto/des/libcrypto-lib-cbc_cksm.o crypto/des/libcrypto-lib-cbc_enc.o crypto/des/libcrypto-lib-cfb64ede.o crypto/des/libcrypto-lib-cfb64enc.o crypto/des/libcrypto-lib-cfb_enc.o crypto/des/libcrypto-lib-des_enc.o crypto/des/libcrypto-lib-ecb3_enc.o crypto/des/libcrypto-lib-ecb_enc.o crypto/des/libcrypto-lib-fcrypt.o crypto/des/libcrypto-lib-fcrypt_b.o crypto/des/libcrypto-lib-ofb64ede.o crypto/des/libcrypto-lib-ofb64enc.o crypto/des/libcrypto-lib-ofb_enc.o crypto/des/libcrypto-lib-pcbc_enc.o crypto/des/libcrypto-lib-qud_cksm.o crypto/des/libcrypto-lib-rand_key.o crypto/des/libcrypto-lib-set_key.o crypto/des/libcrypto-lib-str2key.o crypto/des/libcrypto-lib-xcbc_enc.o crypto/dsa/libcrypto-lib-dsa_ameth.o crypto/dsa/libcrypto-lib-dsa_asn1.o crypto/dsa/libcrypto-lib-dsa_depr.o crypto/dsa/libcrypto-lib-dsa_err.o crypto/dsa/libcrypto-lib-dsa_gen.o crypto/dsa/libcrypto-lib-dsa_key.o crypto/dsa/libcrypto-lib-dsa_lib.o crypto/dsa/libcrypto-lib-dsa_meth.o crypto/dsa/libcrypto-lib-dsa_ossl.o crypto/dsa/libcrypto-lib-dsa_pmeth.o crypto/dsa/libcrypto-lib-dsa_prn.o crypto/dsa/libcrypto-lib-dsa_sign.o crypto/dsa/libcrypto-lib-dsa_vrf.o crypto/dso/libcrypto-lib-dso_dl.o crypto/dso/libcrypto-lib-dso_dlfcn.o crypto/dso/libcrypto-lib-dso_err.o crypto/dso/libcrypto-lib-dso_lib.o crypto/dso/libcrypto-lib-dso_openssl.o crypto/dso/libcrypto-lib-dso_vms.o crypto/dso/libcrypto-lib-dso_win32.o crypto/ec/curve448/arch_32/libcrypto-lib-f_impl.o crypto/ec/curve448/libcrypto-lib-curve448.o crypto/ec/curve448/libcrypto-lib-curve448_tables.o crypto/ec/curve448/libcrypto-lib-eddsa.o crypto/ec/curve448/libcrypto-lib-f_generic.o crypto/ec/curve448/libcrypto-lib-scalar.o crypto/ec/libcrypto-lib-curve25519.o crypto/ec/libcrypto-lib-ec2_oct.o crypto/ec/libcrypto-lib-ec2_smpl.o crypto/ec/libcrypto-lib-ec_ameth.o crypto/ec/libcrypto-lib-ec_asn1.o crypto/ec/libcrypto-lib-ec_check.o crypto/ec/libcrypto-lib-ec_curve.o crypto/ec/libcrypto-lib-ec_cvt.o crypto/ec/libcrypto-lib-ec_err.o crypto/ec/libcrypto-lib-ec_key.o crypto/ec/libcrypto-lib-ec_kmeth.o crypto/ec/libcrypto-lib-ec_lib.o crypto/ec/libcrypto-lib-ec_mult.o crypto/ec/libcrypto-lib-ec_oct.o crypto/ec/libcrypto-lib-ec_pmeth.o crypto/ec/libcrypto-lib-ec_print.o crypto/ec/libcrypto-lib-ecdh_kdf.o crypto/ec/libcrypto-lib-ecdh_ossl.o crypto/ec/libcrypto-lib-ecdsa_ossl.o crypto/ec/libcrypto-lib-ecdsa_sign.o crypto/ec/libcrypto-lib-ecdsa_vrf.o crypto/ec/libcrypto-lib-eck_prn.o crypto/ec/libcrypto-lib-ecp_mont.o crypto/ec/libcrypto-lib-ecp_nist.o crypto/ec/libcrypto-lib-ecp_nistp224.o crypto/ec/libcrypto-lib-ecp_nistp256.o crypto/ec/libcrypto-lib-ecp_nistp521.o crypto/ec/libcrypto-lib-ecp_nistputil.o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/libcrypto-lib-ecp_nistz256.o crypto/ec/libcrypto-lib-ecp_oct.o crypto/ec/libcrypto-lib-ecp_smpl.o crypto/ec/libcrypto-lib-ecx_meth.o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/engine/libcrypto-lib-eng_all.o crypto/engine/libcrypto-lib-eng_cnf.o crypto/engine/libcrypto-lib-eng_ctrl.o crypto/engine/libcrypto-lib-eng_dyn.o crypto/engine/libcrypto-lib-eng_err.o crypto/engine/libcrypto-lib-eng_fat.o crypto/engine/libcrypto-lib-eng_init.o crypto/engine/libcrypto-lib-eng_lib.o crypto/engine/libcrypto-lib-eng_list.o crypto/engine/libcrypto-lib-eng_openssl.o crypto/engine/libcrypto-lib-eng_pkey.o crypto/engine/libcrypto-lib-eng_rdrand.o crypto/engine/libcrypto-lib-eng_table.o crypto/engine/libcrypto-lib-tb_asnmth.o crypto/engine/libcrypto-lib-tb_cipher.o crypto/engine/libcrypto-lib-tb_dh.o crypto/engine/libcrypto-lib-tb_digest.o crypto/engine/libcrypto-lib-tb_dsa.o crypto/engine/libcrypto-lib-tb_eckey.o crypto/engine/libcrypto-lib-tb_pkmeth.o crypto/engine/libcrypto-lib-tb_rand.o crypto/engine/libcrypto-lib-tb_rsa.o crypto/err/libcrypto-lib-err.o crypto/err/libcrypto-lib-err_all.o crypto/err/libcrypto-lib-err_blocks.o crypto/err/libcrypto-lib-err_prn.o crypto/ess/libcrypto-lib-ess_asn1.o crypto/ess/libcrypto-lib-ess_err.o crypto/ess/libcrypto-lib-ess_lib.o crypto/evp/libcrypto-lib-bio_b64.o crypto/evp/libcrypto-lib-bio_enc.o crypto/evp/libcrypto-lib-bio_md.o crypto/evp/libcrypto-lib-bio_ok.o crypto/evp/libcrypto-lib-c_allc.o crypto/evp/libcrypto-lib-c_alld.o crypto/evp/libcrypto-lib-cmeth_lib.o crypto/evp/libcrypto-lib-digest.o crypto/evp/libcrypto-lib-e_aes.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o crypto/evp/libcrypto-lib-e_aria.o crypto/evp/libcrypto-lib-e_bf.o crypto/evp/libcrypto-lib-e_camellia.o crypto/evp/libcrypto-lib-e_cast.o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o crypto/evp/libcrypto-lib-e_des.o crypto/evp/libcrypto-lib-e_des3.o crypto/evp/libcrypto-lib-e_idea.o crypto/evp/libcrypto-lib-e_null.o crypto/evp/libcrypto-lib-e_old.o crypto/evp/libcrypto-lib-e_rc2.o crypto/evp/libcrypto-lib-e_rc4.o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o crypto/evp/libcrypto-lib-e_rc5.o crypto/evp/libcrypto-lib-e_seed.o crypto/evp/libcrypto-lib-e_sm4.o crypto/evp/libcrypto-lib-e_xcbc_d.o crypto/evp/libcrypto-lib-encode.o crypto/evp/libcrypto-lib-evp_cnf.o crypto/evp/libcrypto-lib-evp_enc.o crypto/evp/libcrypto-lib-evp_err.o crypto/evp/libcrypto-lib-evp_fetch.o crypto/evp/libcrypto-lib-evp_key.o crypto/evp/libcrypto-lib-evp_lib.o crypto/evp/libcrypto-lib-evp_pbe.o crypto/evp/libcrypto-lib-evp_pkey.o crypto/evp/libcrypto-lib-evp_utils.o crypto/evp/libcrypto-lib-exchange.o crypto/evp/libcrypto-lib-kdf_lib.o crypto/evp/libcrypto-lib-kdf_meth.o crypto/evp/libcrypto-lib-keymgmt_lib.o crypto/evp/libcrypto-lib-keymgmt_meth.o crypto/evp/libcrypto-lib-m_md2.o crypto/evp/libcrypto-lib-m_md4.o crypto/evp/libcrypto-lib-m_md5.o crypto/evp/libcrypto-lib-m_md5_sha1.o crypto/evp/libcrypto-lib-m_mdc2.o crypto/evp/libcrypto-lib-m_null.o crypto/evp/libcrypto-lib-m_ripemd.o crypto/evp/libcrypto-lib-m_sha1.o crypto/evp/libcrypto-lib-m_sha3.o crypto/evp/libcrypto-lib-m_sigver.o crypto/evp/libcrypto-lib-m_wp.o crypto/evp/libcrypto-lib-mac_lib.o crypto/evp/libcrypto-lib-mac_meth.o crypto/evp/libcrypto-lib-names.o crypto/evp/libcrypto-lib-p5_crpt.o crypto/evp/libcrypto-lib-p5_crpt2.o crypto/evp/libcrypto-lib-p_dec.o crypto/evp/libcrypto-lib-p_enc.o crypto/evp/libcrypto-lib-p_lib.o crypto/evp/libcrypto-lib-p_open.o crypto/evp/libcrypto-lib-p_seal.o crypto/evp/libcrypto-lib-p_sign.o crypto/evp/libcrypto-lib-p_verify.o crypto/evp/libcrypto-lib-pbe_scrypt.o crypto/evp/libcrypto-lib-pkey_kdf.o crypto/evp/libcrypto-lib-pkey_mac.o crypto/evp/libcrypto-lib-pmeth_fn.o crypto/evp/libcrypto-lib-pmeth_gn.o crypto/evp/libcrypto-lib-pmeth_lib.o crypto/hmac/libcrypto-lib-hm_ameth.o crypto/hmac/libcrypto-lib-hmac.o crypto/idea/libcrypto-lib-i_cbc.o crypto/idea/libcrypto-lib-i_cfb64.o crypto/idea/libcrypto-lib-i_ecb.o crypto/idea/libcrypto-lib-i_ofb64.o crypto/idea/libcrypto-lib-i_skey.o crypto/lhash/libcrypto-lib-lh_stats.o crypto/lhash/libcrypto-lib-lhash.o crypto/libcrypto-lib-asn1_dsa.o crypto/libcrypto-lib-bsearch.o crypto/libcrypto-lib-context.o crypto/libcrypto-lib-core_algorithm.o crypto/libcrypto-lib-core_fetch.o crypto/libcrypto-lib-core_namemap.o crypto/libcrypto-lib-cpt_err.o crypto/libcrypto-lib-cryptlib.o crypto/libcrypto-lib-ctype.o crypto/libcrypto-lib-cversion.o crypto/libcrypto-lib-ebcdic.o crypto/libcrypto-lib-ex_data.o crypto/libcrypto-lib-getenv.o crypto/libcrypto-lib-info.o crypto/libcrypto-lib-init.o crypto/libcrypto-lib-initthread.o crypto/libcrypto-lib-mem.o crypto/libcrypto-lib-mem_dbg.o crypto/libcrypto-lib-mem_sec.o crypto/libcrypto-lib-o_dir.o crypto/libcrypto-lib-o_fips.o crypto/libcrypto-lib-o_fopen.o crypto/libcrypto-lib-o_init.o crypto/libcrypto-lib-o_str.o crypto/libcrypto-lib-o_time.o crypto/libcrypto-lib-packet.o crypto/libcrypto-lib-param_build.o crypto/libcrypto-lib-params.o crypto/libcrypto-lib-params_from_text.o crypto/libcrypto-lib-provider.o crypto/libcrypto-lib-provider_conf.o crypto/libcrypto-lib-provider_core.o crypto/libcrypto-lib-provider_predefined.o crypto/libcrypto-lib-sparse_array.o crypto/libcrypto-lib-threads_none.o crypto/libcrypto-lib-threads_pthread.o crypto/libcrypto-lib-threads_win.o crypto/libcrypto-lib-trace.o crypto/libcrypto-lib-uid.o crypto/libcrypto-lib-x86_64cpuid.o crypto/md4/libcrypto-lib-md4_dgst.o crypto/md4/libcrypto-lib-md4_one.o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/libcrypto-lib-md5_dgst.o crypto/md5/libcrypto-lib-md5_one.o crypto/md5/libcrypto-lib-md5_sha1.o crypto/mdc2/libcrypto-lib-mdc2_one.o crypto/mdc2/libcrypto-lib-mdc2dgst.o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/libcrypto-lib-cbc128.o crypto/modes/libcrypto-lib-ccm128.o crypto/modes/libcrypto-lib-cfb128.o crypto/modes/libcrypto-lib-ctr128.o crypto/modes/libcrypto-lib-cts128.o crypto/modes/libcrypto-lib-gcm128.o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/libcrypto-lib-ocb128.o crypto/modes/libcrypto-lib-ofb128.o crypto/modes/libcrypto-lib-siv128.o crypto/modes/libcrypto-lib-wrap128.o crypto/modes/libcrypto-lib-xts128.o crypto/objects/libcrypto-lib-o_names.o crypto/objects/libcrypto-lib-obj_dat.o crypto/objects/libcrypto-lib-obj_err.o crypto/objects/libcrypto-lib-obj_lib.o crypto/objects/libcrypto-lib-obj_xref.o crypto/ocsp/libcrypto-lib-ocsp_asn.o crypto/ocsp/libcrypto-lib-ocsp_cl.o crypto/ocsp/libcrypto-lib-ocsp_err.o crypto/ocsp/libcrypto-lib-ocsp_ext.o crypto/ocsp/libcrypto-lib-ocsp_ht.o crypto/ocsp/libcrypto-lib-ocsp_lib.o crypto/ocsp/libcrypto-lib-ocsp_prn.o crypto/ocsp/libcrypto-lib-ocsp_srv.o crypto/ocsp/libcrypto-lib-ocsp_vfy.o crypto/ocsp/libcrypto-lib-v3_ocsp.o crypto/pem/libcrypto-lib-pem_all.o crypto/pem/libcrypto-lib-pem_err.o crypto/pem/libcrypto-lib-pem_info.o crypto/pem/libcrypto-lib-pem_lib.o crypto/pem/libcrypto-lib-pem_oth.o crypto/pem/libcrypto-lib-pem_pk8.o crypto/pem/libcrypto-lib-pem_pkey.o crypto/pem/libcrypto-lib-pem_sign.o crypto/pem/libcrypto-lib-pem_x509.o crypto/pem/libcrypto-lib-pem_xaux.o crypto/pem/libcrypto-lib-pvkfmt.o crypto/pkcs12/libcrypto-lib-p12_add.o crypto/pkcs12/libcrypto-lib-p12_asn.o crypto/pkcs12/libcrypto-lib-p12_attr.o crypto/pkcs12/libcrypto-lib-p12_crpt.o crypto/pkcs12/libcrypto-lib-p12_crt.o crypto/pkcs12/libcrypto-lib-p12_decr.o crypto/pkcs12/libcrypto-lib-p12_init.o crypto/pkcs12/libcrypto-lib-p12_key.o crypto/pkcs12/libcrypto-lib-p12_kiss.o crypto/pkcs12/libcrypto-lib-p12_mutl.o crypto/pkcs12/libcrypto-lib-p12_npas.o crypto/pkcs12/libcrypto-lib-p12_p8d.o crypto/pkcs12/libcrypto-lib-p12_p8e.o crypto/pkcs12/libcrypto-lib-p12_sbag.o crypto/pkcs12/libcrypto-lib-p12_utl.o crypto/pkcs12/libcrypto-lib-pk12err.o crypto/pkcs7/libcrypto-lib-bio_pk7.o crypto/pkcs7/libcrypto-lib-pk7_asn1.o crypto/pkcs7/libcrypto-lib-pk7_attr.o crypto/pkcs7/libcrypto-lib-pk7_doit.o crypto/pkcs7/libcrypto-lib-pk7_lib.o crypto/pkcs7/libcrypto-lib-pk7_mime.o crypto/pkcs7/libcrypto-lib-pk7_smime.o crypto/pkcs7/libcrypto-lib-pkcs7err.o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/libcrypto-lib-poly1305.o crypto/poly1305/libcrypto-lib-poly1305_ameth.o crypto/property/libcrypto-lib-defn_cache.o crypto/property/libcrypto-lib-property.o crypto/property/libcrypto-lib-property_err.o crypto/property/libcrypto-lib-property_parse.o crypto/property/libcrypto-lib-property_string.o crypto/rand/libcrypto-lib-drbg_ctr.o crypto/rand/libcrypto-lib-drbg_hash.o crypto/rand/libcrypto-lib-drbg_hmac.o crypto/rand/libcrypto-lib-drbg_lib.o crypto/rand/libcrypto-lib-rand_crng_test.o crypto/rand/libcrypto-lib-rand_egd.o crypto/rand/libcrypto-lib-rand_err.o crypto/rand/libcrypto-lib-rand_lib.o crypto/rand/libcrypto-lib-rand_unix.o crypto/rand/libcrypto-lib-rand_vms.o crypto/rand/libcrypto-lib-rand_vxworks.o crypto/rand/libcrypto-lib-rand_win.o crypto/rand/libcrypto-lib-randfile.o crypto/rc2/libcrypto-lib-rc2_cbc.o crypto/rc2/libcrypto-lib-rc2_ecb.o crypto/rc2/libcrypto-lib-rc2_skey.o crypto/rc2/libcrypto-lib-rc2cfb64.o crypto/rc2/libcrypto-lib-rc2ofb64.o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/ripemd/libcrypto-lib-rmd_dgst.o crypto/ripemd/libcrypto-lib-rmd_one.o crypto/rsa/libcrypto-lib-rsa_ameth.o crypto/rsa/libcrypto-lib-rsa_asn1.o crypto/rsa/libcrypto-lib-rsa_chk.o crypto/rsa/libcrypto-lib-rsa_crpt.o crypto/rsa/libcrypto-lib-rsa_depr.o crypto/rsa/libcrypto-lib-rsa_err.o crypto/rsa/libcrypto-lib-rsa_gen.o crypto/rsa/libcrypto-lib-rsa_lib.o crypto/rsa/libcrypto-lib-rsa_meth.o crypto/rsa/libcrypto-lib-rsa_mp.o crypto/rsa/libcrypto-lib-rsa_none.o crypto/rsa/libcrypto-lib-rsa_oaep.o crypto/rsa/libcrypto-lib-rsa_ossl.o crypto/rsa/libcrypto-lib-rsa_pk1.o crypto/rsa/libcrypto-lib-rsa_pmeth.o crypto/rsa/libcrypto-lib-rsa_prn.o crypto/rsa/libcrypto-lib-rsa_pss.o crypto/rsa/libcrypto-lib-rsa_saos.o crypto/rsa/libcrypto-lib-rsa_sign.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_check.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_gen.o crypto/rsa/libcrypto-lib-rsa_ssl.o crypto/rsa/libcrypto-lib-rsa_x931.o crypto/rsa/libcrypto-lib-rsa_x931g.o crypto/seed/libcrypto-lib-seed.o crypto/seed/libcrypto-lib-seed_cbc.o crypto/seed/libcrypto-lib-seed_cfb.o crypto/seed/libcrypto-lib-seed_ecb.o crypto/seed/libcrypto-lib-seed_ofb.o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/libcrypto-lib-sha1_one.o crypto/sha/libcrypto-lib-sha1dgst.o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/libcrypto-lib-sha256.o crypto/sha/libcrypto-lib-sha3.o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/libcrypto-lib-sha512.o crypto/siphash/libcrypto-lib-siphash.o crypto/siphash/libcrypto-lib-siphash_ameth.o crypto/sm2/libcrypto-lib-sm2_crypt.o crypto/sm2/libcrypto-lib-sm2_err.o crypto/sm2/libcrypto-lib-sm2_pmeth.o crypto/sm2/libcrypto-lib-sm2_sign.o crypto/sm3/libcrypto-lib-m_sm3.o crypto/sm3/libcrypto-lib-sm3.o crypto/sm4/libcrypto-lib-sm4.o crypto/srp/libcrypto-lib-srp_lib.o crypto/srp/libcrypto-lib-srp_vfy.o crypto/stack/libcrypto-lib-stack.o crypto/store/libcrypto-lib-loader_file.o crypto/store/libcrypto-lib-store_err.o crypto/store/libcrypto-lib-store_init.o crypto/store/libcrypto-lib-store_lib.o crypto/store/libcrypto-lib-store_register.o crypto/store/libcrypto-lib-store_strings.o crypto/ts/libcrypto-lib-ts_asn1.o crypto/ts/libcrypto-lib-ts_conf.o crypto/ts/libcrypto-lib-ts_err.o crypto/ts/libcrypto-lib-ts_lib.o crypto/ts/libcrypto-lib-ts_req_print.o crypto/ts/libcrypto-lib-ts_req_utils.o crypto/ts/libcrypto-lib-ts_rsp_print.o crypto/ts/libcrypto-lib-ts_rsp_sign.o crypto/ts/libcrypto-lib-ts_rsp_utils.o crypto/ts/libcrypto-lib-ts_rsp_verify.o crypto/ts/libcrypto-lib-ts_verify_ctx.o crypto/txt_db/libcrypto-lib-txt_db.o crypto/ui/libcrypto-lib-ui_err.o crypto/ui/libcrypto-lib-ui_lib.o crypto/ui/libcrypto-lib-ui_null.o crypto/ui/libcrypto-lib-ui_openssl.o crypto/ui/libcrypto-lib-ui_util.o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/libcrypto-lib-wp_dgst.o crypto/x509/libcrypto-lib-by_dir.o crypto/x509/libcrypto-lib-by_file.o crypto/x509/libcrypto-lib-pcy_cache.o crypto/x509/libcrypto-lib-pcy_data.o crypto/x509/libcrypto-lib-pcy_lib.o crypto/x509/libcrypto-lib-pcy_map.o crypto/x509/libcrypto-lib-pcy_node.o crypto/x509/libcrypto-lib-pcy_tree.o crypto/x509/libcrypto-lib-t_crl.o crypto/x509/libcrypto-lib-t_req.o crypto/x509/libcrypto-lib-t_x509.o crypto/x509/libcrypto-lib-v3_addr.o crypto/x509/libcrypto-lib-v3_admis.o crypto/x509/libcrypto-lib-v3_akey.o crypto/x509/libcrypto-lib-v3_akeya.o crypto/x509/libcrypto-lib-v3_alt.o crypto/x509/libcrypto-lib-v3_asid.o crypto/x509/libcrypto-lib-v3_bcons.o crypto/x509/libcrypto-lib-v3_bitst.o crypto/x509/libcrypto-lib-v3_conf.o crypto/x509/libcrypto-lib-v3_cpols.o crypto/x509/libcrypto-lib-v3_crld.o crypto/x509/libcrypto-lib-v3_enum.o crypto/x509/libcrypto-lib-v3_extku.o crypto/x509/libcrypto-lib-v3_genn.o crypto/x509/libcrypto-lib-v3_ia5.o crypto/x509/libcrypto-lib-v3_info.o crypto/x509/libcrypto-lib-v3_int.o crypto/x509/libcrypto-lib-v3_lib.o crypto/x509/libcrypto-lib-v3_ncons.o crypto/x509/libcrypto-lib-v3_pci.o crypto/x509/libcrypto-lib-v3_pcia.o crypto/x509/libcrypto-lib-v3_pcons.o crypto/x509/libcrypto-lib-v3_pku.o crypto/x509/libcrypto-lib-v3_pmaps.o crypto/x509/libcrypto-lib-v3_prn.o crypto/x509/libcrypto-lib-v3_purp.o crypto/x509/libcrypto-lib-v3_skey.o crypto/x509/libcrypto-lib-v3_sxnet.o crypto/x509/libcrypto-lib-v3_tlsf.o crypto/x509/libcrypto-lib-v3_utl.o crypto/x509/libcrypto-lib-v3err.o crypto/x509/libcrypto-lib-x509_att.o crypto/x509/libcrypto-lib-x509_cmp.o crypto/x509/libcrypto-lib-x509_d2.o crypto/x509/libcrypto-lib-x509_def.o crypto/x509/libcrypto-lib-x509_err.o crypto/x509/libcrypto-lib-x509_ext.o crypto/x509/libcrypto-lib-x509_lu.o crypto/x509/libcrypto-lib-x509_meth.o crypto/x509/libcrypto-lib-x509_obj.o crypto/x509/libcrypto-lib-x509_r2x.o crypto/x509/libcrypto-lib-x509_req.o crypto/x509/libcrypto-lib-x509_set.o crypto/x509/libcrypto-lib-x509_trs.o crypto/x509/libcrypto-lib-x509_txt.o crypto/x509/libcrypto-lib-x509_v3.o crypto/x509/libcrypto-lib-x509_vfy.o crypto/x509/libcrypto-lib-x509_vpm.o crypto/x509/libcrypto-lib-x509cset.o crypto/x509/libcrypto-lib-x509name.o crypto/x509/libcrypto-lib-x509rset.o crypto/x509/libcrypto-lib-x509spki.o crypto/x509/libcrypto-lib-x509type.o crypto/x509/libcrypto-lib-x_all.o crypto/x509/libcrypto-lib-x_attrib.o crypto/x509/libcrypto-lib-x_crl.o crypto/x509/libcrypto-lib-x_exten.o crypto/x509/libcrypto-lib-x_name.o crypto/x509/libcrypto-lib-x_pubkey.o crypto/x509/libcrypto-lib-x_req.o crypto/x509/libcrypto-lib-x_x509.o crypto/x509/libcrypto-lib-x_x509a.o providers/common/ciphers/libcrypto-lib-block.o providers/common/ciphers/libcrypto-lib-cipher_aes.o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o providers/common/ciphers/libcrypto-lib-cipher_ccm.o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o providers/common/ciphers/libcrypto-lib-cipher_common.o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o providers/common/ciphers/libcrypto-lib-cipher_gcm.o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o providers/common/ciphers/libcrypto-lib-cipher_tdes.o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o providers/common/digests/libcrypto-lib-digest_common.o providers/common/digests/libcrypto-lib-sha2_prov.o providers/common/digests/libcrypto-lib-sha3_prov.o providers/common/kdfs/libcrypto-lib-hkdf.o providers/common/kdfs/libcrypto-lib-pbkdf2.o providers/common/kdfs/libcrypto-lib-sskdf.o providers/common/kdfs/libcrypto-lib-tls1_prf.o providers/common/libcrypto-lib-provider_err.o providers/common/libcrypto-lib-provider_util.o providers/common/libcrypto-lib-provlib.o providers/common/macs/libcrypto-lib-cmac_prov.o providers/common/macs/libcrypto-lib-gmac_prov.o providers/common/macs/libcrypto-lib-hmac_prov.o providers/common/macs/libcrypto-lib-kmac_prov.o providers/common/signature/libcrypto-lib-dsa.o providers/default/ciphers/libcrypto-lib-cipher_aria.o providers/default/ciphers/libcrypto-lib-cipher_aria_ccm.o providers/default/ciphers/libcrypto-lib-cipher_aria_ccm_hw.o providers/default/ciphers/libcrypto-lib-cipher_aria_gcm.o providers/default/ciphers/libcrypto-lib-cipher_aria_gcm_hw.o providers/default/ciphers/libcrypto-lib-cipher_aria_hw.o providers/default/ciphers/libcrypto-lib-cipher_camellia.o providers/default/ciphers/libcrypto-lib-cipher_camellia_hw.o providers/default/ciphers/libcrypto-lib-cipher_desx.o providers/default/ciphers/libcrypto-lib-cipher_desx_hw.o providers/default/ciphers/libcrypto-lib-cipher_tdes_default.o providers/default/ciphers/libcrypto-lib-cipher_tdes_default_hw.o providers/default/ciphers/libcrypto-lib-cipher_tdes_wrap.o providers/default/ciphers/libcrypto-lib-cipher_tdes_wrap_hw.o providers/default/digests/libcrypto-lib-blake2_prov.o providers/default/digests/libcrypto-lib-blake2b_prov.o providers/default/digests/libcrypto-lib-blake2s_prov.o providers/default/digests/libcrypto-lib-md5_prov.o providers/default/digests/libcrypto-lib-md5_sha1_prov.o providers/default/digests/libcrypto-lib-sm3_prov.o providers/default/kdfs/libcrypto-lib-scrypt.o providers/default/kdfs/libcrypto-lib-sshkdf.o providers/default/kdfs/libcrypto-lib-x942kdf.o providers/default/libcrypto-lib-defltprov.o providers/default/macs/libcrypto-lib-blake2b_mac.o providers/default/macs/libcrypto-lib-blake2s_mac.o providers/default/macs/libcrypto-lib-poly1305_prov.o providers/default/macs/libcrypto-lib-siphash_prov.o ar: creating libcrypto.a rm -f libcrypto.so && \ ln -s libcrypto.so.3 libcrypto.so clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-znodelete -shared -Wl,-Bsymbolic -Wl,-soname=libssl.so.3 \ -o libssl.so.3 -Wl,--version-script=libssl.ld crypto/libssl-shlib-packet.o ssl/libssl-shlib-bio_ssl.o ssl/libssl-shlib-d1_lib.o ssl/libssl-shlib-d1_msg.o ssl/libssl-shlib-d1_srtp.o ssl/libssl-shlib-methods.o ssl/libssl-shlib-pqueue.o ssl/libssl-shlib-s3_cbc.o ssl/libssl-shlib-s3_enc.o ssl/libssl-shlib-s3_lib.o ssl/libssl-shlib-s3_msg.o ssl/libssl-shlib-ssl_asn1.o ssl/libssl-shlib-ssl_cert.o ssl/libssl-shlib-ssl_ciph.o ssl/libssl-shlib-ssl_conf.o ssl/libssl-shlib-ssl_err.o ssl/libssl-shlib-ssl_init.o ssl/libssl-shlib-ssl_lib.o ssl/libssl-shlib-ssl_mcnf.o ssl/libssl-shlib-ssl_rsa.o ssl/libssl-shlib-ssl_sess.o ssl/libssl-shlib-ssl_stat.o ssl/libssl-shlib-ssl_txt.o ssl/libssl-shlib-ssl_utst.o ssl/libssl-shlib-t1_enc.o ssl/libssl-shlib-t1_lib.o ssl/libssl-shlib-t1_trce.o ssl/libssl-shlib-tls13_enc.o ssl/libssl-shlib-tls_srp.o ssl/record/libssl-shlib-dtls1_bitmap.o ssl/record/libssl-shlib-rec_layer_d1.o ssl/record/libssl-shlib-rec_layer_s3.o ssl/record/libssl-shlib-ssl3_buffer.o ssl/record/libssl-shlib-ssl3_record.o ssl/record/libssl-shlib-ssl3_record_tls13.o ssl/statem/libssl-shlib-extensions.o ssl/statem/libssl-shlib-extensions_clnt.o ssl/statem/libssl-shlib-extensions_cust.o ssl/statem/libssl-shlib-extensions_srvr.o ssl/statem/libssl-shlib-statem.o ssl/statem/libssl-shlib-statem_clnt.o ssl/statem/libssl-shlib-statem_dtls.o ssl/statem/libssl-shlib-statem_lib.o ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld engines/padlock-dso-e_padlock-x86_64.o engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread ranlib libcrypto.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld providers/common/digests/legacy-dso-digest_common.o providers/legacy/digests/legacy-dso-md4_prov.o providers/legacy/digests/legacy-dso-mdc2_prov.o providers/legacy/digests/legacy-dso-ripemd_prov.o providers/legacy/digests/legacy-dso-wp_prov.o providers/legacy/legacy-dso-legacyprov.o \ -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test fuzz/asn1parse-test-bin-asn1parse.o fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test fuzz/bignum-test-bin-bignum.o fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test fuzz/bndiv-test-bin-bndiv.o fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:15403: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clangclang: : errorerror: : linker command failed with exit code 1 (use -v to see invocation)linker command failed with exit code 1 (use -v to see invocation) Makefile:15424: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 Makefile:15445: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Wed Sep 11 02:16:55 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 11 Sep 2019 02:16:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1568168215.665879.9881.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 5840ed0cd1 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey fa3eb248e2 Fix a potential crash in rand_unix.c e301c147a7 Fix a strict warnings error in rand_pool_acquire_entropy Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: error: implicit declaration of function 'DSA_set0_pqg' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!DSA_set0_pqg(dsa, p, q, g)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: error: implicit declaration of function 'DSA_set0_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (pub_key != NULL && !DSA_set0_key(dsa, pub_key, priv_key)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: note: did you mean 'DSA_set0_pqg'? ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: note: 'DSA_set0_pqg' declared here if (!DSA_set0_pqg(dsa, p, q, g)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] if (pub_key != NULL && !DSA_set0_key(dsa, pub_key, priv_key)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:16: error: implicit declaration of function 'DSA_new' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if ((dsa = DSA_new()) == NULL ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:16: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:14: error: incompatible integer to pointer conversion assigning to 'DSA *' (aka 'struct dsa_st *') from 'int' [-Werror,-Wint-conversion] if ((dsa = DSA_new()) == NULL ^ ~~~~~~~~~ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:77:9: error: implicit declaration of function 'DSA_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] DSA_free(dsa); ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:77:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:89:50: error: use of undeclared identifier 'DSA_free' { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DSA_free }, ^ 10 errors generated. Makefile:12389: recipe for target 'providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o' failed make[1]: *** [providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Wed Sep 11 03:31:58 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 11 Sep 2019 03:31:58 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1568172718.974537.8725.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 5840ed0cd1 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey fa3eb248e2 Fix a potential crash in rand_unix.c e301c147a7 Fix a strict warnings error in rand_pool_acquire_entropy Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_crld.d.tmp -MT crypto/x509/libcrypto-lib-v3_crld.o -c -o crypto/x509/libcrypto-lib-v3_crld.o ../openssl/crypto/x509/v3_crld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509/libcrypto-lib-v3_enum.o -c -o crypto/x509/libcrypto-lib-v3_enum.o ../openssl/crypto/x509/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509/libcrypto-lib-v3_extku.o -c -o crypto/x509/libcrypto-lib-v3_extku.o ../openssl/crypto/x509/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509/libcrypto-lib-v3_genn.o -c -o crypto/x509/libcrypto-lib-v3_genn.o ../openssl/crypto/x509/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509/libcrypto-lib-v3_ia5.o -c -o crypto/x509/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_info.d.tmp -MT crypto/x509/libcrypto-lib-v3_info.o -c -o crypto/x509/libcrypto-lib-v3_info.o ../openssl/crypto/x509/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_int.d.tmp -MT crypto/x509/libcrypto-lib-v3_int.o -c -o crypto/x509/libcrypto-lib-v3_int.o ../openssl/crypto/x509/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509/libcrypto-lib-v3_lib.o -c -o crypto/x509/libcrypto-lib-v3_lib.o ../openssl/crypto/x509/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509/libcrypto-lib-v3_ncons.o -c -o crypto/x509/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509/libcrypto-lib-v3_pci.o -c -o crypto/x509/libcrypto-lib-v3_pci.o ../openssl/crypto/x509/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcia.o -c -o crypto/x509/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcons.o -c -o crypto/x509/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509/libcrypto-lib-v3_pku.o -c -o crypto/x509/libcrypto-lib-v3_pku.o ../openssl/crypto/x509/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-cmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-cmac_prov.o -c -o providers/common/macs/libcrypto-lib-cmac_prov.o ../openssl/providers/common/macs/cmac_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-gmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-gmac_prov.o -c -o providers/common/macs/libcrypto-lib-gmac_prov.o ../openssl/providers/common/macs/gmac_prov.c ../openssl/providers/common/provider_util.c:52:9: error: implicit declaration of function 'ENGINE_finish' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ENGINE_finish(*engine); ^ ../openssl/providers/common/provider_util.c:52:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:19: error: implicit declaration of function 'ENGINE_by_id' is invalid in C99 [-Werror,-Wimplicit-function-declaration] *engine = ENGINE_by_id(p->data); ^ ../openssl/providers/common/provider_util.c:53:19: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:17: error: incompatible integer to pointer conversion assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int' [-Werror,-Wint-conversion] *engine = ENGINE_by_id(p->data); ^ ~~~~~~~~~~~~~~~~~~~~~ 5 errors generated. Makefile:12269: recipe for target 'providers/common/libcrypto-lib-provider_util.o' failed make[1]: *** [providers/common/libcrypto-lib-provider_util.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-engine' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Wed Sep 11 03:32:53 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 11 Sep 2019 03:32:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine no-shared Message-ID: <1568172773.764216.13891.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine no-shared Commit log since last time: 5840ed0cd1 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey fa3eb248e2 Fix a potential crash in rand_unix.c e301c147a7 Fix a strict warnings error in rand_pool_acquire_entropy Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509/libcrypto-lib-v3_enum.o -c -o crypto/x509/libcrypto-lib-v3_enum.o ../openssl/crypto/x509/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509/libcrypto-lib-v3_extku.o -c -o crypto/x509/libcrypto-lib-v3_extku.o ../openssl/crypto/x509/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509/libcrypto-lib-v3_genn.o -c -o crypto/x509/libcrypto-lib-v3_genn.o ../openssl/crypto/x509/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509/libcrypto-lib-v3_ia5.o -c -o crypto/x509/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_info.d.tmp -MT crypto/x509/libcrypto-lib-v3_info.o -c -o crypto/x509/libcrypto-lib-v3_info.o ../openssl/crypto/x509/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_int.d.tmp -MT crypto/x509/libcrypto-lib-v3_int.o -c -o crypto/x509/libcrypto-lib-v3_int.o ../openssl/crypto/x509/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509/libcrypto-lib-v3_lib.o -c -o crypto/x509/libcrypto-lib-v3_lib.o ../openssl/crypto/x509/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509/libcrypto-lib-v3_ncons.o -c -o crypto/x509/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509/libcrypto-lib-v3_pci.o -c -o crypto/x509/libcrypto-lib-v3_pci.o ../openssl/crypto/x509/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcia.o -c -o crypto/x509/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcons.o -c -o crypto/x509/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509/libcrypto-lib-v3_pku.o -c -o crypto/x509/libcrypto-lib-v3_pku.o ../openssl/crypto/x509/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-cmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-cmac_prov.o -c -o providers/common/macs/libcrypto-lib-cmac_prov.o ../openssl/providers/common/macs/cmac_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-gmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-gmac_prov.o -c -o providers/common/macs/libcrypto-lib-gmac_prov.o ../openssl/providers/common/macs/gmac_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-hmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-hmac_prov.o -c -o providers/common/macs/libcrypto-lib-hmac_prov.o ../openssl/providers/common/macs/hmac_prov.c ../openssl/providers/common/provider_util.c:52:9: error: implicit declaration of function 'ENGINE_finish' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ENGINE_finish(*engine); ^ ../openssl/providers/common/provider_util.c:52:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:19: error: implicit declaration of function 'ENGINE_by_id' is invalid in C99 [-Werror,-Wimplicit-function-declaration] *engine = ENGINE_by_id(p->data); ^ ../openssl/providers/common/provider_util.c:53:19: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:17: error: incompatible integer to pointer conversion assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int' [-Werror,-Wint-conversion] *engine = ENGINE_by_id(p->data); ^ ~~~~~~~~~~~~~~~~~~~~~ 5 errors generated. Makefile:6455: recipe for target 'providers/common/libcrypto-lib-provider_util.o' failed make[1]: *** [providers/common/libcrypto-lib-provider_util.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-engine_no-shared' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From shane.lontis at oracle.com Wed Sep 11 07:54:00 2019 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 11 Sep 2019 07:54:00 +0000 Subject: [openssl] master update Message-ID: <1568188440.764502.26873.nullmailer@dev.openssl.org> The branch master has been updated via dc64dc2edd215d6cc5843c1bfe1f0b64bff26adc (commit) from 64115f05ac950390e80e3993703513cda439fca0 (commit) - Log ----------------------------------------------------------------- commit dc64dc2edd215d6cc5843c1bfe1f0b64bff26adc Author: Shane Lontis Date: Wed Sep 11 17:52:30 2019 +1000 Add EVP_CIPHER_CTX_tag_length() There is no deprecated CTRL support for this new field. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9698) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_lib.c | 11 +++++++++++ crypto/evp/evp_utils.c | 2 ++ doc/man3/EVP_EncryptInit.pod | 9 +++++++++ doc/man7/provider-cipher.pod | 5 +++++ include/openssl/core_names.h | 3 ++- include/openssl/evp.h | 1 + providers/common/ciphers/cipher_ccm.c | 14 ++++++++++++-- providers/common/ciphers/cipher_common.c | 1 + providers/common/ciphers/cipher_gcm.c | 11 +++++++++++ providers/common/include/internal/ciphers/cipher_ccm.h | 2 +- test/aesgcmtest.c | 2 ++ test/evp_extra_test.c | 3 +++ util/libcrypto.num | 1 + 13 files changed, 61 insertions(+), 4 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 9c3edb3322..5be04b0502 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -336,6 +336,17 @@ legacy: return v; } +int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx) +{ + int ret; + size_t v = 0; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, &v); + ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); + return ret == 1 ? (int)v : 0; +} + const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) { return ctx->oiv; diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c index e5cd5b84e1..3da208a69f 100644 --- a/crypto/evp/evp_utils.c +++ b/crypto/evp/evp_utils.c @@ -25,6 +25,8 @@ * use the same value, and other callers will have to compensate. */ #define PARAM_CHECK(obj, func, errfunc) \ + if (obj == NULL) \ + return 0; \ if (obj->prov == NULL) \ return EVP_CTRL_RET_UNSUPPORTED; \ if (obj->func == NULL) { \ diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 11d0250a0d..78f67bd643 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -49,6 +49,7 @@ EVP_CIPHER_CTX_settable_params, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_tag_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, @@ -137,6 +138,7 @@ EVP_CIPHER_do_all_ex int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); @@ -297,6 +299,10 @@ length of a cipher when passed an B or B. It will return zero if the cipher does not use an IV. The constant B is the maximum IV length for all ciphers. +EVP_CIPHER_CTX_tag_length() returns the tag length of a AEAD cipher when passed +a B. It will return zero if the cipher does not support a tag. +It returns a default value if the tag length has not been set. + EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block size of a cipher when passed an B or B structure. The constant B is also the maximum block @@ -395,6 +401,9 @@ EVP_CIPHER_CTX_set_padding() always returns 1. EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV length or zero if the cipher does not use an IV. +EVP_CIPHER_CTX_tag_length() return the tag length or zero if the cipher does not +use a tag. + EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER. diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index 1b7dff8f76..d5d2f13390 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -248,6 +248,11 @@ block has been "used" already. Gets or sets the AEAD tag for the associated cipher ctx. See L. +=item B (size_t) + +Gets the tag length to be used for an AEAD cipher for the associated cipher ctx. +It returns a default value if it has not been set. + =item B (octet_string) =for comment TODO(3.0): Consider changing this interface so that all ciphers diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index b11bc614a8..e1bc43d8db 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -63,7 +63,8 @@ extern "C" { #define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD "tlsaad" /* octet_string */ #define OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD "tlsaadpad" /* size_t */ #define OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED "tlsivfixed" /* octet_string */ -#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN +#define OSSL_CIPHER_PARAM_AEAD_IVLEN OSSL_CIPHER_PARAM_IVLEN +#define OSSL_CIPHER_PARAM_AEAD_TAGLEN "taglen" /* size_t */ #define OSSL_CIPHER_PARAM_RANDOM_KEY "randkey" /* octet_string */ /* digest parameters */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 69d70e5e9c..2eb6802d3e 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -493,6 +493,7 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); diff --git a/providers/common/ciphers/cipher_ccm.c b/providers/common/ciphers/cipher_ccm.c index 8970b02670..9c58dfeafa 100644 --- a/providers/common/ciphers/cipher_ccm.c +++ b/providers/common/ciphers/cipher_ccm.c @@ -148,6 +148,16 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); + if (p != NULL) { + size_t m = ctx->m; + + if (!OSSL_PARAM_set_size_t(p, m)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { if (ccm_get_ivlen(ctx) != p->data_size) { @@ -346,7 +356,7 @@ static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, if (!ctx->key_set) return 0; - if (ctx->tls_aad_len >= 0) + if (ctx->tls_aad_len != UNINITIALISED_SIZET) return ccm_tls_cipher(ctx, out, padlen, in, len); /* EVP_*Final() doesn't return any data */ @@ -406,7 +416,7 @@ void ccm_initctx(PROV_CCM_CTX *ctx, size_t keybits, const PROV_CCM_HW *hw) ctx->len_set = 0; ctx->l = 8; ctx->m = 12; - ctx->tls_aad_len = -1; + ctx->tls_aad_len = UNINITIALISED_SIZET; ctx->hw = hw; } diff --git a/providers/common/ciphers/cipher_common.c b/providers/common/ciphers/cipher_common.c index de67fc1341..18d6dd9ca5 100644 --- a/providers/common/ciphers/cipher_common.c +++ b/providers/common/ciphers/cipher_common.c @@ -85,6 +85,7 @@ const OSSL_PARAM *cipher_generic_settable_ctx_params(void) static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL), + OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0), OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL), diff --git a/providers/common/ciphers/cipher_gcm.c b/providers/common/ciphers/cipher_gcm.c index 4247319091..9a61eabdfc 100644 --- a/providers/common/ciphers/cipher_gcm.c +++ b/providers/common/ciphers/cipher_gcm.c @@ -98,6 +98,16 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); + if (p != NULL) { + size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen : + GCM_TAG_MAX_SIZE; + + if (!OSSL_PARAM_set_size_t(p, taglen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { @@ -133,6 +143,7 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) return 0; } } + return 1; } diff --git a/providers/common/include/internal/ciphers/cipher_ccm.h b/providers/common/include/internal/ciphers/cipher_ccm.h index 08a2d46858..757c22eb53 100644 --- a/providers/common/include/internal/ciphers/cipher_ccm.h +++ b/providers/common/include/internal/ciphers/cipher_ccm.h @@ -35,7 +35,7 @@ typedef struct prov_ccm_st { unsigned int len_set : 1; /* Set if message length set */ size_t l, m; /* L and M parameters from RFC3610 */ size_t keylen; - int tls_aad_len; /* TLS AAD length */ + size_t tls_aad_len; /* TLS AAD length */ size_t tls_aad_pad_sz; unsigned char iv[AES_BLOCK_SIZE]; unsigned char buf[AES_BLOCK_SIZE]; diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c index a13e9b856c..4a255d502c 100644 --- a/test/aesgcmtest.c +++ b/test/aesgcmtest.c @@ -54,6 +54,7 @@ static int do_encrypt(unsigned char *iv_gen, unsigned char *ct, int *ct_len, && TEST_true(EVP_EncryptUpdate(ctx, ct, ct_len, gcm_pt, sizeof(gcm_pt)) > 0) && TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &outlen) > 0) + && TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 16) && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, tag) > 0) && TEST_true(iv_gen == NULL @@ -75,6 +76,7 @@ static int do_decrypt(const unsigned char *iv, const unsigned char *ct, && TEST_true(EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) > 0) && TEST_true(EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, iv) > 0) + && TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 16) && TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)) > 0) && TEST_true(EVP_DecryptUpdate(ctx, pt, &ptlen, ct, diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 7b7c632dd1..631ad65540 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1241,10 +1241,13 @@ static int encrypt_decrypt(const EVP_CIPHER *cipher, const unsigned char *msg, memset(key, 0, sizeof(key)); if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 0) || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 1)) + || !TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 0) || !TEST_true(EVP_CipherUpdate(ctx, ct, &ctlen, msg, len)) || !TEST_true(EVP_CipherFinal_ex(ctx, ct, &ctlen)) || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 0)) + || !TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 0) || !TEST_true(EVP_CipherUpdate(ctx, pt, &ptlen, ct, ctlen)) || !TEST_true(EVP_CipherFinal_ex(ctx, pt, &ptlen)) || !TEST_mem_eq(pt, ptlen, msg, len)) diff --git a/util/libcrypto.num b/util/libcrypto.num index e5c869af44..07469a1f26 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4752,3 +4752,4 @@ EVP_PKEY_CTX_get_signature_md 4868 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_params 4869 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_gettable_params 4870 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_settable_params 4871 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_tag_length 4872 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Wed Sep 11 08:17:39 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 11 Sep 2019 08:17:39 +0000 Subject: Still Failing: openssl/openssl#28163 (master - dc64dc2) In-Reply-To: Message-ID: <5d78ada334e4c_43fb970bcbb1421561a@532a75a8-5f1d-4d0b-bc91-22b4a6220bcc.mail> Build Update for openssl/openssl ------------------------------------- Build: #28163 Status: Still Failing Duration: 22 mins and 55 secs Commit: dc64dc2 (master) Author: Shane Lontis Message: Add EVP_CIPHER_CTX_tag_length() There is no deprecated CTRL support for this new field. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9698) View the changeset: https://github.com/openssl/openssl/compare/64115f05ac95...dc64dc2edd21 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583534697?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Wed Sep 11 09:16:27 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 11 Sep 2019 09:16:27 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1568193387.366575.2705.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via a44e1b2f20e4ac5e2ac11b63e1ae935981ea9428 (commit) via c3656cc594daac8167721dde7220f0e59ae146fc (commit) from 5c184ff280ee042e3b7e07701b61adbcbe2958d7 (commit) - Log ----------------------------------------------------------------- commit a44e1b2f20e4ac5e2ac11b63e1ae935981ea9428 Author: Dr. Matthias St. Pierre Date: Wed Sep 11 10:40:18 2019 +0200 crypto/threads_win.c: fix preprocessor indentation Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9860) commit c3656cc594daac8167721dde7220f0e59ae146fc Author: Dr. Matthias St. Pierre Date: Wed Sep 11 10:25:43 2019 +0200 crypto/threads_none.c: fix syntax error in openssl_get_fork_id() Fixes #9858 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9860) ----------------------------------------------------------------------- Summary of changes: crypto/threads_none.c | 2 +- crypto/threads_win.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/threads_none.c b/crypto/threads_none.c index aabf0e0dc0..aaaaae872a 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -143,7 +143,7 @@ int openssl_get_fork_id(void) # if defined(OPENSSL_SYS_UNIX) return getpid(); # else - return return 0; + return 0; # endif } #endif diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 44a360fcab..ba25d2719a 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -24,15 +24,15 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) return NULL; } -#if !defined(_WIN32_WCE) +# if !defined(_WIN32_WCE) /* 0x400 is the spin count value suggested in the documentation */ if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { OPENSSL_free(lock); return NULL; } -#else +# else InitializeCriticalSection(lock); -#endif +# endif return lock; } From matthias.st.pierre at ncp-e.com Wed Sep 11 09:23:36 2019 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Wed, 11 Sep 2019 09:23:36 +0000 Subject: [openssl] master update Message-ID: <1568193816.733935.4840.nullmailer@dev.openssl.org> The branch master has been updated via 7f0a8dc7f9c5c35af0f66aca553304737931d55f (commit) via 0768b38b80d7636910c129ef8954d4f13a574ff6 (commit) via 5562dbb39cbf9db41dad9b8d3ae643262e458c63 (commit) via 849529257c9979c7ca0d28e8b80a47bc4a36d4f2 (commit) from dc64dc2edd215d6cc5843c1bfe1f0b64bff26adc (commit) - Log ----------------------------------------------------------------- commit 7f0a8dc7f9c5c35af0f66aca553304737931d55f Author: Dr. Matthias St. Pierre Date: Wed Sep 11 10:40:18 2019 +0200 crypto/threads_win.c: fix preprocessor indentation Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9832) commit 0768b38b80d7636910c129ef8954d4f13a574ff6 Author: Dr. Matthias St. Pierre Date: Thu May 30 18:37:29 2019 +0200 drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) Since commit 7c226dfc434d a chained DRBG does not add additional data anymore when reseeding from its parent. The reason is that the size of the additional data exceeded the allowed size when no derivation function was used. This commit provides an alternative fix: instead of adding the entire DRBG's complete state, we just add the DRBG's address in memory, thereby providing some distinction between the different DRBG instances. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9832) commit 5562dbb39cbf9db41dad9b8d3ae643262e458c63 Author: Dr. Matthias St. Pierre Date: Thu May 30 18:52:39 2019 +0200 drbg: add fork id to additional data on UNIX systems Provides a little extra fork-safety on UNIX systems, adding to the fact that all DRBGs reseed automatically when the fork_id changes. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9832) commit 849529257c9979c7ca0d28e8b80a47bc4a36d4f2 Author: Dr. Matthias St. Pierre Date: Mon May 27 21:03:09 2019 +0200 drbg: ensure fork-safety without using a pthread_atfork handler When the new OpenSSL CSPRNG was introduced in version 1.1.1, it was announced in the release notes that it would be fork-safe, which the old CSPRNG hadn't been. The fork-safety was implemented using a fork count, which was incremented by a pthread_atfork handler. Initially, this handler was enabled by default. Unfortunately, the default behaviour had to be changed for other reasons in commit b5319bdbd095, so the new OpenSSL CSPRNG failed to keep its promise. This commit restores the fork-safety using a different approach. It replaces the fork count by a fork id, which coincides with the process id on UNIX-like operating systems and is zero on other operating systems. It is used to detect when an automatic reseed after a fork is necessary. To prevent a future regression, it also adds a test to verify that the child reseeds after fork. CVE-2019-1549 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9832) ----------------------------------------------------------------------- Summary of changes: crypto/include/internal/rand_int.h | 1 - crypto/init.c | 1 - crypto/rand/drbg_lib.c | 9 +++++--- crypto/rand/rand_lcl.h | 23 +++++-------------- crypto/rand/rand_lib.c | 13 ++++------- crypto/rand/rand_unix.c | 3 +++ crypto/threads_none.c | 13 +++++++++++ crypto/threads_pthread.c | 10 +++++++++ crypto/threads_win.c | 10 ++++++--- include/internal/cryptlib.h | 1 + test/drbgtest.c | 45 ++++++++++++++++++++++++++++++++++++++ 11 files changed, 94 insertions(+), 35 deletions(-) diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index c5d0c20551..bc427e3cf4 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -24,7 +24,6 @@ typedef struct rand_pool_st RAND_POOL; void rand_cleanup_int(void); -void rand_fork(void); /* Hardware-based seeding functions. */ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool); diff --git a/crypto/init.c b/crypto/init.c index 36c6333877..6536bd5266 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -676,7 +676,6 @@ void OPENSSL_fork_parent(void) void OPENSSL_fork_child(void) { - rand_fork(); /* TODO(3.0): Inform all providers about a fork event */ } #endif diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index f8b58d7245..c24222188f 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -415,7 +415,7 @@ static RAND_DRBG *rand_drbg_new(OPENSSL_CTX *ctx, drbg->libctx = ctx; drbg->secure = secure && CRYPTO_secure_allocated(drbg); - drbg->fork_count = rand_fork_count; + drbg->fork_id = openssl_get_fork_id(); drbg->parent = parent; if (parent == NULL) { @@ -829,6 +829,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, int prediction_resistance, const unsigned char *adin, size_t adinlen) { + int fork_id; int reseed_required = 0; if (drbg->state != DRBG_READY) { @@ -854,8 +855,10 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - if (drbg->fork_count != rand_fork_count) { - drbg->fork_count = rand_fork_count; + fork_id = openssl_get_fork_id(); + + if (drbg->fork_id != fork_id) { + drbg->fork_id = fork_id; reseed_required = 1; } diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index c954cf5f39..0c92d75666 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -225,12 +225,12 @@ struct rand_drbg_st { int secure; /* 1: allocated on the secure heap, 0: otherwise */ int type; /* the nid of the underlying algorithm */ /* - * Stores the value of the rand_fork_count global as of when we last - * reseeded. The DRBG reseeds automatically whenever drbg->fork_count != - * rand_fork_count. Used to provide fork-safety and reseed this DRBG in - * the child process. + * Stores the return value of openssl_get_fork_id() as of when we last + * reseeded. The DRBG reseeds automatically whenever drbg->fork_id != + * openssl_get_fork_id(). Used to provide fork-safety and reseed this + * DRBG in the child process. */ - int fork_count; + int fork_id; unsigned short flags; /* various external flags */ /* @@ -331,19 +331,6 @@ struct rand_drbg_st { /* The global RAND method, and the global buffer and DRBG instance. */ extern RAND_METHOD rand_meth; -/* - * A "generation count" of forks. Incremented in the child process after a - * fork. Since rand_fork_count is increment-only, and only ever written to in - * the child process of the fork, which is guaranteed to be single-threaded, no - * locking is needed for normal (read) accesses; the rest of pthread fork - * processing is assumed to introduce the necessary memory barriers. Sibling - * children of a given parent will produce duplicate values, but this is not - * problematic because the reseeding process pulls input from the system CSPRNG - * and/or other global sources, so the siblings will end up generating - * different output streams. - */ -extern int rand_fork_count; - /* DRBG helpers */ int rand_drbg_restart(RAND_DRBG *drbg, const unsigned char *buffer, size_t len, size_t entropy); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 1ab2a8246c..b70b60a650 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -30,8 +30,6 @@ static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; static int rand_inited = 0; #endif /* FIPS_MODE */ -int rand_fork_count; - #ifdef OPENSSL_RAND_SEED_RDTSC /* * IMPORTANT NOTE: It is not currently possible to use this code @@ -160,7 +158,9 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, size_t bytes = 0; /* - * Get random from parent, include our state as additional input. + * Get random data from parent. Include our address as additional input, + * in order to provide some additional distinction between different + * DRBG child instances. * Our lock is already held, but we need to lock our parent before * generating bits from it. (Note: taking the lock will be a no-op * if locking if drbg->parent->lock == NULL.) @@ -169,7 +169,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, if (RAND_DRBG_generate(drbg->parent, buffer, bytes_needed, prediction_resistance, - NULL, 0) != 0) + (unsigned char *)&drbg, sizeof(drbg)) != 0) bytes = bytes_needed; drbg->reseed_next_counter = tsan_load(&drbg->parent->reseed_prop_counter); @@ -238,11 +238,6 @@ void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out) rand_pool_reattach(pool, out); } -void rand_fork(void) -{ - rand_fork_count++; -} - #ifndef FIPS_MODE DEFINE_RUN_ONCE_STATIC(do_rand_init) { diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 813964665f..8641badbff 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -704,6 +704,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) int rand_pool_add_additional_data(RAND_POOL *pool) { struct { + int fork_id; CRYPTO_THREAD_ID tid; uint64_t time; } data; @@ -713,9 +714,11 @@ int rand_pool_add_additional_data(RAND_POOL *pool) /* * Add some noise from the thread id and a high resolution timer. + * The fork_id adds some extra fork-safety. * The thread id adds a little randomness if the drbg is accessed * concurrently (which is the case for the drbg). */ + data.fork_id = openssl_get_fork_id(); data.tid = CRYPTO_THREAD_get_current_id(); data.time = get_timer_bits(); diff --git a/crypto/threads_none.c b/crypto/threads_none.c index ff95556c17..c12d5610aa 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -12,6 +12,11 @@ #if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) +# if defined(OPENSSL_SYS_UNIX) +# include +# include +# endif + CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { CRYPTO_RWLOCK *lock; @@ -133,4 +138,12 @@ int openssl_init_fork_handlers(void) return 0; } +int openssl_get_fork_id(void) +{ +# if defined(OPENSSL_SYS_UNIX) + return getpid(); +# else + return 0; +# endif +} #endif diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index c3fd2411db..762da60a87 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -16,6 +16,11 @@ #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) +# if defined(OPENSSL_SYS_UNIX) +# include +# include +#endif + # ifdef PTHREAD_RWLOCK_INITIALIZER # define USE_RWLOCK # endif @@ -207,4 +212,9 @@ int openssl_init_fork_handlers(void) return 0; } # endif /* FIPS_MODE */ + +int openssl_get_fork_id(void) +{ + return getpid(); +} #endif diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 73203834c1..43bd0f51d9 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -24,15 +24,15 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) return NULL; } -#if !defined(_WIN32_WCE) +# if !defined(_WIN32_WCE) /* 0x400 is the spin count value suggested in the documentation */ if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { OPENSSL_free(lock); return NULL; } -#else +# else InitializeCriticalSection(lock); -#endif +# endif return lock; } @@ -164,4 +164,8 @@ int openssl_init_fork_handlers(void) return 0; } +int openssl_get_fork_id(void) +{ + return 0; +} #endif diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index d591f203d2..cfac74a328 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -93,6 +93,7 @@ void OPENSSL_showfatal(const char *fmta, ...); int do_ex_data_init(OPENSSL_CTX *ctx); void crypto_cleanup_all_ex_data_int(OPENSSL_CTX *ctx); int openssl_init_fork_handlers(void); +int openssl_get_fork_id(void); char *ossl_safe_getenv(const char *name); diff --git a/test/drbgtest.c b/test/drbgtest.c index 9efdd87a4d..4559ffd635 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -22,6 +22,13 @@ # include #endif + +#if defined(OPENSSL_SYS_UNIX) +# include +# include +# include +#endif + #include "testutil.h" #include "drbgtest.h" @@ -708,6 +715,40 @@ static int test_drbg_reseed(int expect_success, return 1; } + +#if defined(OPENSSL_SYS_UNIX) +/* + * Test whether master, public and private DRBG are reseeded after + * forking the process. + */ +static int test_drbg_reseed_after_fork(RAND_DRBG *master, + RAND_DRBG *public, + RAND_DRBG *private) +{ + pid_t pid; + int status=0; + + pid = fork(); + if (!TEST_int_ge(pid, 0)) + return 0; + + if (pid > 0) { + /* I'm the parent; wait for the child and check its exit code */ + return TEST_int_eq(waitpid(pid, &status, 0), pid) && TEST_int_eq(status, 0); + } + + /* I'm the child; check whether all three DRBGs reseed. */ + if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0))) + status = 1; + + /* Remove hooks */ + unhook_drbg(master); + unhook_drbg(public); + unhook_drbg(private); + exit(status); +} +#endif + /* * Test whether the default rand_method (RAND_OpenSSL()) is * setup correctly, in particular whether reseeding works @@ -798,6 +839,10 @@ static int test_rand_drbg_reseed(void) goto error; reset_drbg_hook_ctx(); +#if defined(OPENSSL_SYS_UNIX) + if (!TEST_true(test_drbg_reseed_after_fork(master, public, private))) + goto error; +#endif /* fill 'randomness' buffer with some arbitrary data */ memset(rand_add_buf, 'r', sizeof(rand_add_buf)); From builds at travis-ci.org Wed Sep 11 09:46:10 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 11 Sep 2019 09:46:10 +0000 Subject: Still Failing: openssl/openssl#28171 (OpenSSL_1_1_1-stable - a44e1b2) In-Reply-To: Message-ID: <5d78c2625b38_43f926c37137c1495ba@2e68b2ec-b6ec-474e-807c-d8edc8bc51d9.mail> Build Update for openssl/openssl ------------------------------------- Build: #28171 Status: Still Failing Duration: 19 mins and 24 secs Commit: a44e1b2 (OpenSSL_1_1_1-stable) Author: Dr. Matthias St. Pierre Message: crypto/threads_win.c: fix preprocessor indentation Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9860) View the changeset: https://github.com/openssl/openssl/compare/5c184ff280ee...a44e1b2f20e4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583563921?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Sep 11 10:11:07 2019 From: builds at travis-ci.org (Travis CI) Date: Wed, 11 Sep 2019 10:11:07 +0000 Subject: Still Failing: openssl/openssl#28174 (master - 7f0a8dc) In-Reply-To: Message-ID: <5d78c83b81440_43fabb972d4001635df@6c1d43ab-8b44-4d2d-b34c-878a62c70784.mail> Build Update for openssl/openssl ------------------------------------- Build: #28174 Status: Still Failing Duration: 26 mins and 0 secs Commit: 7f0a8dc (master) Author: Dr. Matthias St. Pierre Message: crypto/threads_win.c: fix preprocessor indentation Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9832) View the changeset: https://github.com/openssl/openssl/compare/dc64dc2edd21...7f0a8dc7f9c5 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/583566587?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Sep 11 12:25:47 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 11 Sep 2019 12:25:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-scrypt Message-ID: <1568204747.714381.24422.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-scrypt Commit log since last time: 5840ed0cd1 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey fa3eb248e2 Fix a potential crash in rand_unix.c e301c147a7 Fix a strict warnings error in rand_pool_acquire_entropy Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 6 Non-zero exit status: 1 Files=176, Tests=1662, 292 wallclock secs ( 3.09 usr 0.46 sys + 277.37 cusr 24.51 csys = 305.43 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-scrypt' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Sep 11 14:21:04 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 11 Sep 2019 14:21:04 +0000 Subject: Build failed: openssl master.27611 Message-ID: <20190911142104.1.039630BFFF87BDF2@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Sep 11 14:57:54 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 11 Sep 2019 14:57:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1568213874.826695.23244.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 5840ed0cd1 Fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey fa3eb248e2 Fix a potential crash in rand_unix.c e301c147a7 Fix a strict warnings error in rand_pool_acquire_entropy Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13alerts.t .............. ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... ok ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=176, Tests=1663, 884 wallclock secs ( 3.35 usr 0.44 sys + 855.08 cusr 38.76 csys = 897.63 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Sep 11 16:09:22 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 11 Sep 2019 16:09:22 +0000 Subject: Build failed: openssl master.27617 Message-ID: <20190911160922.1.7765CA973093C4D9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Sep 11 16:43:02 2019 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 11 Sep 2019 16:43:02 +0000 Subject: Build completed: openssl master.27618 Message-ID: <20190911164302.1.7DC6997BAB6563F3@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Sep 11 21:25:27 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 11 Sep 2019 21:25:27 +0000 Subject: [web] master update Message-ID: <1568237127.430691.27275.nullmailer@dev.openssl.org> The branch master has been updated via 1cb8b8b472c5bc07856ee2c37fe4e211598d4094 (commit) from 6239182447d80939a1e2170e4f7b79917561c165 (commit) - Log ----------------------------------------------------------------- commit 1cb8b8b472c5bc07856ee2c37fe4e211598d4094 Author: Richard Levitte Date: Wed Sep 11 23:25:06 2019 +0200 source: Remove gz encoding on .gz.sha256 files ----------------------------------------------------------------------- Summary of changes: bin/mk-latest | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/mk-latest b/bin/mk-latest index 8c2d3a7..37423cd 100755 --- a/bin/mk-latest +++ b/bin/mk-latest @@ -56,4 +56,7 @@ RewriteRule ^openssl-(fips.*) old/fips/openssl-$1 [L] RemoveEncoding .gz + + RemoveEncoding .gz + EOF From levitte at openssl.org Wed Sep 11 21:39:34 2019 From: levitte at openssl.org (Richard Levitte) Date: Wed, 11 Sep 2019 21:39:34 +0000 Subject: [web] master update Message-ID: <1568237974.029878.23327.nullmailer@dev.openssl.org> The branch master has been updated via 121a1909bc25d24d6b11c0e3d084ecc5625a1a86 (commit) from 1cb8b8b472c5bc07856ee2c37fe4e211598d4094 (commit) - Log ----------------------------------------------------------------- commit 121a1909bc25d24d6b11c0e3d084ecc5625a1a86 Author: Richard Levitte Date: Wed Sep 11 23:39:26 2019 +0200 .htaccess: force .sha256 files to application/binary ----------------------------------------------------------------------- Summary of changes: .htaccess | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.htaccess b/.htaccess index 717f682..653e58d 100644 --- a/.htaccess +++ b/.htaccess @@ -21,6 +21,10 @@ ForceType application/binary ForceType application/binary + +ForceType application/binary + + ForceType application/binary From openssl at openssl.org Wed Sep 11 23:00:26 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 11 Sep 2019 23:00:26 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1568242826.174179.26512.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 7f0a8dc7f9 crypto/threads_win.c: fix preprocessor indentation 0768b38b80 drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) 5562dbb39c drbg: add fork id to additional data on UNIX systems 849529257c drbg: ensure fork-safety without using a pthread_atfork handler dc64dc2edd Add EVP_CIPHER_CTX_tag_length() 64115f05ac Usages of KDFs converted to use the name macros 69333af49d Register KDF's using their name macros rather than strings 2e548ac9a1 Make FIPS provider use KDF name for PBKDF2 27e27cd7ef Update tests to (mostly) use KDF names 1732c260db Convert SSL functions to use KDF names not SN_ strings d810cc1977 Add macros for the KDF algorithm names. 4a3dd62923 Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS) f20a59cb1c Coverity 1453634: Resource leaks (RESOURCE_LEAK) d111712f6a Coverity 1453633: Error handling issues (CHECKED_RETURN) 64da55a64f Coverity 1453632 & 1453635: Null pointer dereferences (FORWARD_NULL) 085f1d11a0 Coverity 1453630: Null pointer dereferences (FORWARD_NULL) 6ce4ff1915 Coverity 1453628: Null pointer dereferences (REVERSE_INULL) 7e56c62693 Coverity 1453627: Null pointer dereferences (REVERSE_INULL) 92475712a9 Coverity 1414465: Resource leaks (RESOURCE_LEAK) Build log ended with (last 100 lines): ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_bio_memleak.t .............. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 14 Failed: 1) Failed test: 7 Non-zero exit status: 1 ../../openssl/test/recipes/30-test_evp_extra.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 ../../openssl/test/recipes/30-test_pkey_meth_kdf.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=176, Tests=1462, 652 wallclock secs ( 1.14 usr 0.34 sys + 579.15 cusr 73.13 csys = 653.76 CPU) Result: FAIL Makefile:198: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:196: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Sep 12 02:15:09 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 12 Sep 2019 02:15:09 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dh Message-ID: <1568254509.026410.18772.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dh Commit log since last time: 7f0a8dc7f9 crypto/threads_win.c: fix preprocessor indentation 0768b38b80 drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) 5562dbb39c drbg: add fork id to additional data on UNIX systems 849529257c drbg: ensure fork-safety without using a pthread_atfork handler dc64dc2edd Add EVP_CIPHER_CTX_tag_length() 64115f05ac Usages of KDFs converted to use the name macros 69333af49d Register KDF's using their name macros rather than strings 2e548ac9a1 Make FIPS provider use KDF name for PBKDF2 27e27cd7ef Update tests to (mostly) use KDF names 1732c260db Convert SSL functions to use KDF names not SN_ strings d810cc1977 Add macros for the KDF algorithm names. 4a3dd62923 Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS) f20a59cb1c Coverity 1453634: Resource leaks (RESOURCE_LEAK) d111712f6a Coverity 1453633: Error handling issues (CHECKED_RETURN) 64da55a64f Coverity 1453632 & 1453635: Null pointer dereferences (FORWARD_NULL) 085f1d11a0 Coverity 1453630: Null pointer dereferences (FORWARD_NULL) 6ce4ff1915 Coverity 1453628: Null pointer dereferences (REVERSE_INULL) 7e56c62693 Coverity 1453627: Null pointer dereferences (REVERSE_INULL) 92475712a9 Coverity 1414465: Resource leaks (RESOURCE_LEAK) Build log ended with (last 100 lines): clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_params-bin-buildtest_params.d.tmp -MT test/buildtest_c_params-bin-buildtest_params.o -c -o test/buildtest_c_params-bin-buildtest_params.o test/buildtest_params.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pem-bin-buildtest_pem.d.tmp -MT test/buildtest_c_pem-bin-buildtest_pem.o -c -o test/buildtest_c_pem-bin-buildtest_pem.o test/buildtest_pem.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pem2-bin-buildtest_pem2.d.tmp -MT test/buildtest_c_pem2-bin-buildtest_pem2.o -c -o test/buildtest_c_pem2-bin-buildtest_pem2.o test/buildtest_pem2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pkcs12-bin-buildtest_pkcs12.d.tmp -MT test/buildtest_c_pkcs12-bin-buildtest_pkcs12.o -c -o test/buildtest_c_pkcs12-bin-buildtest_pkcs12.o test/buildtest_pkcs12.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_pkcs7-bin-buildtest_pkcs7.d.tmp -MT test/buildtest_c_pkcs7-bin-buildtest_pkcs7.o -c -o test/buildtest_c_pkcs7-bin-buildtest_pkcs7.o test/buildtest_pkcs7.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_provider-bin-buildtest_provider.d.tmp -MT test/buildtest_c_provider-bin-buildtest_provider.o -c -o test/buildtest_c_provider-bin-buildtest_provider.o test/buildtest_provider.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rand-bin-buildtest_rand.d.tmp -MT test/buildtest_c_rand-bin-buildtest_rand.o -c -o test/buildtest_c_rand-bin-buildtest_rand.o test/buildtest_rand.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.d.tmp -MT test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.o -c -o test/buildtest_c_rand_drbg-bin-buildtest_rand_drbg.o test/buildtest_rand_drbg.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rc2-bin-buildtest_rc2.d.tmp -MT test/buildtest_c_rc2-bin-buildtest_rc2.o -c -o test/buildtest_c_rc2-bin-buildtest_rc2.o test/buildtest_rc2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rc4-bin-buildtest_rc4.d.tmp -MT test/buildtest_c_rc4-bin-buildtest_rc4.o -c -o test/buildtest_c_rc4-bin-buildtest_rc4.o test/buildtest_rc4.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ripemd-bin-buildtest_ripemd.d.tmp -MT test/buildtest_c_ripemd-bin-buildtest_ripemd.o -c -o test/buildtest_c_ripemd-bin-buildtest_ripemd.o test/buildtest_ripemd.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_rsa-bin-buildtest_rsa.d.tmp -MT test/buildtest_c_rsa-bin-buildtest_rsa.o -c -o test/buildtest_c_rsa-bin-buildtest_rsa.o test/buildtest_rsa.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_safestack-bin-buildtest_safestack.d.tmp -MT test/buildtest_c_safestack-bin-buildtest_safestack.o -c -o test/buildtest_c_safestack-bin-buildtest_safestack.o test/buildtest_safestack.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_seed-bin-buildtest_seed.d.tmp -MT test/buildtest_c_seed-bin-buildtest_seed.o -c -o test/buildtest_c_seed-bin-buildtest_seed.o test/buildtest_seed.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_sha-bin-buildtest_sha.d.tmp -MT test/buildtest_c_sha-bin-buildtest_sha.o -c -o test/buildtest_c_sha-bin-buildtest_sha.o test/buildtest_sha.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_srp-bin-buildtest_srp.d.tmp -MT test/buildtest_c_srp-bin-buildtest_srp.o -c -o test/buildtest_c_srp-bin-buildtest_srp.o test/buildtest_srp.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_srtp-bin-buildtest_srtp.d.tmp -MT test/buildtest_c_srtp-bin-buildtest_srtp.o -c -o test/buildtest_c_srtp-bin-buildtest_srtp.o test/buildtest_srtp.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ssl-bin-buildtest_ssl.d.tmp -MT test/buildtest_c_ssl-bin-buildtest_ssl.o -c -o test/buildtest_c_ssl-bin-buildtest_ssl.o test/buildtest_ssl.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ssl2-bin-buildtest_ssl2.d.tmp -MT test/buildtest_c_ssl2-bin-buildtest_ssl2.o -c -o test/buildtest_c_ssl2-bin-buildtest_ssl2.o test/buildtest_ssl2.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_stack-bin-buildtest_stack.d.tmp -MT test/buildtest_c_stack-bin-buildtest_stack.o -c -o test/buildtest_c_stack-bin-buildtest_stack.o test/buildtest_stack.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_store-bin-buildtest_store.d.tmp -MT test/buildtest_c_store-bin-buildtest_store.o -c -o test/buildtest_c_store-bin-buildtest_store.o test/buildtest_store.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_symhacks-bin-buildtest_symhacks.d.tmp -MT test/buildtest_c_symhacks-bin-buildtest_symhacks.o -c -o test/buildtest_c_symhacks-bin-buildtest_symhacks.o test/buildtest_symhacks.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_tls1-bin-buildtest_tls1.d.tmp -MT test/buildtest_c_tls1-bin-buildtest_tls1.o -c -o test/buildtest_c_tls1-bin-buildtest_tls1.o test/buildtest_tls1.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ts-bin-buildtest_ts.d.tmp -MT test/buildtest_c_ts-bin-buildtest_ts.o -c -o test/buildtest_c_ts-bin-buildtest_ts.o test/buildtest_ts.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_txt_db-bin-buildtest_txt_db.d.tmp -MT test/buildtest_c_txt_db-bin-buildtest_txt_db.o -c -o test/buildtest_c_txt_db-bin-buildtest_txt_db.o test/buildtest_txt_db.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_ui-bin-buildtest_ui.d.tmp -MT test/buildtest_c_ui-bin-buildtest_ui.o -c -o test/buildtest_c_ui-bin-buildtest_ui.o test/buildtest_ui.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_whrlpool-bin-buildtest_whrlpool.d.tmp -MT test/buildtest_c_whrlpool-bin-buildtest_whrlpool.o -c -o test/buildtest_c_whrlpool-bin-buildtest_whrlpool.o test/buildtest_whrlpool.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509-bin-buildtest_x509.d.tmp -MT test/buildtest_c_x509-bin-buildtest_x509.o -c -o test/buildtest_c_x509-bin-buildtest_x509.o test/buildtest_x509.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.d.tmp -MT test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.o -c -o test/buildtest_c_x509_vfy-bin-buildtest_x509_vfy.o test/buildtest_x509_vfy.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_IA32_SSE2 -MMD -MF test/buildtest_c_x509v3-bin-buildtest_x509v3.d.tmp -MT test/buildtest_c_x509v3-bin-buildtest_x509v3.o -c -o test/buildtest_c_x509v3-bin-buildtest_x509v3.o test/buildtest_x509v3.c rm -f test/rsa_complex ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/rsa_complex test/rsa_complex-bin-rsa_complex.o \ -ldl -pthread rm -f test/shlibloadtest ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o test/shlibloadtest test/shlibloadtest-bin-shlibloadtest.o \ -ldl -pthread ar r libcrypto.a crypto/aes/libcrypto-lib-aes-x86_64.o crypto/aes/libcrypto-lib-aes_cfb.o crypto/aes/libcrypto-lib-aes_ecb.o crypto/aes/libcrypto-lib-aes_ige.o crypto/aes/libcrypto-lib-aes_misc.o crypto/aes/libcrypto-lib-aes_ofb.o crypto/aes/libcrypto-lib-aes_wrap.o crypto/aes/libcrypto-lib-aesni-mb-x86_64.o crypto/aes/libcrypto-lib-aesni-sha1-x86_64.o crypto/aes/libcrypto-lib-aesni-sha256-x86_64.o crypto/aes/libcrypto-lib-aesni-x86_64.o crypto/aes/libcrypto-lib-bsaes-x86_64.o crypto/aes/libcrypto-lib-vpaes-x86_64.o crypto/aria/libcrypto-lib-aria.o crypto/asn1/libcrypto-lib-a_bitstr.o crypto/asn1/libcrypto-lib-a_d2i_fp.o crypto/asn1/libcrypto-lib-a_digest.o crypto/asn1/libcrypto-lib-a_dup.o crypto/asn1/libcrypto-lib-a_gentm.o crypto/asn1/libcrypto-lib-a_i2d_fp.o crypto/asn1/libcrypto-lib-a_int.o crypto/asn1/libcrypto-lib-a_mbstr.o crypto/asn1/libcrypto-lib-a_object.o crypto/asn1/libcrypto-lib-a_octet.o crypto/asn1/libcrypto-lib-a_print.o crypto/asn1/libcrypto-lib-a_sign.o crypto/asn1/libcrypto-lib-a_strex.o crypto/asn1/libcrypto-lib-a_strnid.o crypto/asn1/libcrypto-lib-a_time.o crypto/asn1/libcrypto-lib-a_type.o crypto/asn1/libcrypto-lib-a_utctm.o crypto/asn1/libcrypto-lib-a_utf8.o crypto/asn1/libcrypto-lib-a_verify.o crypto/asn1/libcrypto-lib-ameth_lib.o crypto/asn1/libcrypto-lib-asn1_err.o crypto/asn1/libcrypto-lib-asn1_gen.o crypto/asn1/libcrypto-lib-asn1_item_list.o crypto/asn1/libcrypto-lib-asn1_lib.o crypto/asn1/libcrypto-lib-asn1_par.o crypto/asn1/libcrypto-lib-asn_mime.o crypto/asn1/libcrypto-lib-asn_moid.o crypto/asn1/libcrypto-lib-asn_mstbl.o crypto/asn1/libcrypto-lib-asn_pack.o crypto/asn1/libcrypto-lib-bio_asn1.o crypto/asn1/libcrypto-lib-bio_ndef.o crypto/asn1/libcrypto-lib-d2i_param.o crypto/asn1/libcrypto-lib-d2i_pr.o crypto/asn1/libcrypto-lib-d2i_pu.o crypto/asn1/libcrypto-lib-evp_asn1.o crypto/asn1/libcrypto-lib-f_int.o crypto/asn1/libcrypto-lib-f_string.o crypto/asn1/libcrypto-lib-i2d_param.o crypto/asn1/libcrypto-lib-i2d_pr.o crypto/asn1/libcrypto-lib-i2d_pu.o crypto/asn1/libcrypto-lib-n_pkey.o crypto/asn1/libcrypto-lib-nsseq.o crypto/asn1/libcrypto-lib-p5_pbe.o crypto/asn1/libcrypto-lib-p5_pbev2.o crypto/asn1/libcrypto-lib-p5_scrypt.o crypto/asn1/libcrypto-lib-p8_pkey.o crypto/asn1/libcrypto-lib-t_bitst.o crypto/asn1/libcrypto-lib-t_pkey.o crypto/asn1/libcrypto-lib-t_spki.o crypto/asn1/libcrypto-lib-tasn_dec.o crypto/asn1/libcrypto-lib-tasn_enc.o crypto/asn1/libcrypto-lib-tasn_fre.o crypto/asn1/libcrypto-lib-tasn_new.o crypto/asn1/libcrypto-lib-tasn_prn.o crypto/asn1/libcrypto-lib-tasn_scn.o crypto/asn1/libcrypto-lib-tasn_typ.o crypto/asn1/libcrypto-lib-tasn_utl.o crypto/asn1/libcrypto-lib-x_algor.o crypto/asn1/libcrypto-lib-x_bignum.o crypto/asn1/libcrypto-lib-x_info.o crypto/asn1/libcrypto-lib-x_int64.o crypto/asn1/libcrypto-lib-x_long.o crypto/asn1/libcrypto-lib-x_pkey.o crypto/asn1/libcrypto-lib-x_sig.o crypto/asn1/libcrypto-lib-x_spki.o crypto/asn1/libcrypto-lib-x_val.o crypto/async/arch/libcrypto-lib-async_null.o crypto/async/arch/libcrypto-lib-async_posix.o crypto/async/arch/libcrypto-lib-async_win.o crypto/async/libcrypto-lib-async.o crypto/async/libcrypto-lib-async_err.o crypto/async/libcrypto-lib-async_wait.o crypto/bf/libcrypto-lib-bf_cfb64.o crypto/bf/libcrypto-lib-bf_ecb.o crypto/bf/libcrypto-lib-bf_enc.o crypto/bf/libcrypto-lib-bf_ofb64.o crypto/bf/libcrypto-lib-bf_skey.o crypto/bio/libcrypto-lib-b_addr.o crypto/bio/libcrypto-lib-b_dump.o crypto/bio/libcrypto-lib-b_print.o crypto/bio/libcrypto-lib-b_sock.o crypto/bio/libcrypto-lib-b_sock2.o crypto/bio/libcrypto-lib-bf_buff.o crypto/bio/libcrypto-lib-bf_lbuf.o crypto/bio/libcrypto-lib-bf_nbio.o crypto/bio/libcrypto-lib-bf_null.o crypto/bio/libcrypto-lib-bio_cb.o crypto/bio/libcrypto-lib-bio_err.o crypto/bio/libcrypto-lib-bio_lib.o crypto/bio/libcrypto-lib-bio_meth.o crypto/bio/libcrypto-lib-bss_acpt.o crypto/bio/libcrypto-lib-bss_bio.o crypto/bio/libcrypto-lib-bss_conn.o crypto/bio/libcrypto-lib-bss_dgram.o crypto/bio/libcrypto-lib-bss_fd.o crypto/bio/libcrypto-lib-bss_file.o crypto/bio/libcrypto-lib-bss_log.o crypto/bio/libcrypto-lib-bss_mem.o crypto/bio/libcrypto-lib-bss_null.o crypto/bio/libcrypto-lib-bss_sock.o crypto/blake2/libcrypto-lib-m_blake2b.o crypto/blake2/libcrypto-lib-m_blake2s.o crypto/bn/asm/libcrypto-lib-x86_64-gcc.o crypto/bn/libcrypto-lib-bn_add.o crypto/bn/libcrypto-lib-bn_blind.o crypto/bn/libcrypto-lib-bn_const.o crypto/bn/libcrypto-lib-bn_conv.o crypto/bn/libcrypto-lib-bn_ctx.o crypto/bn/libcrypto-lib-bn_depr.o crypto/bn/libcrypto-lib-bn_dh.o crypto/bn/libcrypto-lib-bn_div.o crypto/bn/libcrypto-lib-bn_err.o crypto/bn/libcrypto-lib-bn_exp.o crypto/bn/libcrypto-lib-bn_exp2.o crypto/bn/libcrypto-lib-bn_gcd.o crypto/bn/libcrypto-lib-bn_gf2m.o crypto/bn/libcrypto-lib-bn_intern.o crypto/bn/libcrypto-lib-bn_kron.o crypto/bn/libcrypto-lib-bn_lib.o crypto/bn/libcrypto-lib-bn_mod.o crypto/bn/libcrypto-lib-bn_mont.o crypto/bn/libcrypto-lib-bn_mpi.o crypto/bn/libcrypto-lib-bn_mul.o crypto/bn/libcrypto-lib-bn_nist.o crypto/bn/libcrypto-lib-bn_prime.o crypto/bn/libcrypto-lib-bn_print.o crypto/bn/libcrypto-lib-bn_rand.o crypto/bn/libcrypto-lib-bn_recp.o crypto/bn/libcrypto-lib-bn_rsa_fips186_4.o crypto/bn/libcrypto-lib-bn_shift.o crypto/bn/libcrypto-lib-bn_sqr.o crypto/bn/libcrypto-lib-bn_sqrt.o crypto/bn/libcrypto-lib-bn_srp.o crypto/bn/libcrypto-lib-bn_word.o crypto/bn/libcrypto-lib-bn_x931p.o crypto/bn/libcrypto-lib-rsaz-avx2.o crypto/bn/libcrypto-lib-rsaz-x86_64.o crypto/bn/libcrypto-lib-rsaz_exp.o crypto/bn/libcrypto-lib-x86_64-gf2m.o crypto/bn/libcrypto-lib-x86_64-mont.o crypto/bn/libcrypto-lib-x86_64-mont5.o crypto/buffer/libcrypto-lib-buf_err.o crypto/buffer/libcrypto-lib-buffer.o crypto/camellia/libcrypto-lib-cmll-x86_64.o crypto/camellia/libcrypto-lib-cmll_cfb.o crypto/camellia/libcrypto-lib-cmll_ctr.o crypto/camellia/libcrypto-lib-cmll_ecb.o crypto/camellia/libcrypto-lib-cmll_misc.o crypto/camellia/libcrypto-lib-cmll_ofb.o crypto/cast/libcrypto-lib-c_cfb64.o crypto/cast/libcrypto-lib-c_ecb.o crypto/cast/libcrypto-lib-c_enc.o crypto/cast/libcrypto-lib-c_ofb64.o crypto/cast/libcrypto-lib-c_skey.o crypto/chacha/libcrypto-lib-chacha-x86_64.o crypto/cmac/libcrypto-lib-cm_ameth.o crypto/cmac/libcrypto-lib-cmac.o crypto/cmp/libcrypto-lib-cmp_asn.o crypto/cmp/libcrypto-lib-cmp_err.o crypto/cms/libcrypto-lib-cms_asn1.o crypto/cms/libcrypto-lib-cms_att.o crypto/cms/libcrypto-lib-cms_cd.o crypto/cms/libcrypto-lib-cms_dd.o crypto/cms/libcrypto-lib-cms_enc.o crypto/cms/libcrypto-lib-cms_env.o crypto/cms/libcrypto-lib-cms_err.o crypto/cms/libcrypto-lib-cms_ess.o crypto/cms/libcrypto-lib-cms_io.o crypto/cms/libcrypto-lib-cms_kari.o crypto/cms/libcrypto-lib-cms_lib.o crypto/cms/libcrypto-lib-cms_pwri.o crypto/cms/libcrypto-lib-cms_sd.o crypto/cms/libcrypto-lib-cms_smime.o crypto/comp/libcrypto-lib-c_zlib.o crypto/comp/libcrypto-lib-comp_err.o crypto/comp/libcrypto-lib-comp_lib.o crypto/conf/libcrypto-lib-conf_api.o crypto/conf/libcrypto-lib-conf_def.o crypto/conf/libcrypto-lib-conf_err.o crypto/conf/libcrypto-lib-conf_lib.o crypto/conf/libcrypto-lib-conf_mall.o crypto/conf/libcrypto-lib-conf_mod.o crypto/conf/libcrypto-lib-conf_sap.o crypto/conf/libcrypto-lib-conf_ssl.o crypto/crmf/libcrypto-lib-crmf_asn.o crypto/crmf/libcrypto-lib-crmf_err.o crypto/crmf/libcrypto-lib-crmf_lib.o crypto/crmf/libcrypto-lib-crmf_pbm.o crypto/ct/libcrypto-lib-ct_b64.o crypto/ct/libcrypto-lib-ct_err.o crypto/ct/libcrypto-lib-ct_log.o crypto/ct/libcrypto-lib-ct_oct.o crypto/ct/libcrypto-lib-ct_policy.o crypto/ct/libcrypto-lib-ct_prn.o crypto/ct/libcrypto-lib-ct_sct.o crypto/ct/libcrypto-lib-ct_sct_ctx.o crypto/ct/libcrypto-lib-ct_vfy.o crypto/ct/libcrypto-lib-ct_x509v3.o crypto/des/libcrypto-lib-cbc_cksm.o crypto/des/libcrypto-lib-cbc_enc.o crypto/des/libcrypto-lib-cfb64ede.o crypto/des/libcrypto-lib-cfb64enc.o crypto/des/libcrypto-lib-cfb_enc.o crypto/des/libcrypto-lib-des_enc.o crypto/des/libcrypto-lib-ecb3_enc.o crypto/des/libcrypto-lib-ecb_enc.o crypto/des/libcrypto-lib-fcrypt.o crypto/des/libcrypto-lib-fcrypt_b.o crypto/des/libcrypto-lib-ofb64ede.o crypto/des/libcrypto-lib-ofb64enc.o crypto/des/libcrypto-lib-ofb_enc.o crypto/des/libcrypto-lib-pcbc_enc.o crypto/des/libcrypto-lib-qud_cksm.o crypto/des/libcrypto-lib-rand_key.o crypto/des/libcrypto-lib-set_key.o crypto/des/libcrypto-lib-str2key.o crypto/des/libcrypto-lib-xcbc_enc.o crypto/dsa/libcrypto-lib-dsa_ameth.o crypto/dsa/libcrypto-lib-dsa_asn1.o crypto/dsa/libcrypto-lib-dsa_depr.o crypto/dsa/libcrypto-lib-dsa_err.o crypto/dsa/libcrypto-lib-dsa_gen.o crypto/dsa/libcrypto-lib-dsa_key.o crypto/dsa/libcrypto-lib-dsa_lib.o crypto/dsa/libcrypto-lib-dsa_meth.o crypto/dsa/libcrypto-lib-dsa_ossl.o crypto/dsa/libcrypto-lib-dsa_pmeth.o crypto/dsa/libcrypto-lib-dsa_prn.o crypto/dsa/libcrypto-lib-dsa_sign.o crypto/dsa/libcrypto-lib-dsa_vrf.o crypto/dso/libcrypto-lib-dso_dl.o crypto/dso/libcrypto-lib-dso_dlfcn.o crypto/dso/libcrypto-lib-dso_err.o crypto/dso/libcrypto-lib-dso_lib.o crypto/dso/libcrypto-lib-dso_openssl.o crypto/dso/libcrypto-lib-dso_vms.o crypto/dso/libcrypto-lib-dso_win32.o crypto/ec/curve448/arch_32/libcrypto-lib-f_impl.o crypto/ec/curve448/libcrypto-lib-curve448.o crypto/ec/curve448/libcrypto-lib-curve448_tables.o crypto/ec/curve448/libcrypto-lib-eddsa.o crypto/ec/curve448/libcrypto-lib-f_generic.o crypto/ec/curve448/libcrypto-lib-scalar.o crypto/ec/libcrypto-lib-curve25519.o crypto/ec/libcrypto-lib-ec2_oct.o crypto/ec/libcrypto-lib-ec2_smpl.o crypto/ec/libcrypto-lib-ec_ameth.o crypto/ec/libcrypto-lib-ec_asn1.o crypto/ec/libcrypto-lib-ec_check.o crypto/ec/libcrypto-lib-ec_curve.o crypto/ec/libcrypto-lib-ec_cvt.o crypto/ec/libcrypto-lib-ec_err.o crypto/ec/libcrypto-lib-ec_key.o crypto/ec/libcrypto-lib-ec_kmeth.o crypto/ec/libcrypto-lib-ec_lib.o crypto/ec/libcrypto-lib-ec_mult.o crypto/ec/libcrypto-lib-ec_oct.o crypto/ec/libcrypto-lib-ec_pmeth.o crypto/ec/libcrypto-lib-ec_print.o crypto/ec/libcrypto-lib-ecdh_kdf.o crypto/ec/libcrypto-lib-ecdh_ossl.o crypto/ec/libcrypto-lib-ecdsa_ossl.o crypto/ec/libcrypto-lib-ecdsa_sign.o crypto/ec/libcrypto-lib-ecdsa_vrf.o crypto/ec/libcrypto-lib-eck_prn.o crypto/ec/libcrypto-lib-ecp_mont.o crypto/ec/libcrypto-lib-ecp_nist.o crypto/ec/libcrypto-lib-ecp_nistp224.o crypto/ec/libcrypto-lib-ecp_nistp256.o crypto/ec/libcrypto-lib-ecp_nistp521.o crypto/ec/libcrypto-lib-ecp_nistputil.o crypto/ec/libcrypto-lib-ecp_nistz256-x86_64.o crypto/ec/libcrypto-lib-ecp_nistz256.o crypto/ec/libcrypto-lib-ecp_oct.o crypto/ec/libcrypto-lib-ecp_smpl.o crypto/ec/libcrypto-lib-ecx_meth.o crypto/ec/libcrypto-lib-x25519-x86_64.o crypto/engine/libcrypto-lib-eng_all.o crypto/engine/libcrypto-lib-eng_cnf.o crypto/engine/libcrypto-lib-eng_ctrl.o crypto/engine/libcrypto-lib-eng_dyn.o crypto/engine/libcrypto-lib-eng_err.o crypto/engine/libcrypto-lib-eng_fat.o crypto/engine/libcrypto-lib-eng_init.o crypto/engine/libcrypto-lib-eng_lib.o crypto/engine/libcrypto-lib-eng_list.o crypto/engine/libcrypto-lib-eng_openssl.o crypto/engine/libcrypto-lib-eng_pkey.o crypto/engine/libcrypto-lib-eng_rdrand.o crypto/engine/libcrypto-lib-eng_table.o crypto/engine/libcrypto-lib-tb_asnmth.o crypto/engine/libcrypto-lib-tb_cipher.o crypto/engine/libcrypto-lib-tb_dh.o crypto/engine/libcrypto-lib-tb_digest.o crypto/engine/libcrypto-lib-tb_dsa.o crypto/engine/libcrypto-lib-tb_eckey.o crypto/engine/libcrypto-lib-tb_pkmeth.o crypto/engine/libcrypto-lib-tb_rand.o crypto/engine/libcrypto-lib-tb_rsa.o crypto/err/libcrypto-lib-err.o crypto/err/libcrypto-lib-err_all.o crypto/err/libcrypto-lib-err_blocks.o crypto/err/libcrypto-lib-err_prn.o crypto/ess/libcrypto-lib-ess_asn1.o crypto/ess/libcrypto-lib-ess_err.o crypto/ess/libcrypto-lib-ess_lib.o crypto/evp/libcrypto-lib-bio_b64.o crypto/evp/libcrypto-lib-bio_enc.o crypto/evp/libcrypto-lib-bio_md.o crypto/evp/libcrypto-lib-bio_ok.o crypto/evp/libcrypto-lib-c_allc.o crypto/evp/libcrypto-lib-c_alld.o crypto/evp/libcrypto-lib-cmeth_lib.o crypto/evp/libcrypto-lib-digest.o crypto/evp/libcrypto-lib-e_aes.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha1.o crypto/evp/libcrypto-lib-e_aes_cbc_hmac_sha256.o crypto/evp/libcrypto-lib-e_aria.o crypto/evp/libcrypto-lib-e_bf.o crypto/evp/libcrypto-lib-e_camellia.o crypto/evp/libcrypto-lib-e_cast.o crypto/evp/libcrypto-lib-e_chacha20_poly1305.o crypto/evp/libcrypto-lib-e_des.o crypto/evp/libcrypto-lib-e_des3.o crypto/evp/libcrypto-lib-e_idea.o crypto/evp/libcrypto-lib-e_null.o crypto/evp/libcrypto-lib-e_old.o crypto/evp/libcrypto-lib-e_rc2.o crypto/evp/libcrypto-lib-e_rc4.o crypto/evp/libcrypto-lib-e_rc4_hmac_md5.o crypto/evp/libcrypto-lib-e_rc5.o crypto/evp/libcrypto-lib-e_seed.o crypto/evp/libcrypto-lib-e_sm4.o crypto/evp/libcrypto-lib-e_xcbc_d.o crypto/evp/libcrypto-lib-encode.o crypto/evp/libcrypto-lib-evp_cnf.o crypto/evp/libcrypto-lib-evp_enc.o crypto/evp/libcrypto-lib-evp_err.o crypto/evp/libcrypto-lib-evp_fetch.o crypto/evp/libcrypto-lib-evp_key.o crypto/evp/libcrypto-lib-evp_lib.o crypto/evp/libcrypto-lib-evp_pbe.o crypto/evp/libcrypto-lib-evp_pkey.o crypto/evp/libcrypto-lib-evp_utils.o crypto/evp/libcrypto-lib-exchange.o crypto/evp/libcrypto-lib-kdf_lib.o crypto/evp/libcrypto-lib-kdf_meth.o crypto/evp/libcrypto-lib-keymgmt_lib.o crypto/evp/libcrypto-lib-keymgmt_meth.o crypto/evp/libcrypto-lib-m_md2.o crypto/evp/libcrypto-lib-m_md4.o crypto/evp/libcrypto-lib-m_md5.o crypto/evp/libcrypto-lib-m_md5_sha1.o crypto/evp/libcrypto-lib-m_mdc2.o crypto/evp/libcrypto-lib-m_null.o crypto/evp/libcrypto-lib-m_ripemd.o crypto/evp/libcrypto-lib-m_sha1.o crypto/evp/libcrypto-lib-m_sha3.o crypto/evp/libcrypto-lib-m_sigver.o crypto/evp/libcrypto-lib-m_wp.o crypto/evp/libcrypto-lib-mac_lib.o crypto/evp/libcrypto-lib-mac_meth.o crypto/evp/libcrypto-lib-names.o crypto/evp/libcrypto-lib-p5_crpt.o crypto/evp/libcrypto-lib-p5_crpt2.o crypto/evp/libcrypto-lib-p_dec.o crypto/evp/libcrypto-lib-p_enc.o crypto/evp/libcrypto-lib-p_lib.o crypto/evp/libcrypto-lib-p_open.o crypto/evp/libcrypto-lib-p_seal.o crypto/evp/libcrypto-lib-p_sign.o crypto/evp/libcrypto-lib-p_verify.o crypto/evp/libcrypto-lib-pbe_scrypt.o crypto/evp/libcrypto-lib-pkey_kdf.o crypto/evp/libcrypto-lib-pkey_mac.o crypto/evp/libcrypto-lib-pmeth_fn.o crypto/evp/libcrypto-lib-pmeth_gn.o crypto/evp/libcrypto-lib-pmeth_lib.o crypto/hmac/libcrypto-lib-hm_ameth.o crypto/hmac/libcrypto-lib-hmac.o crypto/idea/libcrypto-lib-i_cbc.o crypto/idea/libcrypto-lib-i_cfb64.o crypto/idea/libcrypto-lib-i_ecb.o crypto/idea/libcrypto-lib-i_ofb64.o crypto/idea/libcrypto-lib-i_skey.o crypto/lhash/libcrypto-lib-lh_stats.o crypto/lhash/libcrypto-lib-lhash.o crypto/libcrypto-lib-asn1_dsa.o crypto/libcrypto-lib-bsearch.o crypto/libcrypto-lib-context.o crypto/libcrypto-lib-core_algorithm.o crypto/libcrypto-lib-core_fetch.o crypto/libcrypto-lib-core_namemap.o crypto/libcrypto-lib-cpt_err.o crypto/libcrypto-lib-cryptlib.o crypto/libcrypto-lib-ctype.o crypto/libcrypto-lib-cversion.o crypto/libcrypto-lib-ebcdic.o crypto/libcrypto-lib-ex_data.o crypto/libcrypto-lib-getenv.o crypto/libcrypto-lib-info.o crypto/libcrypto-lib-init.o crypto/libcrypto-lib-initthread.o crypto/libcrypto-lib-mem.o crypto/libcrypto-lib-mem_dbg.o crypto/libcrypto-lib-mem_sec.o crypto/libcrypto-lib-o_dir.o crypto/libcrypto-lib-o_fips.o crypto/libcrypto-lib-o_fopen.o crypto/libcrypto-lib-o_init.o crypto/libcrypto-lib-o_str.o crypto/libcrypto-lib-o_time.o crypto/libcrypto-lib-packet.o crypto/libcrypto-lib-param_build.o crypto/libcrypto-lib-params.o crypto/libcrypto-lib-params_from_text.o crypto/libcrypto-lib-provider.o crypto/libcrypto-lib-provider_conf.o crypto/libcrypto-lib-provider_core.o crypto/libcrypto-lib-provider_predefined.o crypto/libcrypto-lib-sparse_array.o crypto/libcrypto-lib-threads_none.o crypto/libcrypto-lib-threads_pthread.o crypto/libcrypto-lib-threads_win.o crypto/libcrypto-lib-trace.o crypto/libcrypto-lib-uid.o crypto/libcrypto-lib-x86_64cpuid.o crypto/md4/libcrypto-lib-md4_dgst.o crypto/md4/libcrypto-lib-md4_one.o crypto/md5/libcrypto-lib-md5-x86_64.o crypto/md5/libcrypto-lib-md5_dgst.o crypto/md5/libcrypto-lib-md5_one.o crypto/md5/libcrypto-lib-md5_sha1.o crypto/mdc2/libcrypto-lib-mdc2_one.o crypto/mdc2/libcrypto-lib-mdc2dgst.o crypto/modes/libcrypto-lib-aesni-gcm-x86_64.o crypto/modes/libcrypto-lib-cbc128.o crypto/modes/libcrypto-lib-ccm128.o crypto/modes/libcrypto-lib-cfb128.o crypto/modes/libcrypto-lib-ctr128.o crypto/modes/libcrypto-lib-cts128.o crypto/modes/libcrypto-lib-gcm128.o crypto/modes/libcrypto-lib-ghash-x86_64.o crypto/modes/libcrypto-lib-ocb128.o crypto/modes/libcrypto-lib-ofb128.o crypto/modes/libcrypto-lib-siv128.o crypto/modes/libcrypto-lib-wrap128.o crypto/modes/libcrypto-lib-xts128.o crypto/objects/libcrypto-lib-o_names.o crypto/objects/libcrypto-lib-obj_dat.o crypto/objects/libcrypto-lib-obj_err.o crypto/objects/libcrypto-lib-obj_lib.o crypto/objects/libcrypto-lib-obj_xref.o crypto/ocsp/libcrypto-lib-ocsp_asn.o crypto/ocsp/libcrypto-lib-ocsp_cl.o crypto/ocsp/libcrypto-lib-ocsp_err.o crypto/ocsp/libcrypto-lib-ocsp_ext.o crypto/ocsp/libcrypto-lib-ocsp_ht.o crypto/ocsp/libcrypto-lib-ocsp_lib.o crypto/ocsp/libcrypto-lib-ocsp_prn.o crypto/ocsp/libcrypto-lib-ocsp_srv.o crypto/ocsp/libcrypto-lib-ocsp_vfy.o crypto/ocsp/libcrypto-lib-v3_ocsp.o crypto/pem/libcrypto-lib-pem_all.o crypto/pem/libcrypto-lib-pem_err.o crypto/pem/libcrypto-lib-pem_info.o crypto/pem/libcrypto-lib-pem_lib.o crypto/pem/libcrypto-lib-pem_oth.o crypto/pem/libcrypto-lib-pem_pk8.o crypto/pem/libcrypto-lib-pem_pkey.o crypto/pem/libcrypto-lib-pem_sign.o crypto/pem/libcrypto-lib-pem_x509.o crypto/pem/libcrypto-lib-pem_xaux.o crypto/pem/libcrypto-lib-pvkfmt.o crypto/pkcs12/libcrypto-lib-p12_add.o crypto/pkcs12/libcrypto-lib-p12_asn.o crypto/pkcs12/libcrypto-lib-p12_attr.o crypto/pkcs12/libcrypto-lib-p12_crpt.o crypto/pkcs12/libcrypto-lib-p12_crt.o crypto/pkcs12/libcrypto-lib-p12_decr.o crypto/pkcs12/libcrypto-lib-p12_init.o crypto/pkcs12/libcrypto-lib-p12_key.o crypto/pkcs12/libcrypto-lib-p12_kiss.o crypto/pkcs12/libcrypto-lib-p12_mutl.o crypto/pkcs12/libcrypto-lib-p12_npas.o crypto/pkcs12/libcrypto-lib-p12_p8d.o crypto/pkcs12/libcrypto-lib-p12_p8e.o crypto/pkcs12/libcrypto-lib-p12_sbag.o crypto/pkcs12/libcrypto-lib-p12_utl.o crypto/pkcs12/libcrypto-lib-pk12err.o crypto/pkcs7/libcrypto-lib-bio_pk7.o crypto/pkcs7/libcrypto-lib-pk7_asn1.o crypto/pkcs7/libcrypto-lib-pk7_attr.o crypto/pkcs7/libcrypto-lib-pk7_doit.o crypto/pkcs7/libcrypto-lib-pk7_lib.o crypto/pkcs7/libcrypto-lib-pk7_mime.o crypto/pkcs7/libcrypto-lib-pk7_smime.o crypto/pkcs7/libcrypto-lib-pkcs7err.o crypto/poly1305/libcrypto-lib-poly1305-x86_64.o crypto/poly1305/libcrypto-lib-poly1305.o crypto/poly1305/libcrypto-lib-poly1305_ameth.o crypto/property/libcrypto-lib-defn_cache.o crypto/property/libcrypto-lib-property.o crypto/property/libcrypto-lib-property_err.o crypto/property/libcrypto-lib-property_parse.o crypto/property/libcrypto-lib-property_string.o crypto/rand/libcrypto-lib-drbg_ctr.o crypto/rand/libcrypto-lib-drbg_hash.o crypto/rand/libcrypto-lib-drbg_hmac.o crypto/rand/libcrypto-lib-drbg_lib.o crypto/rand/libcrypto-lib-rand_crng_test.o crypto/rand/libcrypto-lib-rand_egd.o crypto/rand/libcrypto-lib-rand_err.o crypto/rand/libcrypto-lib-rand_lib.o crypto/rand/libcrypto-lib-rand_unix.o crypto/rand/libcrypto-lib-rand_vms.o crypto/rand/libcrypto-lib-rand_vxworks.o crypto/rand/libcrypto-lib-rand_win.o crypto/rand/libcrypto-lib-randfile.o crypto/rc2/libcrypto-lib-rc2_cbc.o crypto/rc2/libcrypto-lib-rc2_ecb.o crypto/rc2/libcrypto-lib-rc2_skey.o crypto/rc2/libcrypto-lib-rc2cfb64.o crypto/rc2/libcrypto-lib-rc2ofb64.o crypto/rc4/libcrypto-lib-rc4-md5-x86_64.o crypto/rc4/libcrypto-lib-rc4-x86_64.o crypto/ripemd/libcrypto-lib-rmd_dgst.o crypto/ripemd/libcrypto-lib-rmd_one.o crypto/rsa/libcrypto-lib-rsa_ameth.o crypto/rsa/libcrypto-lib-rsa_asn1.o crypto/rsa/libcrypto-lib-rsa_chk.o crypto/rsa/libcrypto-lib-rsa_crpt.o crypto/rsa/libcrypto-lib-rsa_depr.o crypto/rsa/libcrypto-lib-rsa_err.o crypto/rsa/libcrypto-lib-rsa_gen.o crypto/rsa/libcrypto-lib-rsa_lib.o crypto/rsa/libcrypto-lib-rsa_meth.o crypto/rsa/libcrypto-lib-rsa_mp.o crypto/rsa/libcrypto-lib-rsa_none.o crypto/rsa/libcrypto-lib-rsa_oaep.o crypto/rsa/libcrypto-lib-rsa_ossl.o crypto/rsa/libcrypto-lib-rsa_pk1.o crypto/rsa/libcrypto-lib-rsa_pmeth.o crypto/rsa/libcrypto-lib-rsa_prn.o crypto/rsa/libcrypto-lib-rsa_pss.o crypto/rsa/libcrypto-lib-rsa_saos.o crypto/rsa/libcrypto-lib-rsa_sign.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_check.o crypto/rsa/libcrypto-lib-rsa_sp800_56b_gen.o crypto/rsa/libcrypto-lib-rsa_ssl.o crypto/rsa/libcrypto-lib-rsa_x931.o crypto/rsa/libcrypto-lib-rsa_x931g.o crypto/seed/libcrypto-lib-seed.o crypto/seed/libcrypto-lib-seed_cbc.o crypto/seed/libcrypto-lib-seed_cfb.o crypto/seed/libcrypto-lib-seed_ecb.o crypto/seed/libcrypto-lib-seed_ofb.o crypto/sha/libcrypto-lib-keccak1600-x86_64.o crypto/sha/libcrypto-lib-sha1-mb-x86_64.o crypto/sha/libcrypto-lib-sha1-x86_64.o crypto/sha/libcrypto-lib-sha1_one.o crypto/sha/libcrypto-lib-sha1dgst.o crypto/sha/libcrypto-lib-sha256-mb-x86_64.o crypto/sha/libcrypto-lib-sha256-x86_64.o crypto/sha/libcrypto-lib-sha256.o crypto/sha/libcrypto-lib-sha3.o crypto/sha/libcrypto-lib-sha512-x86_64.o crypto/sha/libcrypto-lib-sha512.o crypto/siphash/libcrypto-lib-siphash.o crypto/siphash/libcrypto-lib-siphash_ameth.o crypto/sm2/libcrypto-lib-sm2_crypt.o crypto/sm2/libcrypto-lib-sm2_err.o crypto/sm2/libcrypto-lib-sm2_pmeth.o crypto/sm2/libcrypto-lib-sm2_sign.o crypto/sm3/libcrypto-lib-m_sm3.o crypto/sm3/libcrypto-lib-sm3.o crypto/sm4/libcrypto-lib-sm4.o crypto/srp/libcrypto-lib-srp_lib.o crypto/srp/libcrypto-lib-srp_vfy.o crypto/stack/libcrypto-lib-stack.o crypto/store/libcrypto-lib-loader_file.o crypto/store/libcrypto-lib-store_err.o crypto/store/libcrypto-lib-store_init.o crypto/store/libcrypto-lib-store_lib.o crypto/store/libcrypto-lib-store_register.o crypto/store/libcrypto-lib-store_strings.o crypto/ts/libcrypto-lib-ts_asn1.o crypto/ts/libcrypto-lib-ts_conf.o crypto/ts/libcrypto-lib-ts_err.o crypto/ts/libcrypto-lib-ts_lib.o crypto/ts/libcrypto-lib-ts_req_print.o crypto/ts/libcrypto-lib-ts_req_utils.o crypto/ts/libcrypto-lib-ts_rsp_print.o crypto/ts/libcrypto-lib-ts_rsp_sign.o crypto/ts/libcrypto-lib-ts_rsp_utils.o crypto/ts/libcrypto-lib-ts_rsp_verify.o crypto/ts/libcrypto-lib-ts_verify_ctx.o crypto/txt_db/libcrypto-lib-txt_db.o crypto/ui/libcrypto-lib-ui_err.o crypto/ui/libcrypto-lib-ui_lib.o crypto/ui/libcrypto-lib-ui_null.o crypto/ui/libcrypto-lib-ui_openssl.o crypto/ui/libcrypto-lib-ui_util.o crypto/whrlpool/libcrypto-lib-wp-x86_64.o crypto/whrlpool/libcrypto-lib-wp_dgst.o crypto/x509/libcrypto-lib-by_dir.o crypto/x509/libcrypto-lib-by_file.o crypto/x509/libcrypto-lib-pcy_cache.o crypto/x509/libcrypto-lib-pcy_data.o crypto/x509/libcrypto-lib-pcy_lib.o crypto/x509/libcrypto-lib-pcy_map.o crypto/x509/libcrypto-lib-pcy_node.o crypto/x509/libcrypto-lib-pcy_tree.o crypto/x509/libcrypto-lib-t_crl.o crypto/x509/libcrypto-lib-t_req.o crypto/x509/libcrypto-lib-t_x509.o crypto/x509/libcrypto-lib-v3_addr.o crypto/x509/libcrypto-lib-v3_admis.o crypto/x509/libcrypto-lib-v3_akey.o crypto/x509/libcrypto-lib-v3_akeya.o crypto/x509/libcrypto-lib-v3_alt.o crypto/x509/libcrypto-lib-v3_asid.o crypto/x509/libcrypto-lib-v3_bcons.o crypto/x509/libcrypto-lib-v3_bitst.o crypto/x509/libcrypto-lib-v3_conf.o crypto/x509/libcrypto-lib-v3_cpols.o crypto/x509/libcrypto-lib-v3_crld.o crypto/x509/libcrypto-lib-v3_enum.o crypto/x509/libcrypto-lib-v3_extku.o crypto/x509/libcrypto-lib-v3_genn.o crypto/x509/libcrypto-lib-v3_ia5.o crypto/x509/libcrypto-lib-v3_info.o crypto/x509/libcrypto-lib-v3_int.o crypto/x509/libcrypto-lib-v3_lib.o crypto/x509/libcrypto-lib-v3_ncons.o crypto/x509/libcrypto-lib-v3_pci.o crypto/x509/libcrypto-lib-v3_pcia.o crypto/x509/libcrypto-lib-v3_pcons.o crypto/x509/libcrypto-lib-v3_pku.o crypto/x509/libcrypto-lib-v3_pmaps.o crypto/x509/libcrypto-lib-v3_prn.o crypto/x509/libcrypto-lib-v3_purp.o crypto/x509/libcrypto-lib-v3_skey.o crypto/x509/libcrypto-lib-v3_sxnet.o crypto/x509/libcrypto-lib-v3_tlsf.o crypto/x509/libcrypto-lib-v3_utl.o crypto/x509/libcrypto-lib-v3err.o crypto/x509/libcrypto-lib-x509_att.o crypto/x509/libcrypto-lib-x509_cmp.o crypto/x509/libcrypto-lib-x509_d2.o crypto/x509/libcrypto-lib-x509_def.o crypto/x509/libcrypto-lib-x509_err.o crypto/x509/libcrypto-lib-x509_ext.o crypto/x509/libcrypto-lib-x509_lu.o crypto/x509/libcrypto-lib-x509_meth.o crypto/x509/libcrypto-lib-x509_obj.o crypto/x509/libcrypto-lib-x509_r2x.o crypto/x509/libcrypto-lib-x509_req.o crypto/x509/libcrypto-lib-x509_set.o crypto/x509/libcrypto-lib-x509_trs.o crypto/x509/libcrypto-lib-x509_txt.o crypto/x509/libcrypto-lib-x509_v3.o crypto/x509/libcrypto-lib-x509_vfy.o crypto/x509/libcrypto-lib-x509_vpm.o crypto/x509/libcrypto-lib-x509cset.o crypto/x509/libcrypto-lib-x509name.o crypto/x509/libcrypto-lib-x509rset.o crypto/x509/libcrypto-lib-x509spki.o crypto/x509/libcrypto-lib-x509type.o crypto/x509/libcrypto-lib-x_all.o crypto/x509/libcrypto-lib-x_attrib.o crypto/x509/libcrypto-lib-x_crl.o crypto/x509/libcrypto-lib-x_exten.o crypto/x509/libcrypto-lib-x_name.o crypto/x509/libcrypto-lib-x_pubkey.o crypto/x509/libcrypto-lib-x_req.o crypto/x509/libcrypto-lib-x_x509.o crypto/x509/libcrypto-lib-x_x509a.o providers/common/ciphers/libcrypto-lib-block.o providers/common/ciphers/libcrypto-lib-cipher_aes.o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o providers/common/ciphers/libcrypto-lib-cipher_ccm.o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o providers/common/ciphers/libcrypto-lib-cipher_common.o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o providers/common/ciphers/libcrypto-lib-cipher_gcm.o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o providers/common/ciphers/libcrypto-lib-cipher_tdes.o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o providers/common/digests/libcrypto-lib-digest_common.o providers/common/digests/libcrypto-lib-sha2_prov.o providers/common/digests/libcrypto-lib-sha3_prov.o providers/common/kdfs/libcrypto-lib-hkdf.o providers/common/kdfs/libcrypto-lib-pbkdf2.o providers/common/kdfs/libcrypto-lib-sskdf.o providers/common/kdfs/libcrypto-lib-tls1_prf.o providers/common/libcrypto-lib-provider_err.o providers/common/libcrypto-lib-provider_util.o providers/common/libcrypto-lib-provlib.o providers/common/macs/libcrypto-lib-cmac_prov.o providers/common/macs/libcrypto-lib-gmac_prov.o providers/common/macs/libcrypto-lib-hmac_prov.o providers/common/macs/libcrypto-lib-kmac_prov.o providers/common/signature/libcrypto-lib-dsa.o providers/default/ciphers/libcrypto-lib-cipher_aria.o providers/default/ciphers/libcrypto-lib-cipher_aria_ccm.o providers/default/ciphers/libcrypto-lib-cipher_aria_ccm_hw.o providers/default/ciphers/libcrypto-lib-cipher_aria_gcm.o providers/default/ciphers/libcrypto-lib-cipher_aria_gcm_hw.o providers/default/ciphers/libcrypto-lib-cipher_aria_hw.o providers/default/ciphers/libcrypto-lib-cipher_camellia.o providers/default/ciphers/libcrypto-lib-cipher_camellia_hw.o providers/default/ciphers/libcrypto-lib-cipher_desx.o providers/default/ciphers/libcrypto-lib-cipher_desx_hw.o providers/default/ciphers/libcrypto-lib-cipher_tdes_default.o providers/default/ciphers/libcrypto-lib-cipher_tdes_default_hw.o providers/default/ciphers/libcrypto-lib-cipher_tdes_wrap.o providers/default/ciphers/libcrypto-lib-cipher_tdes_wrap_hw.o providers/default/digests/libcrypto-lib-blake2_prov.o providers/default/digests/libcrypto-lib-blake2b_prov.o providers/default/digests/libcrypto-lib-blake2s_prov.o providers/default/digests/libcrypto-lib-md5_prov.o providers/default/digests/libcrypto-lib-md5_sha1_prov.o providers/default/digests/libcrypto-lib-sm3_prov.o providers/default/kdfs/libcrypto-lib-scrypt.o providers/default/kdfs/libcrypto-lib-sshkdf.o providers/default/kdfs/libcrypto-lib-x942kdf.o providers/default/libcrypto-lib-defltprov.o providers/default/macs/libcrypto-lib-blake2b_mac.o providers/default/macs/libcrypto-lib-blake2s_mac.o providers/default/macs/libcrypto-lib-poly1305_prov.o providers/default/macs/libcrypto-lib-siphash_prov.o ar: creating libcrypto.a rm -f libcrypto.so && \ ln -s libcrypto.so.3 libcrypto.so clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-znodelete -shared -Wl,-Bsymbolic -Wl,-soname=libssl.so.3 \ -o libssl.so.3 -Wl,--version-script=libssl.ld crypto/libssl-shlib-packet.o ssl/libssl-shlib-bio_ssl.o ssl/libssl-shlib-d1_lib.o ssl/libssl-shlib-d1_msg.o ssl/libssl-shlib-d1_srtp.o ssl/libssl-shlib-methods.o ssl/libssl-shlib-pqueue.o ssl/libssl-shlib-s3_cbc.o ssl/libssl-shlib-s3_enc.o ssl/libssl-shlib-s3_lib.o ssl/libssl-shlib-s3_msg.o ssl/libssl-shlib-ssl_asn1.o ssl/libssl-shlib-ssl_cert.o ssl/libssl-shlib-ssl_ciph.o ssl/libssl-shlib-ssl_conf.o ssl/libssl-shlib-ssl_err.o ssl/libssl-shlib-ssl_init.o ssl/libssl-shlib-ssl_lib.o ssl/libssl-shlib-ssl_mcnf.o ssl/libssl-shlib-ssl_rsa.o ssl/libssl-shlib-ssl_sess.o ssl/libssl-shlib-ssl_stat.o ssl/libssl-shlib-ssl_txt.o ssl/libssl-shlib-ssl_utst.o ssl/libssl-shlib-t1_enc.o ssl/libssl-shlib-t1_lib.o ssl/libssl-shlib-t1_trce.o ssl/libssl-shlib-tls13_enc.o ssl/libssl-shlib-tls_srp.o ssl/record/libssl-shlib-dtls1_bitmap.o ssl/record/libssl-shlib-rec_layer_d1.o ssl/record/libssl-shlib-rec_layer_s3.o ssl/record/libssl-shlib-ssl3_buffer.o ssl/record/libssl-shlib-ssl3_record.o ssl/record/libssl-shlib-ssl3_record_tls13.o ssl/statem/libssl-shlib-extensions.o ssl/statem/libssl-shlib-extensions_clnt.o ssl/statem/libssl-shlib-extensions_cust.o ssl/statem/libssl-shlib-extensions_srvr.o ssl/statem/libssl-shlib-statem.o ssl/statem/libssl-shlib-statem_clnt.o ssl/statem/libssl-shlib-statem_dtls.o ssl/statem/libssl-shlib-statem_lib.o ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread ranlib libcrypto.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld engines/padlock-dso-e_padlock-x86_64.o engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -z defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld providers/common/digests/legacy-dso-digest_common.o providers/legacy/digests/legacy-dso-md4_prov.o providers/legacy/digests/legacy-dso-mdc2_prov.o providers/legacy/digests/legacy-dso-ripemd_prov.o providers/legacy/digests/legacy-dso-wp_prov.o providers/legacy/legacy-dso-legacyprov.o \ -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test fuzz/asn1parse-test-bin-asn1parse.o fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test fuzz/bignum-test-bin-bignum.o fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test fuzz/bndiv-test-bin-bndiv.o fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/cms-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/cms-test fuzz/cms-test-bin-cms.o fuzz/cms-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:15403: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:15424: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:15445: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 ./libcrypto.so: undefined reference to `dsa_keymgmt_functions' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:15487: recipe for target 'fuzz/cms-test' failed make[1]: *** [fuzz/cms-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dh' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Thu Sep 12 02:16:13 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 12 Sep 2019 02:16:13 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1568254573.425982.24036.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 7f0a8dc7f9 crypto/threads_win.c: fix preprocessor indentation 0768b38b80 drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) 5562dbb39c drbg: add fork id to additional data on UNIX systems 849529257c drbg: ensure fork-safety without using a pthread_atfork handler dc64dc2edd Add EVP_CIPHER_CTX_tag_length() 64115f05ac Usages of KDFs converted to use the name macros 69333af49d Register KDF's using their name macros rather than strings 2e548ac9a1 Make FIPS provider use KDF name for PBKDF2 27e27cd7ef Update tests to (mostly) use KDF names 1732c260db Convert SSL functions to use KDF names not SN_ strings d810cc1977 Add macros for the KDF algorithm names. 4a3dd62923 Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS) f20a59cb1c Coverity 1453634: Resource leaks (RESOURCE_LEAK) d111712f6a Coverity 1453633: Error handling issues (CHECKED_RETURN) 64da55a64f Coverity 1453632 & 1453635: Null pointer dereferences (FORWARD_NULL) 085f1d11a0 Coverity 1453630: Null pointer dereferences (FORWARD_NULL) 6ce4ff1915 Coverity 1453628: Null pointer dereferences (REVERSE_INULL) 7e56c62693 Coverity 1453627: Null pointer dereferences (REVERSE_INULL) 92475712a9 Coverity 1414465: Resource leaks (RESOURCE_LEAK) Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: error: implicit declaration of function 'DSA_set0_pqg' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (!DSA_set0_pqg(dsa, p, q, g)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: error: implicit declaration of function 'DSA_set0_key' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if (pub_key != NULL && !DSA_set0_key(dsa, pub_key, priv_key)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: note: did you mean 'DSA_set0_pqg'? ../openssl/providers/common/keymgmt/dsa_kmgmt.c:52:10: note: 'DSA_set0_pqg' declared here if (!DSA_set0_pqg(dsa, p, q, g)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:56:29: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] if (pub_key != NULL && !DSA_set0_key(dsa, pub_key, priv_key)) ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:16: error: implicit declaration of function 'DSA_new' is invalid in C99 [-Werror,-Wimplicit-function-declaration] if ((dsa = DSA_new()) == NULL ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:16: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:75:14: error: incompatible integer to pointer conversion assigning to 'DSA *' (aka 'struct dsa_st *') from 'int' [-Werror,-Wint-conversion] if ((dsa = DSA_new()) == NULL ^ ~~~~~~~~~ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:77:9: error: implicit declaration of function 'DSA_free' is invalid in C99 [-Werror,-Wimplicit-function-declaration] DSA_free(dsa); ^ ../openssl/providers/common/keymgmt/dsa_kmgmt.c:77:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/keymgmt/dsa_kmgmt.c:89:50: error: use of undeclared identifier 'DSA_free' { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DSA_free }, ^ 10 errors generated. Makefile:12389: recipe for target 'providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o' failed make[1]: *** [providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Thu Sep 12 03:31:56 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 12 Sep 2019 03:31:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1568259116.315391.22834.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 7f0a8dc7f9 crypto/threads_win.c: fix preprocessor indentation 0768b38b80 drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) 5562dbb39c drbg: add fork id to additional data on UNIX systems 849529257c drbg: ensure fork-safety without using a pthread_atfork handler dc64dc2edd Add EVP_CIPHER_CTX_tag_length() 64115f05ac Usages of KDFs converted to use the name macros 69333af49d Register KDF's using their name macros rather than strings 2e548ac9a1 Make FIPS provider use KDF name for PBKDF2 27e27cd7ef Update tests to (mostly) use KDF names 1732c260db Convert SSL functions to use KDF names not SN_ strings d810cc1977 Add macros for the KDF algorithm names. 4a3dd62923 Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS) f20a59cb1c Coverity 1453634: Resource leaks (RESOURCE_LEAK) d111712f6a Coverity 1453633: Error handling issues (CHECKED_RETURN) 64da55a64f Coverity 1453632 & 1453635: Null pointer dereferences (FORWARD_NULL) 085f1d11a0 Coverity 1453630: Null pointer dereferences (FORWARD_NULL) 6ce4ff1915 Coverity 1453628: Null pointer dereferences (REVERSE_INULL) 7e56c62693 Coverity 1453627: Null pointer dereferences (REVERSE_INULL) 92475712a9 Coverity 1414465: Resource leaks (RESOURCE_LEAK) Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_crld.d.tmp -MT crypto/x509/libcrypto-lib-v3_crld.o -c -o crypto/x509/libcrypto-lib-v3_crld.o ../openssl/crypto/x509/v3_crld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509/libcrypto-lib-v3_enum.o -c -o crypto/x509/libcrypto-lib-v3_enum.o ../openssl/crypto/x509/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509/libcrypto-lib-v3_extku.o -c -o crypto/x509/libcrypto-lib-v3_extku.o ../openssl/crypto/x509/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509/libcrypto-lib-v3_genn.o -c -o crypto/x509/libcrypto-lib-v3_genn.o ../openssl/crypto/x509/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509/libcrypto-lib-v3_ia5.o -c -o crypto/x509/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_info.d.tmp -MT crypto/x509/libcrypto-lib-v3_info.o -c -o crypto/x509/libcrypto-lib-v3_info.o ../openssl/crypto/x509/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_int.d.tmp -MT crypto/x509/libcrypto-lib-v3_int.o -c -o crypto/x509/libcrypto-lib-v3_int.o ../openssl/crypto/x509/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509/libcrypto-lib-v3_lib.o -c -o crypto/x509/libcrypto-lib-v3_lib.o ../openssl/crypto/x509/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509/libcrypto-lib-v3_ncons.o -c -o crypto/x509/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509/libcrypto-lib-v3_pci.o -c -o crypto/x509/libcrypto-lib-v3_pci.o ../openssl/crypto/x509/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcia.o -c -o crypto/x509/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcons.o -c -o crypto/x509/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509/libcrypto-lib-v3_pku.o -c -o crypto/x509/libcrypto-lib-v3_pku.o ../openssl/crypto/x509/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-cmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-cmac_prov.o -c -o providers/common/macs/libcrypto-lib-cmac_prov.o ../openssl/providers/common/macs/cmac_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/macs/libcrypto-lib-gmac_prov.d.tmp -MT providers/common/macs/libcrypto-lib-gmac_prov.o -c -o providers/common/macs/libcrypto-lib-gmac_prov.o ../openssl/providers/common/macs/gmac_prov.c ../openssl/providers/common/provider_util.c:52:9: error: implicit declaration of function 'ENGINE_finish' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ENGINE_finish(*engine); ^ ../openssl/providers/common/provider_util.c:52:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:19: error: implicit declaration of function 'ENGINE_by_id' is invalid in C99 [-Werror,-Wimplicit-function-declaration] *engine = ENGINE_by_id(p->data); ^ ../openssl/providers/common/provider_util.c:53:19: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:17: error: incompatible integer to pointer conversion assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int' [-Werror,-Wint-conversion] *engine = ENGINE_by_id(p->data); ^ ~~~~~~~~~~~~~~~~~~~~~ 5 errors generated. Makefile:12269: recipe for target 'providers/common/libcrypto-lib-provider_util.o' failed make[1]: *** [providers/common/libcrypto-lib-provider_util.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-engine' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Thu Sep 12 03:32:57 2019 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 12 Sep 2019 03:32:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine no-shared Message-ID: <1568259177.982734.27983.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine no-shared Commit log since last time: 7f0a8dc7f9 crypto/threads_win.c: fix preprocessor indentation 0768b38b80 drbg: fix issue where DRBG_CTR fails if NO_DF is used (2nd attempt) 5562dbb39c drbg: add fork id to additional data on UNIX systems 849529257c drbg: ensure fork-safety without using a pthread_atfork handler dc64dc2edd Add EVP_CIPHER_CTX_tag_length() 64115f05ac Usages of KDFs converted to use the name macros 69333af49d Register KDF's using their name macros rather than strings 2e548ac9a1 Make FIPS provider use KDF name for PBKDF2 27e27cd7ef Update tests to (mostly) use KDF names 1732c260db Convert SSL functions to use KDF names not SN_ strings d810cc1977 Add macros for the KDF algorithm names. 4a3dd62923 Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS) f20a59cb1c Coverity 1453634: Resource leaks (RESOURCE_LEAK) d111712f6a Coverity 1453633: Error handling issues (CHECKED_RETURN) 64da55a64f Coverity 1453632 & 1453635: Null pointer dereferences (FORWARD_NULL) 085f1d11a0 Coverity 1453630: Null pointer dereferences (FORWARD_NULL) 6ce4ff1915 Coverity 1453628: Null pointer dereferences (REVERSE_INULL) 7e56c62693 Coverity 1453627: Null pointer dereferences (REVERSE_INULL) 92475712a9 Coverity 1414465: Resource leaks (RESOURCE_LEAK) Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_conf.d.tmp -MT crypto/x509/libcrypto-lib-v3_conf.o -c -o crypto/x509/libcrypto-lib-v3_conf.o ../openssl/crypto/x509/v3_conf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_cpols.d.tmp -MT crypto/x509/libcrypto-lib-v3_cpols.o -c -o crypto/x509/libcrypto-lib-v3_cpols.o ../openssl/crypto/x509/v3_cpols.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_crld.d.tmp -MT crypto/x509/libcrypto-lib-v3_crld.o -c -o crypto/x509/libcrypto-lib-v3_crld.o ../openssl/crypto/x509/v3_crld.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_enum.d.tmp -MT crypto/x509/libcrypto-lib-v3_enum.o -c -o crypto/x509/libcrypto-lib-v3_enum.o ../openssl/crypto/x509/v3_enum.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_extku.d.tmp -MT crypto/x509/libcrypto-lib-v3_extku.o -c -o crypto/x509/libcrypto-lib-v3_extku.o ../openssl/crypto/x509/v3_extku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_genn.d.tmp -MT crypto/x509/libcrypto-lib-v3_genn.o -c -o crypto/x509/libcrypto-lib-v3_genn.o ../openssl/crypto/x509/v3_genn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ia5.d.tmp -MT crypto/x509/libcrypto-lib-v3_ia5.o -c -o crypto/x509/libcrypto-lib-v3_ia5.o ../openssl/crypto/x509/v3_ia5.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_info.d.tmp -MT crypto/x509/libcrypto-lib-v3_info.o -c -o crypto/x509/libcrypto-lib-v3_info.o ../openssl/crypto/x509/v3_info.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_int.d.tmp -MT crypto/x509/libcrypto-lib-v3_int.o -c -o crypto/x509/libcrypto-lib-v3_int.o ../openssl/crypto/x509/v3_int.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_lib.d.tmp -MT crypto/x509/libcrypto-lib-v3_lib.o -c -o crypto/x509/libcrypto-lib-v3_lib.o ../openssl/crypto/x509/v3_lib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_ncons.d.tmp -MT crypto/x509/libcrypto-lib-v3_ncons.o -c -o crypto/x509/libcrypto-lib-v3_ncons.o ../openssl/crypto/x509/v3_ncons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pci.d.tmp -MT crypto/x509/libcrypto-lib-v3_pci.o -c -o crypto/x509/libcrypto-lib-v3_pci.o ../openssl/crypto/x509/v3_pci.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcia.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcia.o -c -o crypto/x509/libcrypto-lib-v3_pcia.o ../openssl/crypto/x509/v3_pcia.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pcons.d.tmp -MT crypto/x509/libcrypto-lib-v3_pcons.o -c -o crypto/x509/libcrypto-lib-v3_pcons.o ../openssl/crypto/x509/v3_pcons.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pku.d.tmp -MT crypto/x509/libcrypto-lib-v3_pku.o -c -o crypto/x509/libcrypto-lib-v3_pku.o ../openssl/crypto/x509/v3_pku.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_pmaps.d.tmp -MT crypto/x509/libcrypto-lib-v3_pmaps.o -c -o crypto/x509/libcrypto-lib-v3_pmaps.o ../openssl/crypto/x509/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_prn.d.tmp -MT crypto/x509/libcrypto-lib-v3_prn.o -c -o crypto/x509/libcrypto-lib-v3_prn.o ../openssl/crypto/x509/v3_prn.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_purp.d.tmp -MT crypto/x509/libcrypto-lib-v3_purp.o -c -o crypto/x509/libcrypto-lib-v3_purp.o ../openssl/crypto/x509/v3_purp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_skey.d.tmp -MT crypto/x509/libcrypto-lib-v3_skey.o -c -o crypto/x509/libcrypto-lib-v3_skey.o ../openssl/crypto/x509/v3_skey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_sxnet.d.tmp -MT crypto/x509/libcrypto-lib-v3_sxnet.o -c -o crypto/x509/libcrypto-lib-v3_sxnet.o ../openssl/crypto/x509/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_tlsf.d.tmp -MT crypto/x509/libcrypto-lib-v3_tlsf.o -c -o crypto/x509/libcrypto-lib-v3_tlsf.o ../openssl/crypto/x509/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3_utl.d.tmp -MT crypto/x509/libcrypto-lib-v3_utl.o -c -o crypto/x509/libcrypto-lib-v3_utl.o ../openssl/crypto/x509/v3_utl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-v3err.d.tmp -MT crypto/x509/libcrypto-lib-v3err.o -c -o crypto/x509/libcrypto-lib-v3err.o ../openssl/crypto/x509/v3err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_att.d.tmp -MT crypto/x509/libcrypto-lib-x509_att.o -c -o crypto/x509/libcrypto-lib-x509_att.o ../openssl/crypto/x509/x509_att.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_cmp.d.tmp -MT crypto/x509/libcrypto-lib-x509_cmp.o -c -o crypto/x509/libcrypto-lib-x509_cmp.o ../openssl/crypto/x509/x509_cmp.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_d2.d.tmp -MT crypto/x509/libcrypto-lib-x509_d2.o -c -o crypto/x509/libcrypto-lib-x509_d2.o ../openssl/crypto/x509/x509_d2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_def.d.tmp -MT crypto/x509/libcrypto-lib-x509_def.o -c -o crypto/x509/libcrypto-lib-x509_def.o ../openssl/crypto/x509/x509_def.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_err.d.tmp -MT crypto/x509/libcrypto-lib-x509_err.o -c -o crypto/x509/libcrypto-lib-x509_err.o ../openssl/crypto/x509/x509_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_ext.d.tmp -MT crypto/x509/libcrypto-lib-x509_ext.o -c -o crypto/x509/libcrypto-lib-x509_ext.o ../openssl/crypto/x509/x509_ext.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_lu.d.tmp -MT crypto/x509/libcrypto-lib-x509_lu.o -c -o crypto/x509/libcrypto-lib-x509_lu.o ../openssl/crypto/x509/x509_lu.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_meth.d.tmp -MT crypto/x509/libcrypto-lib-x509_meth.o -c -o crypto/x509/libcrypto-lib-x509_meth.o ../openssl/crypto/x509/x509_meth.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_obj.d.tmp -MT crypto/x509/libcrypto-lib-x509_obj.o -c -o crypto/x509/libcrypto-lib-x509_obj.o ../openssl/crypto/x509/x509_obj.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_r2x.d.tmp -MT crypto/x509/libcrypto-lib-x509_r2x.o -c -o crypto/x509/libcrypto-lib-x509_r2x.o ../openssl/crypto/x509/x509_r2x.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_req.d.tmp -MT crypto/x509/libcrypto-lib-x509_req.o -c -o crypto/x509/libcrypto-lib-x509_req.o ../openssl/crypto/x509/x509_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_set.d.tmp -MT crypto/x509/libcrypto-lib-x509_set.o -c -o crypto/x509/libcrypto-lib-x509_set.o ../openssl/crypto/x509/x509_set.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_trs.d.tmp -MT crypto/x509/libcrypto-lib-x509_trs.o -c -o crypto/x509/libcrypto-lib-x509_trs.o ../openssl/crypto/x509/x509_trs.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_txt.d.tmp -MT crypto/x509/libcrypto-lib-x509_txt.o -c -o crypto/x509/libcrypto-lib-x509_txt.o ../openssl/crypto/x509/x509_txt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_v3.d.tmp -MT crypto/x509/libcrypto-lib-x509_v3.o -c -o crypto/x509/libcrypto-lib-x509_v3.o ../openssl/crypto/x509/x509_v3.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vfy.d.tmp -MT crypto/x509/libcrypto-lib-x509_vfy.o -c -o crypto/x509/libcrypto-lib-x509_vfy.o ../openssl/crypto/x509/x509_vfy.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509_vpm.d.tmp -MT crypto/x509/libcrypto-lib-x509_vpm.o -c -o crypto/x509/libcrypto-lib-x509_vpm.o ../openssl/crypto/x509/x509_vpm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509cset.d.tmp -MT crypto/x509/libcrypto-lib-x509cset.o -c -o crypto/x509/libcrypto-lib-x509cset.o ../openssl/crypto/x509/x509cset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509name.d.tmp -MT crypto/x509/libcrypto-lib-x509name.o -c -o crypto/x509/libcrypto-lib-x509name.o ../openssl/crypto/x509/x509name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509rset.d.tmp -MT crypto/x509/libcrypto-lib-x509rset.o -c -o crypto/x509/libcrypto-lib-x509rset.o ../openssl/crypto/x509/x509rset.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509spki.d.tmp -MT crypto/x509/libcrypto-lib-x509spki.o -c -o crypto/x509/libcrypto-lib-x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x509type.d.tmp -MT crypto/x509/libcrypto-lib-x509type.o -c -o crypto/x509/libcrypto-lib-x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_all.d.tmp -MT crypto/x509/libcrypto-lib-x_all.o -c -o crypto/x509/libcrypto-lib-x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_attrib.d.tmp -MT crypto/x509/libcrypto-lib-x_attrib.o -c -o crypto/x509/libcrypto-lib-x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_crl.d.tmp -MT crypto/x509/libcrypto-lib-x_crl.o -c -o crypto/x509/libcrypto-lib-x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_exten.d.tmp -MT crypto/x509/libcrypto-lib-x_exten.o -c -o crypto/x509/libcrypto-lib-x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_name.d.tmp -MT crypto/x509/libcrypto-lib-x_name.o -c -o crypto/x509/libcrypto-lib-x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_pubkey.d.tmp -MT crypto/x509/libcrypto-lib-x_pubkey.o -c -o crypto/x509/libcrypto-lib-x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_req.d.tmp -MT crypto/x509/libcrypto-lib-x_req.o -c -o crypto/x509/libcrypto-lib-x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509.d.tmp -MT crypto/x509/libcrypto-lib-x_x509.o -c -o crypto/x509/libcrypto-lib-x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF crypto/x509/libcrypto-lib-x_x509a.d.tmp -MT crypto/x509/libcrypto-lib-x_x509a.o -c -o crypto/x509/libcrypto-lib-x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-block.d.tmp -MT providers/common/ciphers/libcrypto-lib-block.o -c -o providers/common/ciphers/libcrypto-lib-block.o ../openssl/providers/common/ciphers/block.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes.o ../openssl/providers/common/ciphers/cipher_aes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm.o ../openssl/providers/common/ciphers/cipher_aes_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_ccm_hw.o ../openssl/providers/common/ciphers/cipher_aes_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm.o ../openssl/providers/common/ciphers/cipher_aes_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_gcm_hw.o ../openssl/providers/common/ciphers/cipher_aes_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_aes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_aes_hw.o ../openssl/providers/common/ciphers/cipher_aes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm.o ../openssl/providers/common/ciphers/cipher_ccm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_ccm_hw.o ../openssl/providers/common/ciphers/cipher_ccm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common.o ../openssl/providers/common/ciphers/cipher_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_common_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_common_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_common_hw.o ../openssl/providers/common/ciphers/cipher_common_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm.o ../openssl/providers/common/ciphers/cipher_gcm.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_gcm_hw.o ../openssl/providers/common/ciphers/cipher_gcm_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes.o ../openssl/providers/common/ciphers/cipher_tdes.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.d.tmp -MT providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o -c -o providers/common/ciphers/libcrypto-lib-cipher_tdes_hw.o ../openssl/providers/common/ciphers/cipher_tdes_hw.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-digest_common.d.tmp -MT providers/common/digests/libcrypto-lib-digest_common.o -c -o providers/common/digests/libcrypto-lib-digest_common.o ../openssl/providers/common/digests/digest_common.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha2_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha2_prov.o -c -o providers/common/digests/libcrypto-lib-sha2_prov.o ../openssl/providers/common/digests/sha2_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/digests/libcrypto-lib-sha3_prov.d.tmp -MT providers/common/digests/libcrypto-lib-sha3_prov.o -c -o providers/common/digests/libcrypto-lib-sha3_prov.o ../openssl/providers/common/digests/sha3_prov.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/exchange/libcrypto-lib-dh_exch.d.tmp -MT providers/common/exchange/libcrypto-lib-dh_exch.o -c -o providers/common/exchange/libcrypto-lib-dh_exch.o ../openssl/providers/common/exchange/dh_exch.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-hkdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-hkdf.o -c -o providers/common/kdfs/libcrypto-lib-hkdf.o ../openssl/providers/common/kdfs/hkdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-pbkdf2.d.tmp -MT providers/common/kdfs/libcrypto-lib-pbkdf2.o -c -o providers/common/kdfs/libcrypto-lib-pbkdf2.o ../openssl/providers/common/kdfs/pbkdf2.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-sskdf.d.tmp -MT providers/common/kdfs/libcrypto-lib-sskdf.o -c -o providers/common/kdfs/libcrypto-lib-sskdf.o ../openssl/providers/common/kdfs/sskdf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/kdfs/libcrypto-lib-tls1_prf.d.tmp -MT providers/common/kdfs/libcrypto-lib-tls1_prf.o -c -o providers/common/kdfs/libcrypto-lib-tls1_prf.o ../openssl/providers/common/kdfs/tls1_prf.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dh_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dh_kmgmt.o ../openssl/providers/common/keymgmt/dh_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.d.tmp -MT providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o -c -o providers/common/keymgmt/libcrypto-lib-dsa_kmgmt.o ../openssl/providers/common/keymgmt/dsa_kmgmt.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_err.d.tmp -MT providers/common/libcrypto-lib-provider_err.o -c -o providers/common/libcrypto-lib-provider_err.o ../openssl/providers/common/provider_err.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provider_util.d.tmp -MT providers/common/libcrypto-lib-provider_util.o -c -o providers/common/libcrypto-lib-provider_util.o ../openssl/providers/common/provider_util.c clang -I. -Icrypto/include -Iinclude -Iproviders/common/include -Iproviders/default/include -Iproviders/common/ciphers -Icrypto -Iproviders/common/macs -Iproviders/common/kdfs -Iproviders/default/macs -Iproviders/default/ciphers -Iproviders/default/kdfs -I../openssl -I../openssl/crypto/include -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/default/include -I../openssl/providers/common/ciphers -I../openssl/crypto -I../openssl/providers/common/macs -I../openssl/providers/common/kdfs -I../openssl/providers/default/macs -I../openssl/providers/default/ciphers -I../openssl/providers/default/kdfs -DAES_ASM -DBSAES_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_IA32_SSE2 -MMD -MF providers/common/libcrypto-lib-provlib.d.tmp -MT providers/common/libcrypto-lib-provlib.o -c -o providers/common/libcrypto-lib-provlib.o ../openssl/providers/common/provlib.c ../openssl/providers/common/provider_util.c:52:9: error: implicit declaration of function 'ENGINE_finish' is invalid in C99 [-Werror,-Wimplicit-function-declaration] ENGINE_finish(*engine); ^ ../openssl/providers/common/provider_util.c:52:9: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:19: error: implicit declaration of function 'ENGINE_by_id' is invalid in C99 [-Werror,-Wimplicit-function-declaration] *engine = ENGINE_by_id(p->data); ^ ../openssl/providers/common/provider_util.c:53:19: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ../openssl/providers/common/provider_util.c:53:17: error: incompatible integer to pointer conversion assigning to 'ENGINE *' (aka 'struct engine_st *') from 'int' [-Werror,-Wint-conversion] *engine = ENGINE_by_id(p->data); ^ ~~~~~~~~~~~~~~~~~~~~~ 5 errors generated. Makefile:6455: recipe for target 'providers/common/libcrypto-lib-provider_util.o' failed make[1]: *** [providers/common/libcrypto-lib-provider_util.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-engine_no-shared' Makefile:165: recipe for target 'all' failed make: *** [all] Error 2 From kaishen.yy at antfin.com Thu Sep 12 09:07:31 2019 From: kaishen.yy at antfin.com (kaishen.yy at antfin.com) Date: Thu, 12 Sep 2019 09:07:31 +0000 Subject: [openssl] master update Message-ID: <1568279251.790988.9801.nullmailer@dev.openssl.org> The branch master has been updated via 98b687f8d053662f8d7fee586d5a91d86fecdfee (commit) from 7f0a8dc7f9c5c35af0f66aca553304737931d55f (commit) - Log ----------------------------------------------------------------- commit 98b687f8d053662f8d7fee586d5a91d86fecdfee Author: Paul Yang Date: Thu Sep 12 16:57:23 2019 +0800 Fix test error if scrypt is disabled Fix no-scrypt. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9840) ----------------------------------------------------------------------- Summary of changes: test/evp_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/evp_test.c b/test/evp_test.c index 67a818d98d..69ccb9739e 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1989,7 +1989,8 @@ static int kdf_test_init(EVP_TEST *t, const char *name) EVP_KDF *kdf; #ifdef OPENSSL_NO_SCRYPT - if (strcmp(name, "scrypt") == 0) { + /* TODO(3.0) Replace with "scrypt" once aliases are supported */ + if (strcmp(name, "id-scrypt") == 0) { t->skip = 1; return 1; } From matt at openssl.org Thu Sep 12 09:12:35 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 12 Sep 2019 09:12:35 +0000 Subject: [openssl] master update Message-ID: <1568279555.761101.11819.nullmailer@dev.openssl.org> The branch master has been updated via 8d0f8c818117132a38005a046f0daacd1219e217 (commit) from 98b687f8d053662f8d7fee586d5a91d86fecdfee (commit) - Log ----------------------------------------------------------------- commit 8d0f8c818117132a38005a046f0daacd1219e217 Author: Matt Caswell Date: Wed Sep 11 10:04:23 2019 +0100 Fix no-dsa Also fixes no-dh Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9861) ----------------------------------------------------------------------- Summary of changes: providers/common/keymgmt/build.info | 6 +++++- test/evp_extra_test.c | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/providers/common/keymgmt/build.info b/providers/common/keymgmt/build.info index 4e7bc750f5..e66190c401 100644 --- a/providers/common/keymgmt/build.info +++ b/providers/common/keymgmt/build.info @@ -1,5 +1,9 @@ LIBS=../../../libcrypto IF[{- !$disabled{dh} -}] SOURCE[../../../libcrypto]=\ - dh_kmgmt.c dsa_kmgmt.c + dh_kmgmt.c +ENDIF +IF[{- !$disabled{dsa} -}] + SOURCE[../../../libcrypto]=\ + dsa_kmgmt.c ENDIF diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 631ad65540..bbb846e6fd 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1398,6 +1398,7 @@ static int test_EVP_CIPHER_fetch(int tst) return ret; } +#ifndef OPENSSL_NO_DSA /* Test getting and setting parameters on an EVP_PKEY_CTX */ static int test_EVP_PKEY_CTX_get_set_params(void) { @@ -1508,6 +1509,7 @@ static int test_EVP_PKEY_CTX_get_set_params(void) return ret; } +#endif int setup_tests(void) { @@ -1545,6 +1547,8 @@ int setup_tests(void) ADD_ALL_TESTS(test_EVP_MD_fetch, 5); ADD_ALL_TESTS(test_EVP_CIPHER_fetch, 5); #endif +#ifndef OPENSSL_NO_DSA ADD_TEST(test_EVP_PKEY_CTX_get_set_params); +#endif return 1; } From matt at openssl.org Thu Sep 12 09:23:07 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 12 Sep 2019 09:23:07 +0000 Subject: [openssl] master update Message-ID: <1568280187.736634.14029.nullmailer@dev.openssl.org> The branch master has been updated via 252a3665e4c24a387e86ff4e07159f8e846adebc (commit) from 8d0f8c818117132a38005a046f0daacd1219e217 (commit) - Log ----------------------------------------------------------------- commit 252a3665e4c24a387e86ff4e07159f8e846adebc Author: Matt Caswell Date: Wed Sep 11 10:17:00 2019 +0100 Fix no-engine Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9863) ----------------------------------------------------------------------- Summary of changes: providers/common/provider_util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index babbfffd3d..92cfb749c0 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -44,7 +44,8 @@ static int load_common(const OSSL_PARAM params[], const char **propquery, *engine = NULL; /* TODO legacy stuff, to be removed */ -#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */ + /* Inside the FIPS module, we don't support legacy ciphers */ +#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE) p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING) From matt at openssl.org Thu Sep 12 09:29:10 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 12 Sep 2019 09:29:10 +0000 Subject: [openssl] master update Message-ID: <1568280550.003694.15560.nullmailer@dev.openssl.org> The branch master has been updated via 6b3d0423528b049d04b299a8588a32d5c1224717 (commit) from 252a3665e4c24a387e86ff4e07159f8e846adebc (commit) - Log ----------------------------------------------------------------- commit 6b3d0423528b049d04b299a8588a32d5c1224717 Author: Matt Caswell Date: Wed Sep 11 11:52:47 2019 +0100 Pass the correct ctx to provider KDF functions Make sure we pass the provider side ctx and not the libcrypto side ctx. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9865) ----------------------------------------------------------------------- Summary of changes: crypto/evp/kdf_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index dedb250988..9f055a61d0 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -117,7 +117,7 @@ size_t EVP_KDF_size(EVP_KDF_CTX *ctx) *params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &s); if (ctx->meth->get_ctx_params != NULL - && ctx->meth->get_ctx_params(ctx, params)) + && ctx->meth->get_ctx_params(ctx->data, params)) return s; if (ctx->meth->get_params != NULL && ctx->meth->get_params(params)) From matt at openssl.org Thu Sep 12 09:36:30 2019 From: matt at openssl.org (Matt Caswell) Date: Thu, 12 Sep 2019 09:36:30 +0000 Subject: [openssl] master update Message-ID: <1568280990.922651.17132.nullmailer@dev.openssl.org> The branch master has been updated via 7eeceeaab24aea16027cdc1f9df92366094893b7 (commit) from 6b3d0423528b049d04b299a8588a32d5c1224717 (commit) - Log ----------------------------------------------------------------- commit 7eeceeaab24aea16027cdc1f9df92366094893b7 Author: Matt Caswell Date: Wed Sep 11 15:03:39 2019 +0100 Avoid passing NULL to memcpy It is undefined behaviour to send NULL as either the src, or dest params in memcpy. In pkey_kdf.c we had a check to ensure that the src address is non-NULL. However in some situations it is possible that the dest address could also be NULL. Specifically in the case where the datalen is 0 and we are using a newly allocated BUF_MEM. We add a check of datalen to avoid the undefined behaviour. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9868) ----------------------------------------------------------------------- Summary of changes: crypto/evp/pkey_kdf.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c index c13bb203b3..f32d2131a7 100644 --- a/crypto/evp/pkey_kdf.c +++ b/crypto/evp/pkey_kdf.c @@ -82,17 +82,13 @@ static int collect(BUF_MEM **collector, void *data, size_t datalen) return 0; } - i = (*collector)->length; /* BUF_MEM_grow() changes it! */ - /* - * The i + datalen check is to distinguish between BUF_MEM_grow() - * signaling an error and BUF_MEM_grow() simply returning the (zero) - * length. - */ - if (!BUF_MEM_grow(*collector, i + datalen) - && i + datalen != 0) - return 0; - if (data != NULL) + if (data != NULL && datalen > 0) { + i = (*collector)->length; /* BUF_MEM_grow() changes it! */ + + if (!BUF_MEM_grow(*collector, i + datalen)) + return 0; memcpy((*collector)->data + i, data, datalen); + } return 1; } From builds at travis-ci.org Thu Sep 12 09:28:43 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 12 Sep 2019 09:28:43 +0000 Subject: Still Failing: openssl/openssl#28202 (master - 98b687f) In-Reply-To: Message-ID: <5d7a0fcb9e174_43ff2d0e689a0236794@6feb6002-7034-496b-8858-dad5571fd371.mail> Build Update for openssl/openssl ------------------------------------- Build: #28202 Status: Still Failing Duration: 20 mins and 29 secs Commit: 98b687f (master) Author: Paul Yang Message: Fix test error if scrypt is disabled Fix no-scrypt. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9840) View the changeset: https://github.com/openssl/openssl/compare/7f0a8dc7f9c5...98b687f8d053 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/584045742?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 12 09:43:41 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 12 Sep 2019 09:43:41 +0000 Subject: Still Failing: openssl/openssl#28203 (master - 8d0f8c8) In-Reply-To: Message-ID: <5d7a134d7cd7a_43f935a9c74081756da@1bc2e7a9-9985-4e26-999b-2432a71ccfd0.mail> Build Update for openssl/openssl ------------------------------------- Build: #28203 Status: Still Failing Duration: 23 mins and 35 secs Commit: 8d0f8c8 (master) Author: Matt Caswell Message: Fix no-dsa Also fixes no-dh Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/9861) View the changeset: https://github.com/openssl/openssl/compare/98b687f8d053...8d0f8c818117 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/584047304?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 12 09:57:29 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 12 Sep 2019 09:57:29 +0000 Subject: Still Failing: openssl/openssl#28204 (master - 252a366) In-Reply-To: Message-ID: <5d7a16891801_43ff2cf370d78243993@6feb6002-7034-496b-8858-dad5571fd371.mail> Build Update for openssl/openssl ------------------------------------- Build: #28204 Status: Still Failing Duration: 28 mins and 18 secs Commit: 252a366 (master) Author: Matt Caswell Message: Fix no-engine Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9863) View the changeset: https://github.com/openssl/openssl/compare/8d0f8c818117...252a3665e4c2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/584050919?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 12 10:12:04 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 12 Sep 2019 10:12:04 +0000 Subject: Still Failing: openssl/openssl#28205 (master - 6b3d042) In-Reply-To: Message-ID: <5d7a19f421d9b_43f9016d955f4240343@4da84591-bac9-4b8a-aa7f-94241c06e319.mail> Build Update for openssl/openssl ------------------------------------- Build: #28205 Status: Still Failing Duration: 22 mins and 18 secs Commit: 6b3d042 (master) Author: Matt Caswell Message: Pass the correct ctx to provider KDF functions Make sure we pass the provider side ctx and not the libcrypto side ctx. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9865) View the changeset: https://github.com/openssl/openssl/compare/252a3665e4c2...6b3d0423528b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/584052861?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Thu Sep 12 10:26:38 2019 From: builds at travis-ci.org (Travis CI) Date: Thu, 12 Sep 2019 10:26:38 +0000 Subject: Still Failing: openssl/openssl#28206 (master - 7eeceea) In-Reply-To: Message-ID: <5d7a1d5e44469_43ff8ad4adf681506cf@3cf41b3d-a7e7-4dd2-9cad-212c8ad06f27.mail> Build Update for openssl/openssl ------------------------------------- Build: #28206 Status: Still Failing Duration: 23 mins and 37 secs Commit: 7eeceea (master) Author: Matt Caswell Message: Avoid passing NULL to memcpy It is undefined behaviour to send NULL as either the src, or dest params in memcpy. In pkey_kdf.c we had a check to ensure that the src address is non-NULL. However in some situations it is possible that the dest address could also be NULL. Specifically in the case where the datalen is 0 and we are using a newly allocated BUF_MEM. We add a check of datalen to avoid the undefined behaviour. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9868) View the changeset: https://github.com/openssl/openssl/compare/6b3d0423528b...7eeceeaab24a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/584055631?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Sep 12 10:50:21 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 12 Sep 2019 10:50:21 +0000 Subject: [openssl] master update Message-ID: <1568285421.290893.28902.nullmailer@dev.openssl.org> The branch master has been updated via 7f4a2dff12f93791e96a284454bdd84a2fa7d29b (commit) via 1935a5861c7e4bc1e0a4434800896a2dbd834ae4 (commit) from 7eeceeaab24aea16027cdc1f9df92366094893b7 (commit) - Log ----------------------------------------------------------------- commit 7f4a2dff12f93791e96a284454bdd84a2fa7d29b Author: Richard Levitte Date: Mon Sep 9 12:13:37 2019 +0200 Clarify the status of bundled external perl modules Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9826) commit 1935a5861c7e4bc1e0a4434800896a2dbd834ae4 Author: Richard Levitte Date: Mon Sep 9 11:51:01 2019 +0200 Rework the perl fallback functionality The module with_fallback.pm was kind of clunky and required a transfer module. This change replaces if with a much more generic pragma type module, which simply appends given directories to @INC (as opposed to the 'lib' pragma, which prepends the directories to @INC). This also supports having a file MODULES.txt with sub-directories to modules. This ensures that we don't have to spray individual module paths throughout our perl code, but can have them collected in one place. (do note that there is a 'fallback' module on CPAN. However, it isn't part of the core perl, and it has no support the any MODULES.txt kind of construct) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9826) ----------------------------------------------------------------------- Summary of changes: Configure | 3 +- external/perl/Downloaded.txt | 3 +- external/perl/MODULES.txt | 1 + external/perl/transfer/Text/Template.pm | 23 ------- test/generate_ssl_tests.pl | 8 ++- util/dofile.pl | 9 ++- util/perl/OpenSSL/fallback.pm | 112 ++++++++++++++++++++++++++++++++ util/perl/with_fallback.pm | 27 -------- 8 files changed, 126 insertions(+), 60 deletions(-) create mode 100644 external/perl/MODULES.txt delete mode 100644 external/perl/transfer/Text/Template.pm create mode 100644 util/perl/OpenSSL/fallback.pm delete mode 100644 util/perl/with_fallback.pm diff --git a/Configure b/Configure index a5b56a0d20..652d13ea16 100755 --- a/Configure +++ b/Configure @@ -17,6 +17,7 @@ use lib "$FindBin::Bin/util/perl"; use File::Basename; use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs splitdir/; use File::Path qw/mkpath/; +use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt"; use OpenSSL::Glob; # see INSTALL for instructions. @@ -1617,7 +1618,7 @@ my %unified_info = (); my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO}); if ($builder eq "unified") { - use with_fallback qw(Text::Template); + use Text::Template 1.46; sub cleandir { my $base = shift; diff --git a/external/perl/Downloaded.txt b/external/perl/Downloaded.txt index af0c20a3e4..93b72b1372 100644 --- a/external/perl/Downloaded.txt +++ b/external/perl/Downloaded.txt @@ -3,8 +3,9 @@ Intro If we find a useful Perl module that isn't one of the core Perl modules, we may choose to bundle it with the OpenSSL source. +They remain unmodified and retain their copyright and license. -Here, we simply list those modules and where we downloaded them from. +Here, we simply list those modules and where we got them from. Downloaded and bundled Perl modules ----------------------------------- diff --git a/external/perl/MODULES.txt b/external/perl/MODULES.txt new file mode 100644 index 0000000000..442b618f0c --- /dev/null +++ b/external/perl/MODULES.txt @@ -0,0 +1 @@ +Text-Template-1.46/lib diff --git a/external/perl/transfer/Text/Template.pm b/external/perl/transfer/Text/Template.pm deleted file mode 100644 index dbe6d737ed..0000000000 --- a/external/perl/transfer/Text/Template.pm +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# Quick transfer to the downloaded Text::Template - -package transfer::Text::Template; -$VERSION = 1.46; - -BEGIN { - use File::Spec::Functions; - use File::Basename; - use lib catdir(dirname(__FILE__), "..", "..", "Text-Template-1.46", "lib"); - # Some unpackers on VMS convert periods in directory names to underscores - use lib catdir(dirname(__FILE__), "..", "..", "Text-Template-1_46", "lib"); - use Text::Template; - shift @INC; # Takes away the effect of use lib - shift @INC; # Takes away the effect of use lib -} -1; diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index 57227eb72d..044dff6ad4 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -22,10 +22,12 @@ BEGIN { OpenSSL::Test::setup("no_test_here"); } -use lib srctop_dir("util", "perl"); # for with_fallback -use lib srctop_dir("test", "ssl-tests"); # for ssltests_base +use FindBin; +use lib "$FindBin::Bin/../util/perl"; +use OpenSSL::fallback "$FindBin::Bin/../external/perl/MODULES.txt"; +use Text::Template 1.46; -use with_fallback qw(Text::Template); +use lib "$FindBin::Bin/ssl-tests"; use vars qw/@ISA/; push (@ISA, qw/Text::Template/); diff --git a/util/dofile.pl b/util/dofile.pl index 10a1ad8cf0..8cf66cd742 100644 --- a/util/dofile.pl +++ b/util/dofile.pl @@ -14,8 +14,9 @@ use strict; use warnings; -use FindBin; use Getopt::Std; +use FindBin; +use lib "$FindBin::Bin/perl"; # We actually expect to get the following hash tables from configdata: # @@ -37,10 +38,8 @@ package OpenSSL::Template; # Because we know that Text::Template isn't a core Perl module, we use # a fallback in case it's not installed on the system -use File::Basename; -use File::Spec::Functions; -use lib "$FindBin::Bin/perl"; -use with_fallback "Text::Template 1.46"; +use OpenSSL::fallback "$FindBin::Bin/../external/perl/MODULES.txt"; +use Text::Template 1.46; #use parent qw/Text::Template/; use vars qw/@ISA/; diff --git a/util/perl/OpenSSL/fallback.pm b/util/perl/OpenSSL/fallback.pm new file mode 100644 index 0000000000..8f45971bd9 --- /dev/null +++ b/util/perl/OpenSSL/fallback.pm @@ -0,0 +1,112 @@ +# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +=head1 NAME + +OpenSSL::fallback - push directories to the end of @INC at compile time + +=cut + +package OpenSSL::fallback; + +use strict; +use warnings; +use Carp; + +our $VERSION = '0.01'; + +=head1 SYNOPSIS + + use OpenSSL::fallback LIST; + +=head1 DESCRIPTION + +This small simple module simplifies the addition of fallback directories +in @INC at compile time. + +It is used to add extra directories at the end of perl's search path so +that later "use" or "require" statements will find modules which are not +located on perl's default search path. + +This is similar to L, except the paths are I to @INC rather +than prepended, thus allowing the use of a newer module on perl's default +search path if there is one. + +=head1 CAVEAT + +Just like with B, this only works with Unix filepaths. +Just like with L, this doesn't mean that it only works on Unix, but that +non-Unix users must first translate their file paths to Unix conventions. + + # VMS users wanting to put [.my.stuff] into their @INC should write: + use fallback 'my/stuff'; + +=head1 NOTES + +If you try to add a file to @INC as follows, you will be warned, and the file +will be ignored: + + use fallback 'file.txt'; + +The sole exception is the file F, which must contain a list of +sub-directories relative to the location of that F file. +All these sub-directories will be appended to @INC. + +=cut + +# Forward declare +sub glob; + +use constant DEBUG => 0; + +sub import { + shift; # Skip module name + + foreach (@_) { + my $path = $_; + + if ($path eq '') { + carp "Empty compile time value given to use fallback"; + next; + } + + print STDERR "DEBUG: $path\n" if DEBUG; + + unless (-e $path + && ($path =~ m/(?:^|\/)MODULES.txt/ || -d $path)) { + croak "Parameter to use fallback must be a directory, not a file"; + next; + } + + my @dirs = (); + if (-f $path) { # It's a MODULES.txt file + (my $dir = $path) =~ s|/[^/]*$||; # quick dirname + open my $fh, $path or die "Could not open $path: $!\n"; + while (my $l = <$fh>) { + $l =~ s|\R$||; # Better chomp + my $d = "$dir/$l"; + croak "All lines in $path must be a directory, not a file: $l" + unless -e $d && -d $d; + push @INC, $d; + } + } else { # It's a directory + push @INC, $path; + } + } +} + +=head1 SEE ALSO + +L - optional module which deals with paths relative to the source +file. + +=head1 AUTHOR + +Richard Levitte, 2019 + +=cut + diff --git a/util/perl/with_fallback.pm b/util/perl/with_fallback.pm deleted file mode 100644 index 481295fac9..0000000000 --- a/util/perl/with_fallback.pm +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -package with_fallback; - -sub import { - shift; - - use File::Basename; - use File::Spec::Functions; - foreach (@_) { - eval "use $_"; - if ($@) { - unshift @INC, catdir(dirname(__FILE__), - "..", "..", "external", "perl"); - my $transfer = "transfer::$_"; - eval "use $transfer"; - shift @INC; - warn $@ if $@; - } - } -} -1; From levitte at openssl.org Thu Sep 12 10:54:49 2019 From: levitte at openssl.org (Richard Levitte) Date: Thu, 12 Sep 2019 10:54:49 +0000 Subject: [openssl] master update Message-ID: <1568285689.331210.30465.nullmailer@dev.openssl.org> The branch master has been updated via 05c9c7b02d3e4e66fc0c0446af1116bd5b19f6dc (commit) from 7f4a2dff12f93791e96a284454bdd84a2fa7d29b (commit) - Log ----------------------------------------------------------------- commit 05c9c7b02d3e4e66fc0c0446af1116bd5b19f6dc Author: Richard Levitte Date: Mon Sep 9 12:49:15 2019 +0200 Update the bundled external perl module Text-Template to version 1.56 Fixes #9287 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/9828) ----------------------------------------------------------------------- Summary of changes: external/perl/Downloaded.txt | 4 +- external/perl/MODULES.txt | 2 +- external/perl/Text-Template-1.46/Artistic | 131 -- external/perl/Text-Template-1.46/COPYING | 340 ---- external/perl/Text-Template-1.46/MANIFEST | 25 - external/perl/Text-Template-1.46/META.json | 39 - external/perl/Text-Template-1.46/META.yml | 21 - external/perl/Text-Template-1.46/Makefile.PL | 7 - external/perl/Text-Template-1.46/README | 339 ---- external/perl/Text-Template-1.46/t/00-version.t | 11 - external/perl/Text-Template-1.46/t/01-basic.t | 266 --- external/perl/Text-Template-1.46/t/02-hash.t | 111 -- external/perl/Text-Template-1.46/t/03-out.t | 56 - external/perl/Text-Template-1.46/t/04-safe.t | 161 -- external/perl/Text-Template-1.46/t/05-safe2.t | 105 -- external/perl/Text-Template-1.46/t/06-ofh.t | 39 - external/perl/Text-Template-1.46/t/07-safe3.t | 91 - external/perl/Text-Template-1.46/t/08-exported.t | 75 - external/perl/Text-Template-1.46/t/09-error.t | 63 - external/perl/Text-Template-1.46/t/10-delimiters.t | 99 -- external/perl/Text-Template-1.46/t/11-prepend.t | 94 - external/perl/Text-Template-1.46/t/12-preprocess.t | 52 - external/perl/Text-Template-1.46/t/13-taint.t | 119 -- external/perl/Text-Template-1.46/t/14-broken.t | 82 - external/perl/Text-Template-1.56/Changes | 301 ++++ .../INSTALL | 0 external/perl/Text-Template-1.56/LICENSE | 379 ++++ external/perl/Text-Template-1.56/MANIFEST | 34 + external/perl/Text-Template-1.56/META.json | 83 + external/perl/Text-Template-1.56/META.yml | 46 + external/perl/Text-Template-1.56/Makefile.PL | 71 + external/perl/Text-Template-1.56/README | 62 + external/perl/Text-Template-1.56/SIGNATURE | 65 + .../lib/Text/Template.pm | 1878 ++++++++++++-------- .../lib/Text/Template/Preprocess.pm | 99 +- .../perl/Text-Template-1.56/t/author-pod-syntax.t | 15 + .../perl/Text-Template-1.56/t/author-signature.t | 21 + external/perl/Text-Template-1.56/t/basic.t | 179 ++ external/perl/Text-Template-1.56/t/broken.t | 66 + external/perl/Text-Template-1.56/t/delimiters.t | 83 + external/perl/Text-Template-1.56/t/error.t | 34 + external/perl/Text-Template-1.56/t/exported.t | 68 + external/perl/Text-Template-1.56/t/hash.t | 91 + .../perl/Text-Template-1.56/t/inline-comment.t | 17 + external/perl/Text-Template-1.56/t/nested-tags.t | 26 + external/perl/Text-Template-1.56/t/ofh.t | 33 + external/perl/Text-Template-1.56/t/out.t | 46 + external/perl/Text-Template-1.56/t/prepend.t | 78 + external/perl/Text-Template-1.56/t/preprocess.t | 43 + external/perl/Text-Template-1.56/t/rt29928.t | 26 + external/perl/Text-Template-1.56/t/safe.t | 135 ++ external/perl/Text-Template-1.56/t/safe2.t | 94 + external/perl/Text-Template-1.56/t/safe3.t | 80 + external/perl/Text-Template-1.56/t/strict.t | 46 + external/perl/Text-Template-1.56/t/taint.t | 112 ++ .../perl/Text-Template-1.56/t/template-encoding.t | 47 + external/perl/Text-Template-1.56/t/warnings.t | 46 + 57 files changed, 3620 insertions(+), 3116 deletions(-) delete mode 100644 external/perl/Text-Template-1.46/Artistic delete mode 100644 external/perl/Text-Template-1.46/COPYING delete mode 100644 external/perl/Text-Template-1.46/MANIFEST delete mode 100644 external/perl/Text-Template-1.46/META.json delete mode 100644 external/perl/Text-Template-1.46/META.yml delete mode 100644 external/perl/Text-Template-1.46/Makefile.PL delete mode 100644 external/perl/Text-Template-1.46/README delete mode 100644 external/perl/Text-Template-1.46/t/00-version.t delete mode 100644 external/perl/Text-Template-1.46/t/01-basic.t delete mode 100644 external/perl/Text-Template-1.46/t/02-hash.t delete mode 100644 external/perl/Text-Template-1.46/t/03-out.t delete mode 100644 external/perl/Text-Template-1.46/t/04-safe.t delete mode 100644 external/perl/Text-Template-1.46/t/05-safe2.t delete mode 100644 external/perl/Text-Template-1.46/t/06-ofh.t delete mode 100644 external/perl/Text-Template-1.46/t/07-safe3.t delete mode 100644 external/perl/Text-Template-1.46/t/08-exported.t delete mode 100644 external/perl/Text-Template-1.46/t/09-error.t delete mode 100644 external/perl/Text-Template-1.46/t/10-delimiters.t delete mode 100644 external/perl/Text-Template-1.46/t/11-prepend.t delete mode 100644 external/perl/Text-Template-1.46/t/12-preprocess.t delete mode 100644 external/perl/Text-Template-1.46/t/13-taint.t delete mode 100644 external/perl/Text-Template-1.46/t/14-broken.t create mode 100644 external/perl/Text-Template-1.56/Changes rename external/perl/{Text-Template-1.46 => Text-Template-1.56}/INSTALL (100%) create mode 100644 external/perl/Text-Template-1.56/LICENSE create mode 100644 external/perl/Text-Template-1.56/MANIFEST create mode 100644 external/perl/Text-Template-1.56/META.json create mode 100644 external/perl/Text-Template-1.56/META.yml create mode 100644 external/perl/Text-Template-1.56/Makefile.PL create mode 100644 external/perl/Text-Template-1.56/README create mode 100644 external/perl/Text-Template-1.56/SIGNATURE rename external/perl/{Text-Template-1.46 => Text-Template-1.56}/lib/Text/Template.pm (60%) rename external/perl/{Text-Template-1.46 => Text-Template-1.56}/lib/Text/Template/Preprocess.pm (64%) create mode 100644 external/perl/Text-Template-1.56/t/author-pod-syntax.t create mode 100644 external/perl/Text-Template-1.56/t/author-signature.t create mode 100755 external/perl/Text-Template-1.56/t/basic.t create mode 100755 external/perl/Text-Template-1.56/t/broken.t create mode 100755 external/perl/Text-Template-1.56/t/delimiters.t create mode 100755 external/perl/Text-Template-1.56/t/error.t create mode 100755 external/perl/Text-Template-1.56/t/exported.t create mode 100755 external/perl/Text-Template-1.56/t/hash.t create mode 100755 external/perl/Text-Template-1.56/t/inline-comment.t create mode 100755 external/perl/Text-Template-1.56/t/nested-tags.t create mode 100755 external/perl/Text-Template-1.56/t/ofh.t create mode 100755 external/perl/Text-Template-1.56/t/out.t create mode 100755 external/perl/Text-Template-1.56/t/prepend.t create mode 100755 external/perl/Text-Template-1.56/t/preprocess.t create mode 100755 external/perl/Text-Template-1.56/t/rt29928.t create mode 100755 external/perl/Text-Template-1.56/t/safe.t create mode 100755 external/perl/Text-Template-1.56/t/safe2.t create mode 100755 external/perl/Text-Template-1.56/t/safe3.t create mode 100755 external/perl/Text-Template-1.56/t/strict.t create mode 100755 external/perl/Text-Template-1.56/t/taint.t create mode 100755 external/perl/Text-Template-1.56/t/template-encoding.t create mode 100755 external/perl/Text-Template-1.56/t/warnings.t diff --git a/external/perl/Downloaded.txt b/external/perl/Downloaded.txt index 93b72b1372..dfb1f052cb 100644 --- a/external/perl/Downloaded.txt +++ b/external/perl/Downloaded.txt @@ -10,5 +10,5 @@ Here, we simply list those modules and where we got them from. Downloaded and bundled Perl modules ----------------------------------- -Text::Template 1.46 was downloaded from -http://search.cpan.org/CPAN/authors/id/M/MJ/MJD/Text-Template-1.46.tar.gz +Text::Template 1.56 was downloaded from +https://cpan.metacpan.org/authors/id/M/MS/MSCHOUT/Text-Template-1.56.tar.gz diff --git a/external/perl/MODULES.txt b/external/perl/MODULES.txt index 442b618f0c..799357f4d1 100644 --- a/external/perl/MODULES.txt +++ b/external/perl/MODULES.txt @@ -1 +1 @@ -Text-Template-1.46/lib +Text-Template-1.56/lib diff --git a/external/perl/Text-Template-1.46/Artistic b/external/perl/Text-Template-1.46/Artistic deleted file mode 100644 index 5f221241e8..0000000000 --- a/external/perl/Text-Template-1.46/Artistic +++ /dev/null @@ -1,131 +0,0 @@ - - - - - The "Artistic License" - - Preamble - -The intent of this document is to state the conditions under which a -Package may be copied, such that the Copyright Holder maintains some -semblance of artistic control over the development of the package, -while giving the users of the package the right to use and distribute -the Package in a more-or-less customary fashion, plus the right to make -reasonable modifications. - -Definitions: - - "Package" refers to the collection of files distributed by the - Copyright Holder, and derivatives of that collection of files - created through textual modification. - - "Standard Version" refers to such a Package if it has not been - modified, or has been modified in accordance with the wishes - of the Copyright Holder as specified below. - - "Copyright Holder" is whoever is named in the copyright or - copyrights for the package. - - "You" is you, if you're thinking about copying or distributing - this Package. - - "Reasonable copying fee" is whatever you can justify on the - basis of media cost, duplication charges, time of people involved, - and so on. (You will not be required to justify it to the - Copyright Holder, but only to the computing community at large - as a market that must bear the fee.) - - "Freely Available" means that no fee is charged for the item - itself, though there may be fees involved in handling the item. - It also means that recipients of the item may redistribute it - under the same conditions they received it. - -1. You may make and give away verbatim copies of the source form of the -Standard Version of this Package without restriction, provided that you -duplicate all of the original copyright notices and associated disclaimers. - -2. You may apply bug fixes, portability fixes and other modifications -derived from the Public Domain or from the Copyright Holder. A Package -modified in such a way shall still be considered the Standard Version. - -3. You may otherwise modify your copy of this Package in any way, provided -that you insert a prominent notice in each changed file stating how and -when you changed that file, and provided that you do at least ONE of the -following: - - a) place your modifications in the Public Domain or otherwise make them - Freely Available, such as by posting said modifications to Usenet or - an equivalent medium, or placing the modifications on a major archive - site such as uunet.uu.net, or by allowing the Copyright Holder to include - your modifications in the Standard Version of the Package. - - b) use the modified Package only within your corporation or organization. - - c) rename any non-standard executables so the names do not conflict - with standard executables, which must also be provided, and provide - a separate manual page for each non-standard executable that clearly - documents how it differs from the Standard Version. - - d) make other distribution arrangements with the Copyright Holder. - -4. You may distribute the programs of this Package in object code or -executable form, provided that you do at least ONE of the following: - - a) distribute a Standard Version of the executables and library files, - together with instructions (in the manual page or equivalent) on where - to get the Standard Version. - - b) accompany the distribution with the machine-readable source of - the Package with your modifications. - - c) give non-standard executables non-standard names, and clearly - document the differences in manual pages (or equivalent), together - with instructions on where to get the Standard Version. - - d) make other distribution arrangements with the Copyright Holder. - -5. You may charge a reasonable copying fee for any distribution of this -Package. You may charge any fee you choose for support of this -Package. You may not charge a fee for this Package itself. However, -you may distribute this Package in aggregate with other (possibly -commercial) programs as part of a larger (possibly commercial) software -distribution provided that you do not advertise this Package as a -product of your own. You may embed this Package's interpreter within -an executable of yours (by linking); this shall be construed as a mere -form of aggregation, provided that the complete Standard Version of the -interpreter is so embedded. - -6. The scripts and library files supplied as input to or produced as -output from the programs of this Package do not automatically fall -under the copyright of this Package, but belong to whoever generated -them, and may be sold commercially, and may be aggregated with this -Package. If such scripts or library files are aggregated with this -Package via the so-called "undump" or "unexec" methods of producing a -binary executable image, then distribution of such an image shall -neither be construed as a distribution of this Package nor shall it -fall under the restrictions of Paragraphs 3 and 4, provided that you do -not represent such an executable image as a Standard Version of this -Package. - -7. C subroutines (or comparably compiled subroutines in other -languages) supplied by you and linked into this Package in order to -emulate subroutines and variables of the language defined by this -Package shall not be considered part of this Package, but are the -equivalent of input as in Paragraph 6, provided these subroutines do -not change the language in any way that would cause it to fail the -regression tests for the language. - -8. Aggregation of this Package with a commercial distribution is always -permitted provided that the use of this Package is embedded; that is, -when no overt attempt is made to make this Package's interfaces visible -to the end user of the commercial distribution. Such use shall not be -construed as a distribution of this Package. - -9. The name of the Copyright Holder may not be used to endorse or promote -products derived from this software without specific prior written permission. - -10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - - The End diff --git a/external/perl/Text-Template-1.46/COPYING b/external/perl/Text-Template-1.46/COPYING deleted file mode 100644 index a3f6b12eec..0000000000 --- a/external/perl/Text-Template-1.46/COPYING +++ /dev/null @@ -1,340 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place - Suite 330, Boston, MA - 02111-1307, USA. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - Appendix: How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) 19yy - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) 19yy name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. diff --git a/external/perl/Text-Template-1.46/MANIFEST b/external/perl/Text-Template-1.46/MANIFEST deleted file mode 100644 index 22460fe8ba..0000000000 --- a/external/perl/Text-Template-1.46/MANIFEST +++ /dev/null @@ -1,25 +0,0 @@ -MANIFEST -COPYING -Artistic -Makefile.PL -INSTALL -README -lib/Text/Template.pm -lib/Text/Template/Preprocess.pm -t/00-version.t -t/01-basic.t -t/02-hash.t -t/03-out.t -t/04-safe.t -t/05-safe2.t -t/06-ofh.t -t/07-safe3.t -t/08-exported.t -t/09-error.t -t/10-delimiters.t -t/11-prepend.t -t/12-preprocess.t -t/13-taint.t -t/14-broken.t -META.yml Module meta-data (added by MakeMaker) -META.json Module JSON meta-data (added by MakeMaker) diff --git a/external/perl/Text-Template-1.46/META.json b/external/perl/Text-Template-1.46/META.json deleted file mode 100644 index 6b335eb948..0000000000 --- a/external/perl/Text-Template-1.46/META.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "abstract" : "unknown", - "author" : [ - "unknown" - ], - "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.120630", - "license" : [ - "unknown" - ], - "meta-spec" : { - "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", - "version" : "2" - }, - "name" : "Text-Template", - "no_index" : { - "directory" : [ - "t", - "inc" - ] - }, - "prereqs" : { - "build" : { - "requires" : { - "ExtUtils::MakeMaker" : "0" - } - }, - "configure" : { - "requires" : { - "ExtUtils::MakeMaker" : "0" - } - }, - "runtime" : { - "requires" : {} - } - }, - "release_status" : "stable", - "version" : "1.46" -} diff --git a/external/perl/Text-Template-1.46/META.yml b/external/perl/Text-Template-1.46/META.yml deleted file mode 100644 index a2e2715941..0000000000 --- a/external/perl/Text-Template-1.46/META.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -abstract: unknown -author: - - unknown -build_requires: - ExtUtils::MakeMaker: 0 -configure_requires: - ExtUtils::MakeMaker: 0 -dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 6.62, CPAN::Meta::Converter version 2.120630' -license: unknown -meta-spec: - url: http://module-build.sourceforge.net/META-spec-v1.4.html - version: 1.4 -name: Text-Template -no_index: - directory: - - t - - inc -requires: {} -version: 1.46 diff --git a/external/perl/Text-Template-1.46/Makefile.PL b/external/perl/Text-Template-1.46/Makefile.PL deleted file mode 100644 index 491e03cb02..0000000000 --- a/external/perl/Text-Template-1.46/Makefile.PL +++ /dev/null @@ -1,7 +0,0 @@ -use ExtUtils::MakeMaker; -WriteMakefile( - NAME => 'Text::Template', - VERSION_FROM => 'lib/Text/Template.pm', -# 'linkext' => {LINKTYPE => ''}, - 'dist' => {COMPRESS => 'gzip', SUFFIX => 'gz'}, -); diff --git a/external/perl/Text-Template-1.46/README b/external/perl/Text-Template-1.46/README deleted file mode 100644 index e184d8cd2f..0000000000 --- a/external/perl/Text-Template-1.46/README +++ /dev/null @@ -1,339 +0,0 @@ - -Text::Template v1.46 - -This is a library for generating form letters, building HTML pages, or -filling in templates generally. A `template' is a piece of text that -has little Perl programs embedded in it here and there. When you -`fill in' a template, you evaluate the little programs and replace -them with their values. - -Here's an example of a template: - - Dear {$title} {$lastname}, - - It has come to our attention that you are delinquent in your - {$monthname[$last_paid_month]} payment. Please remit - ${sprintf("%.2f", $amount)} immediately, or your patellae may - be needlessly endangered. - - Love, - - Mark "{nickname(rand 20)}" Dominus - - -The result of filling in this template is a string, which might look -something like this: - - Dear Mr. Gates, - - It has come to our attention that you are delinquent in your - February payment. Please remit - $392.12 immediately, or your patellae may - be needlessly endangered. - - - Love, - - Mark "Vizopteryx" Dominus - -You can store a template in a file outside your program. People can -modify the template without modifying the program. You can separate -the formatting details from the main code, and put the formatting -parts of the program into the template. That prevents code bloat and -encourages functional separation. - -You can fill in the template in a `Safe' compartment. This means that -if you don't trust the person who wrote the code in the template, you -won't have to worry that they are tampering with your program when you -execute it. - ----------------------------------------------------------------- - -Text::Template was originally released some time in late 1995 or early -1996. After three years of study and investigation, I rewrote it from -scratch in January 1999. The new version, 1.0, was much faster, -delivered better functionality and was almost 100% backward-compatible -with the previous beta versions. - -I have added a number of useful features and conveniences since the -1.0 release, while still retaining backward compatibility. With one -merely cosmetic change, the current version of Text::Template passes -the test suite that the old beta versions passed. - -Questions or comments should be addressed to -mjd-perl-template+ at plover.com. This address goes directly to me, and -not to anyone else; it is not a mailing list address. - -To receive occasional announcements of new versions of T::T, send an -empty note to mjd-perl-template-request at plover.com. This mailing list -is not for discussion; it is for announcements only. Therefore, there -is no address for sending messages to the list. - -You can get the most recent version of Text::Template, news, comments, -and other collateral information from -. - ----------------------------------------------------------------- - -What's new in v1.46 since v1.44: - - Thanks to Rik Signes, there is a new - Text::Template->append_text_to_output method, which - Text::Template always uses whenever it wants to emit output. - You can subclass this to get control over the output, for - example for postprocessing. - - A spurious warning is no longer emitted when the TYPE - parameter to ->new is omitted. - ----------------------------------------------------------------- -What's new in v1.44 since v1.43: - -This is a maintentance release. There are no feature changes. - - _scrubpkg, which was responsible for eptying out temporary - packages after the module had done with them, wasn't always - working; the result was memory-leaks in long-running - applications. This should be fixed now, and there is a test - in the test suite for it. - - Minor changes to the test suite to prevent spurious errors. - - Minor documentation changes. - ----------------------------------------------------------------- -What's new in v1.43 since v1.42: - - The ->new method now fails immediately and sets - $Text::Template::ERROR if the file that is named by a filename - argument does not exist or cannot be opened for some other - reason. Formerly, the constructor would succeed and the - ->fill_in call would fail. - ----------------------------------------------------------------- - -What's new in v1.42 since v1.41: - -This is a maintentance release. There are no feature changes. - - Fixed a bug relating to use of UNTAINT under perl 5.005_03 and - possibly other versions. - - Taint-related tests are now more comprehensive. ----------------------------------------------------------------- - -What's new in v1.41 since v1.40: - -This is a maintentance release. There are no feature changes. - - Tests now work correctly on Windows systems and possibly on - other non-unix systems. - ----------------------------------------------------------------- - -What's new in v1.40 since v1.31: - - New UNTAINT option tells the module that it is safe to 'eval' - code even though it has come from a file or filehandle. - - Code added to prevent memory leaks when filling many - templates. Thanks to Itamar Almeida de Carvalho. - - Bug fix: $OUT was not correctly initialized when used in - conjunction with SAFE. - - You may now use a glob ref when passing a filehandle to the - ->new funcion. Formerly, a glob was reuqired. - - New subclass: Text::Template::Preprocess. Just like - Text::Template, but you may supply a PREPROCESS option in the - constructor or the fill_in call; this is a function which - receives each code fragment prior to evaluation, and which may - modify and return the fragment; the modified fragment is what - is evaluated. - - Error messages passed to BROKEN subroutines will now report - the correct line number of the template at which the error - occurred: - - Illegal division by zero at template line 37. - - If the template comes from a file, the filename will be - reported as well: - - Illegal division by zero at catalog.tmpl line 37. - - - INCOMPATIBLE CHANGE: - - The format of the default error message has changed. It used - to look like: - - Program fragment at line 30 delivered error ``Illegal division by zero'' - - It now looks like: - - Program fragment delivered error ``Illegal division by zero at catalog.tmpl line 37'' - - Note that the default message used to report the line number - at which the program fragment began; it now reports the line - number at which the error actually occurred. - ----------------------------------------------------------------- -What's new in v1.31 since v1.23: - - Just bug fixes---fill_in_string was failing. Thanks to - Donald L. Greer Jr. for the test case. - ----------------------------------------------------------------- -What's new in v1.23 since v1.22: - - Small bug fix: DELIMITER and other arguments were being - ignored in calls to fill_in_file and fill_this_in. (Thanks to - Jonathan Roy for reporting this.) - ----------------------------------------------------------------- -What's new in v1.22 since v1.20: - - You can now specify that certain Perl statements be prepended - to the beginning of every program fragment in a template, - either per template, or for all templates, or for the duration - of only one call to fill_in. This is useful, for example, if - you want to enable `strict' checks in your templates but you - don't want to manually add `use strict' to the front of every - program fragment everywhere. - ----------------------------------------------------------------- -What's new in v1.20 since v1.12: - - You can now specify that the program fragment delimiters are - strings other than { and }. This has three interesting - effects: First, it changes the delimiter strings. Second, it - disables the special meaning of \, so you have to be really, - really sure that the delimiters will not appear in your - templates. And third, because of the simplifications - introduced by the elimination of \ processing, template - parsing is 20-25% faster. - - See the manual section on `Alternative Delimiters'. - - Fixed bug having to do with undefined values in HASH options. - In particular, Text::Template no longer generates a warning if - you try to give a variable an undefined value. - ----------------------------------------------------------------- - -What's new in v1.12 since v1.11: - - I forgot to say that Text::Template ISA Exporter, so the - exported functions never got exported. Duhhh! - - Template TYPEs are now case-insensitive. The `new' method now - diagnoses attempts to use an invalid TYPE. - - More tests for these things. - ----------------------------------------------------------------- - -What's new in v1.11 since v1.10: - - Fixed a bug in the way backslashes were processed. The 1.10 - behavior was incompatible with the beta versions and was also - inconvenient. (`\n' in templates was replaced with `n' before - it was given to Perl for evaluation.) The new behavior is - also incompatible with the beta versions, but it is only a - little bit incompatible, and it is probbaly better. - - Documentation for the new behavior, and tests for the bug. - ----------------------------------------------------------------- - -What's new in v1.10 since v1.03: - - New OUTPUT option delivers template results directly to a - filehandle instead of making them into a string. Saves space - and time. - - PACKAGE and HASH now work intelligently with SAFE. - - Fragments may now output data directly to the template, rather - than having to arrange to return it as a return value at the - end. This means that where you used to have to write this: - - { my $blist = ''; - foreach $i (@items) { - $blist .= qq{ * $i\n}; - } - $blist; - } - - You can now write this instead, because $OUT is special. - - { foreach $i (@items) { - $OUT.= " * $i\n"; - } - } - - (`A spoonful of sugar makes the medicine go down.') - - Fixed some small bugs. Worked around a bug in Perl that does - the wrong thing with $x = when $x contains a glob. - - More documentation. Errors fixed. - - Lots more tests. - ----------------------------------------------------------------- - -What's new in v1.03 since v1.0: - - Code added to support HASH option to fill_in. - (Incl. `_gensym' function.) - - Documentation for HASH. - - New test file for HASH. - - Note about failure of lexical variables to propagate into - templates. Why does this surprise people? - - Bug fix: program fragments are evaluated in an environment with - `no strict' by default. Otherwise, you get a lot of `Global - symbol "$v" requires explicit package name' failures. Why didn't - the test program pick this up? Because the only variable the test - program ever used was `$a', which is exempt. Duhhhhh. - - Fixed the test program. - - Various minor documentation fixes. - - - ----------------------------------------------------------------- - -Improvements of 1.0 over the old 0.1beta: - -New features: - - At least twice as fast - - Better support for filling out the same template more than once - - Now supports evaluation of program fragments in Safe - compartments. (Thanks, Jonathan!) - - Better argument syntax - - More convenience functions - - The parser is much better and simpler. - - Once a template is parsed, the parsed version is stored so that - it needn't be parsed again. - - BROKEN function behavior is rationalized. You can now pass an - arbitrary argument to your BROKEN function, or return a value - from it to the main program. - - Documentation overhauled. - diff --git a/external/perl/Text-Template-1.46/t/00-version.t b/external/perl/Text-Template-1.46/t/00-version.t deleted file mode 100644 index 5f9560f898..0000000000 --- a/external/perl/Text-Template-1.46/t/00-version.t +++ /dev/null @@ -1,11 +0,0 @@ -#!perl - -use Text::Template; -print "1..1\n"; - -if ($Text::Template::VERSION == 1.46) { - print "ok 1\n"; -} else { - print "not ok 1\n"; -} - diff --git a/external/perl/Text-Template-1.46/t/01-basic.t b/external/perl/Text-Template-1.46/t/01-basic.t deleted file mode 100644 index be43390c67..0000000000 --- a/external/perl/Text-Template-1.46/t/01-basic.t +++ /dev/null @@ -1,266 +0,0 @@ -#!perl -# -# Tests of basic, essential functionality -# - -use Text::Template; -$X::v = $Y::v = 0; # Suppress `var used only once' - -print "1..31\n"; - -$n=1; - -$template_1 = < {\$v} -We will evaluate 1+1 here -> {1 + 1} -EOM - -# (1) Construct temporary template file for testing -# file operations -$TEMPFILE = "tt$$"; -open(TMP, "> $TEMPFILE") or print "not ok $n\n" && &abort("Couldn\'t write tempfile $TEMPFILE: $!"); -print TMP $template_1; -close TMP; -print "ok $n\n"; $n++; - -# (2) Build template from file -$template = new Text::Template ('type' => 'FILE', 'source' => $TEMPFILE); -if (defined($template)) { - print "ok $n\n"; -} else { - print "not ok $n $Text::Template::ERROR\n"; -} -$n++; - -# (3) Fill in template from file -$X::v = "abc"; -$resultX = < abc -We will evaluate 1+1 here -> 2 -EOM -$Y::v = "ABC"; -$resultY = < ABC -We will evaluate 1+1 here -> 2 -EOM - -$text = $template->fill_in('package' => X); -if ($text eq $resultX) { - print "ok $n\n"; -} else { - print "not ok $n\n"; -} -$n++; - -# (4) Fill in same template again -$text = $template->fill_in('package' => Y); -if ($text eq $resultY) { - print "ok $n\n"; -} else { - print "not ok $n\n"; -} -$n++; - - - -# (5) Simple test of `fill_this_in' -$text = Text::Template->fill_this_in( $template_1, 'package' => X); -if ($text eq $resultX) { - print "ok $n\n"; -} else { - print "not ok $n\n"; -} -$n++; - -# (6) test creation of template from filehandle -if (open (TMPL, "< $TEMPFILE")) { - $template = new Text::Template ('type' => 'FILEHANDLE', - 'source' => *TMPL); - if (defined($template)) { - print "ok $n\n"; - } else { - print "not ok $n $Text::Template::ERROR\n"; - } - $n++; - -# (7) test filling in of template from filehandle - $text = $template->fill_in('package' => X); - if ($text eq $resultX) { - print "ok $n\n"; - } else { - print "not ok $n\n"; - } - $n++; - -# (8) test second fill_in on same template object - $text = $template->fill_in('package' => Y); - if ($text eq $resultY) { - print "ok $n\n"; - } else { - print "not ok $n\n"; - } - $n++; - close TMPL; -} else { - print "not ok $n\n"; $n++; - print "not ok $n\n"; $n++; - print "not ok $n\n"; $n++; -} - - -# (9) test creation of template from array -$template = new Text::Template - ('type' => 'ARRAY', - 'source' => [ - 'We will put value of $v (which is "abc") here -> {$v}', - "\n", - 'We will evaluate 1+1 here -> {1+1}', - "\n", - ]); -if (defined($template)) { - print "ok $n\n"; -} else { - print "not ok $n $Text::Template::ERROR\n"; -} -$n++; - -# (10) test filling in of template from array -$text = $template->fill_in('package' => X); -if ($text eq $resultX) { - print "ok $n\n"; -} else { - print "not ok $n\n"; -} -$n++; - -# (11) test second fill_in on same array template object -$text = $template->fill_in('package' => Y); -if ($text eq $resultY) { - print "ok $n\n"; -} else { - print "not ok $n\n"; - print STDERR "$resultX\n---\n$text"; - unless (!defined($text)) { print STDERR "ERROR: $Text::Template::ERROR\n"}; -} -$n++; - - - -# (12) Make sure \ is working properly -# Test added for version 1.11 -my $tmpl = Text::Template->new(TYPE => 'STRING', - SOURCE => 'B{"\\}"}C{"\\{"}D', - ); -# This should fail if the \ are not interpreted properly. -my $text = $tmpl->fill_in(); -print +($text eq "B}C{D" ? '' : 'not '), "ok $n\n"; -$n++; - -# (13) Make sure \ is working properly -# Test added for version 1.11 -$tmpl = Text::Template->new(TYPE => 'STRING', - SOURCE => qq{A{"\t"}B}, - ); -# Symptom of old problem: ALL \ were special in templates, so -# The lexer would return (A, PROGTEXT("t"), B), and the -# result text would be AtB instead of A(tab)B. -$text = $tmpl->fill_in(); - -print +($text eq "A\tB" ? '' : 'not '), "ok $n\n"; -$n++; - -# (14-27) Make sure \ is working properly -# Test added for version 1.11 -# This is a sort of general test. -my @tests = ('{""}' => '', # (14) - '{"}"}' => undef, # (15) - '{"\\}"}' => '}', # One backslash - '{"\\\\}"}' => undef, # Two backslashes - '{"\\\\\\}"}' => '}', # Three backslashes - '{"\\\\\\\\}"}' => undef, # Four backslashes - '{"\\\\\\\\\\}"}' => '\}', # Five backslashes (20) - '{"x20"}' => 'x20', - '{"\\x20"}' => ' ', # One backslash - '{"\\\\x20"}' => '\\x20', # Two backslashes - '{"\\\\\\x20"}' => '\\ ', # Three backslashes - '{"\\\\\\\\x20"}' => '\\\\x20', # Four backslashes (25) - '{"\\\\\\\\\\x20"}' => '\\\\ ', # Five backslashes - '{"\\x20\\}"}' => ' }', # (27) - ); - -my $i; -for ($i=0; $i<@tests; $i+=2) { - my $tmpl = Text::Template->new(TYPE => 'STRING', - SOURCE => $tests[$i], - ); - my $text = $tmpl->fill_in; - my $result = $tests[$i+1]; - my $ok = (! defined $text && ! defined $result - || $text eq $result); - unless ($ok) { - print STDERR "($n) expected .$result., got .$text.\n"; - } - print +($ok ? '' : 'not '), "ok $n\n"; - $n++; -} - - -# (28-30) I discovered that you can't pass a glob ref as your filehandle. -# MJD 20010827 -# (28) test creation of template from filehandle -if (open (TMPL, "< $TEMPFILE")) { - $template = new Text::Template ('type' => 'FILEHANDLE', - 'source' => \*TMPL); - if (defined($template)) { - print "ok $n\n"; - } else { - print "not ok $n $Text::Template::ERROR\n"; - } - $n++; - -# (29) test filling in of template from filehandle - $text = $template->fill_in('package' => X); - if ($text eq $resultX) { - print "ok $n\n"; - } else { - print "not ok $n\n"; - } - $n++; - -# (30) test second fill_in on same template object - $text = $template->fill_in('package' => Y); - if ($text eq $resultY) { - print "ok $n\n"; - } else { - print "not ok $n\n"; - } - $n++; - close TMPL; -} else { - print "not ok $n\n"; $n++; - print "not ok $n\n"; $n++; - print "not ok $n\n"; $n++; -} - -# (31) Test _scrubpkg for leakiness -$Text::Template::GEN0::test = 1; -Text::Template::_scrubpkg('Text::Template::GEN0'); -if ($Text::Template::GEN0::test) { - print "not ok $n\n"; -} else { - print "ok $n\n"; -} -$n++; - - -END {unlink $TEMPFILE;} - -exit; - - - - -sub abort { - unlink $TEMPFILE; - die $_[0]; -} diff --git a/external/perl/Text-Template-1.46/t/02-hash.t b/external/perl/Text-Template-1.46/t/02-hash.t deleted file mode 100644 index 29ba51a40e..0000000000 --- a/external/perl/Text-Template-1.46/t/02-hash.t +++ /dev/null @@ -1,111 +0,0 @@ -#!perl -# -# test apparatus for Text::Template module -# still incomplete. - -use Text::Template; - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - - -print "1..12\n"; - -$n=1; - -$template = 'We will put value of $v (which is "good") here -> {$v}'; - -$v = 'oops (main)'; -$Q::v = 'oops (Q)'; - -$vars = { 'v' => \'good' }; - -# (1) Build template from string -$template = new Text::Template ('type' => 'STRING', 'source' => $template); -print +($template ? '' : 'not '), "ok $n\n"; -$n++; - -# (2) Fill in template in anonymous package -$result2 = 'We will put value of $v (which is "good") here -> good'; -$text = $template->fill_in(HASH => $vars); -print +($text eq $result2 ? '' : 'not '), "ok $n\n"; -$n++; - -# (3) Did we clobber the main variable? -print +($v eq 'oops (main)' ? '' : 'not '), "ok $n\n"; -$n++; - -# (4) Fill in same template again -$result4 = 'We will put value of $v (which is "good") here -> good'; -$text = $template->fill_in(HASH => $vars); -print +($text eq $result4 ? '' : 'not '), "ok $n\n"; -$n++; - -# (5) Now with a package -$result5 = 'We will put value of $v (which is "good") here -> good'; -$text = $template->fill_in(HASH => $vars, PACKAGE => 'Q'); -print +($text eq $result5 ? '' : 'not '), "ok $n\n"; -$n++; - -# (6) We expect to have clobbered the Q variable. -print +($Q::v eq 'good' ? '' : 'not '), "ok $n\n"; -$n++; - -# (7) Now let's try it without a package -$result7 = 'We will put value of $v (which is "good") here -> good'; -$text = $template->fill_in(HASH => $vars); -print +($text eq $result7 ? '' : 'not '), "ok $n\n"; -$n++; - -# (8-11) Now what does it do when we pass a hash with undefined values? -# Roy says it does something bad. (Added for 1.20.) -my $WARNINGS = 0; -{ - local $SIG{__WARN__} = sub {$WARNINGS++}; - local $^W = 1; # Make sure this is on for this test - $template8 = 'We will put value of $v (which is "good") here -> {defined $v ? "bad" : "good"}'; - $result8 = 'We will put value of $v (which is "good") here -> good'; - my $template = - new Text::Template ('type' => 'STRING', 'source' => $template8); - my $text = $template->fill_in(HASH => {'v' => undef}); - # (8) Did we generate a warning? - print +($WARNINGS == 0 ? '' : 'not '), "ok $n\n"; - $n++; - - # (9) Was the output correct? - print +($text eq $result8 ? '' : 'not '), "ok $n\n"; - $n++; - - # (10-11) Let's try that again, with a twist this time - $WARNINGS = 0; - $text = $template->fill_in(HASH => [{'v' => 17}, {'v' => undef}]); - # (10) Did we generate a warning? - print +($WARNINGS == 0 ? '' : 'not '), "ok $n\n"; - $n++; - - # (11) Was the output correct? - if ($] < 5.005) { - print "ok $n # skipped -- not supported before 5.005\n"; - } else { - print +($text eq $result8 ? '' : 'not '), "ok $n\n"; - } - $n++; -} - - -# (12) Now we'll test the multiple-hash option (Added for 1.20.) -$text = Text::Template::fill_in_string(q{$v: {$v}. @v: [{"@v"}].}, - HASH => [{'v' => 17}, - {'v' => ['a', 'b', 'c']}, - {'v' => \23}, - ]); -$result = q{$v: 23. @v: [a b c].}; -print +($text eq $result ? '' : 'not '), "ok $n\n"; -$n++; - - -exit; - diff --git a/external/perl/Text-Template-1.46/t/03-out.t b/external/perl/Text-Template-1.46/t/03-out.t deleted file mode 100644 index 0ba65a54dc..0000000000 --- a/external/perl/Text-Template-1.46/t/03-out.t +++ /dev/null @@ -1,56 +0,0 @@ -#!perl -# -# test apparatus for Text::Template module -# still incomplete. -# - -use Text::Template; - -die "This is the test program for Text::Template version 1.46 -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..1\n"; - -$n=1; - -$template = q{ -This line should have a 3: {1+2} - -This line should have several numbers: -{ $t = ''; foreach $n (1 .. 20) { $t .= $n . ' ' } $t } -}; - -$templateOUT = q{ -This line should have a 3: { $OUT = 1+2 } - -This line should have several numbers: -{ foreach $n (1 .. 20) { $OUT .= $n . ' ' } } -}; - -# Build templates from string -$template = new Text::Template ('type' => 'STRING', 'source' => $template) - or die; -$templateOUT = new Text::Template ('type' => 'STRING', 'source' => $templateOUT) - or die; - -# Fill in templates -$text = $template->fill_in() - or die; -$textOUT = $templateOUT->fill_in() - or die; - -# (1) They should be the same -print +($text eq $textOUT ? '' : 'not '), "ok $n\n"; -$n++; - -# Missing: Test this feature in Safe compartments; -# it's a totally different code path. -# Decision: Put that into safe.t, because that file should -# be skipped when Safe.pm is unavailable. - - -exit; - diff --git a/external/perl/Text-Template-1.46/t/04-safe.t b/external/perl/Text-Template-1.46/t/04-safe.t deleted file mode 100644 index 4c07121b44..0000000000 --- a/external/perl/Text-Template-1.46/t/04-safe.t +++ /dev/null @@ -1,161 +0,0 @@ -#!perl -# -# test apparatus for Text::Template module -# still incomplete. - -use Text::Template; - -BEGIN { - eval "use Safe"; - if ($@) { - print "1..0\n"; - exit 0; - } -} - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..16\n"; - -if ($^O eq 'MacOS') { - $BADOP = qq{}; - $FAILURE = q{}; -} else { - $BADOP = qq{kill 0}; - $FAILURE = q{Program fragment at line 1 delivered error ``kill trapped by operation mask''}; -} - -$n=1; -$v = $v = 119; - -$c = new Safe or die; - -$goodtemplate = q{This should succeed: { $v }}; -$goodoutput = q{This should succeed: 119}; - -$template1 = new Text::Template ('type' => 'STRING', 'source' => $goodtemplate) - or die; -$template2 = new Text::Template ('type' => 'STRING', 'source' => $goodtemplate) - or die; - -$text1 = $template1->fill_in(); -$text2 = $template1->fill_in(SAFE => $c); -$ERR2 = $@; -$text3 = $template2->fill_in(SAFE => $c); -$ERR3 = $@; - -# (1)(2)(3) None of these should have failed. -print +(defined $text1 ? '' : 'not '), "ok $n\n"; -$n++; -print +(defined $text2 ? '' : 'not '), "ok $n\n"; -$n++; -print +(defined $text3 ? '' : 'not '), "ok $n\n"; -$n++; - -# (4) Safe and non-safe fills of different template objects with the -# same template text should yield the same result. -# print +($text1 eq $text3 ? '' : 'not '), "ok $n\n"; -# (4) voided this test: it's not true, because the unsafe fill -# uses package main, while the safe fill uses the secret safe package. -# We could alias the secret safe package to be identical to main, -# but that wouldn't be safe. If you want the aliasing, you have to -# request it explicitly with `PACKAGE'. -print "ok $n\n"; -$n++; - -# (5) Safe and non-safe fills of the same template object -# should yield the same result. -# (5) voided this test for the same reason as #4. -# print +($text1 eq $text2 ? '' : 'not '), "ok $n\n"; -print "ok $n\n"; -$n++; - -# (6) Make sure the output was actually correct -print +($text1 eq $goodoutput ? '' : 'not '), "ok $n\n"; -$n++; - - -$badtemplate = qq{This should fail: { $BADOP; 'NOFAIL' }}; -$badnosafeoutput = q{This should fail: NOFAIL}; -$badsafeoutput = q{This should fail: Program fragment delivered error ``kill trapped by operation mask at template line 1.''}; - -$template1 = new Text::Template ('type' => 'STRING', 'source' => $badtemplate) - or die; -$template2 = new Text::Template ('type' => 'STRING', 'source' => $badtemplate) - or die; - -$text1 = $template1->fill_in(); -$text2 = $template1->fill_in(SAFE => $c); -$ERR2 = $@; -$text3 = $template2->fill_in(SAFE => $c); -$ERR3 = $@; -$text4 = $template1->fill_in(); - -# (7)(8)(9)(10) None of these should have failed. -print +(defined $text1 ? '' : 'not '), "ok $n\n"; -$n++; -print +(defined $text2 ? '' : 'not '), "ok $n\n"; -$n++; -print +(defined $text3 ? '' : 'not '), "ok $n\n"; -$n++; -print +(defined $text4 ? '' : 'not '), "ok $n\n"; -$n++; - -# (11) text1 and text4 should be the same (using safe in between -# didn't change anything.) -print +($text1 eq $text4 ? '' : 'not '), "ok $n\n"; -$n++; - -# (12) text2 and text3 should be the same (same template text in different -# objects -print +($text2 eq $text3 ? '' : 'not '), "ok $n\n"; -$n++; - -# (13) text1 should yield badnosafeoutput -print +($text1 eq $badnosafeoutput ? '' : 'not '), "ok $n\n"; -$n++; - -# (14) text2 should yield badsafeoutput -$text2 =~ s/'kill'/kill/; # 5.8.1 added quote marks around the op name -print "# expected: <$badsafeoutput>\n# got : <$text2>\n"; -print +($text2 eq $badsafeoutput ? '' : 'not '), "ok $n\n"; -$n++; - - -$template = q{{$x=1}{$x+1}}; - -$template1 = new Text::Template ('type' => 'STRING', 'source' => $template) - or die; -$template2 = new Text::Template ('type' => 'STRING', 'source' => $template) - or die; - -$text1 = $template1->fill_in(); -$text2 = $template1->fill_in(SAFE => new Safe); - -# (15) Do effects persist in safe compartments? -print +($text1 eq $text2 ? '' : 'not '), "ok $n\n"; -$n++; - -# (16) Try the BROKEN routine in safe compartments -sub my_broken { - my %a = @_; $a{error} =~ s/ at.*//s; - "OK! text:$a{text} error:$a{error} lineno:$a{lineno} arg:$a{arg}" ; -} -$templateB = new Text::Template (TYPE => 'STRING', SOURCE => '{die}') - or die; -$text1 = $templateB->fill_in(BROKEN => \&my_broken, - BROKEN_ARG => 'barg', - SAFE => new Safe, - ); -$result1 = qq{OK! text:die error:Died lineno:1 arg:barg}; -print +($text1 eq $result1 ? '' : 'not '), "ok $n\n"; -$n++; - - - -exit; - diff --git a/external/perl/Text-Template-1.46/t/05-safe2.t b/external/perl/Text-Template-1.46/t/05-safe2.t deleted file mode 100644 index 03534770f1..0000000000 --- a/external/perl/Text-Template-1.46/t/05-safe2.t +++ /dev/null @@ -1,105 +0,0 @@ -#!perl -# -# test apparatus for Text::Template module -# still incomplete. - -use Text::Template; - -BEGIN { - eval "use Safe"; - if ($@) { - print "1..0\n"; - exit 0; - } -} - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..12\n"; -$n = 1; - -$c = new Safe or die; - -# Test handling of packages and importing. -$c->reval('$P = "safe root"'); -$P = $P = 'main'; -$Q::P = $Q::P = 'Q'; - -# How to effectively test the gensymming? - -$t = new Text::Template TYPE => 'STRING', SOURCE => 'package is {$P}' - or die; - -# (1) Default behavior: Inherit from calling package, `main' in this case. -$text = $t->fill_in(); -print +($text eq 'package is main' ? '' : 'not '), "ok $n\n"; -$n++; - -# (2) When a package is specified, we should use that package instead. -$text = $t->fill_in(PACKAGE => 'Q'); -print +($text eq 'package is Q' ? '' : 'not '), "ok $n\n"; -$n++; - -# (3) When no package is specified in safe mode, we should use the -# default safe root. -$text = $t->fill_in(SAFE => $c); -print +($text eq 'package is safe root' ? '' : 'not '), "ok $n\n"; -$n++; - -# (4) When a package is specified in safe mode, we should use the -# default safe root, after aliasing to the specified package -$text = $t->fill_in(SAFE => $c, PACKAGE => Q); -print +($text eq 'package is Q' ? '' : 'not '), "ok $n\n"; -$n++; - -# Now let's see if hash vars are installed properly into safe templates -$t = new Text::Template TYPE => 'STRING', SOURCE => 'hash is {$H}' - or die; - -# (5) First in default mode -$text = $t->fill_in(HASH => {H => 'good5'} ); -print +($text eq 'hash is good5' ? '' : 'not '), "ok $n\n"; -$n++; - -# (6) Now in packages -$text = $t->fill_in(HASH => {H => 'good6'}, PACKAGE => 'Q' ); -print +($text eq 'hash is good6' ? '' : 'not '), "ok $n\n"; -$n++; - -# (7) Now in the default root of the safe compartment -$text = $t->fill_in(HASH => {H => 'good7'}, SAFE => $c ); -print +($text eq 'hash is good7' ? '' : 'not '), "ok $n\n"; -$n++; - -# (8) Now in the default root after aliasing to a package that -# got the hash stuffed in -$text = $t->fill_in(HASH => {H => 'good8'}, SAFE => $c, PACKAGE => 'Q2' ); -print +($text eq 'hash is good8' ? '' : 'not '), "ok $n\n"; -$n++; - -# Now let's make sure that none of the packages leaked on each other. -# (9) This var should NOT have been installed into the main package -print +(defined $H ? 'not ' : ''), "ok $n\n"; -$H=$H; -$n++; - -# (10) good6 was overwritten in test 7, so there's nothing to test for here. -print "ok $n\n"; -$n++; - -# (11) this value overwrote the one from test 6. -print +($Q::H eq 'good7' ? '' : 'not '), "ok $n\n"; -$Q::H = $Q::H; -$n++; - -# (12) -print +($Q2::H eq 'good8' ? '' : 'not '), "ok $n\n"; -$Q2::H = $Q2::H; -$n++; - - - diff --git a/external/perl/Text-Template-1.46/t/06-ofh.t b/external/perl/Text-Template-1.46/t/06-ofh.t deleted file mode 100644 index 6865ad1945..0000000000 --- a/external/perl/Text-Template-1.46/t/06-ofh.t +++ /dev/null @@ -1,39 +0,0 @@ -#!perl -# -# test apparatus for Text::Template module -# still incomplete. - -use Text::Template; - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..2\n"; - -$n=1; - -$template = new Text::Template TYPE => STRING, SOURCE => q{My process ID is {$$}}; -$of = "t$$"; -END { unlink $of } -open O, "> $of" or die; - -$text = $template->fill_in(OUTPUT => \*O); - -# (1) No $text should have been constructed. Return value should be true. -print +($text eq '1' ? '' : 'not '), "ok $n\n"; -$n++; - -close O or die; -open I, "< $of" or die; -{ local $/; $t = } -close I; - -# (2) The text should have been printed to the file -print +($t eq "My process ID is $$" ? '' : 'not '), "ok $n\n"; -$n++; - -exit; - diff --git a/external/perl/Text-Template-1.46/t/07-safe3.t b/external/perl/Text-Template-1.46/t/07-safe3.t deleted file mode 100644 index 5f438f6148..0000000000 --- a/external/perl/Text-Template-1.46/t/07-safe3.t +++ /dev/null @@ -1,91 +0,0 @@ -#!perl -# -# test apparatus for Text::Template module - -use Text::Template; - -BEGIN { - eval "use Safe"; - if ($@) { - print "1..0\n"; - exit 0; - } -} - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..3\n"; - -$n=1; - -# Test the OUT feature with safe compartments - -$template = q{ -This line should have a 3: {1+2} - -This line should have several numbers: -{ $t = ''; foreach $n (1 .. 20) { $t .= $n . ' ' } $t } -}; - -$templateOUT = q{ -This line should have a 3: { $OUT = 1+2 } - -This line should have several numbers: -{ foreach $n (1 .. 20) { $OUT .= $n . ' ' } } -}; - -$c = new Safe; - -# Build templates from string -$template = new Text::Template ('type' => 'STRING', 'source' => $template, - SAFE => $c) - or die; -$templateOUT = new Text::Template ('type' => 'STRING', 'source' => $templateOUT, - SAFE => $c) - or die; - -# Fill in templates -$text = $template->fill_in() - or die; -$textOUT = $templateOUT->fill_in() - or die; - -# (1) They should be the same -print +($text eq $textOUT ? '' : 'not '), "ok $n\n"; -$n++; - -# (2-3) "Joel Appelbaum" <000701c0ac2c$aed1d6e0$0201a8c0 at prime> -# "Contrary to the documentation the $OUT variable is not always -# undefined at the start of each program fragment. The $OUT variable -# is never undefined after it is used once if you are using the SAFE -# option. The result is that every fragment after the fragment that -# $OUT was used in is replaced by the old $OUT value instead of the -# result of the fragment. This holds true even after the -# Text::Template object goes out of scope and a new one is created!" -# -# Also reported by Daini Xie. - -{ - my $template = q{{$OUT = 'x'}y{$OUT .= 'z'}}; - my $expected = "xyz"; - my $s = Safe->new; - my $o = Text::Template->new(type => 'string', - source => $template, - ); - for (1..2) { - my $r = $o->fill_in(SAFE => $s); - if ($r ne $expected) { - print "not ok $n # <$r>\n"; - } else { - print "ok $n\n"; - } - $n++; - } -} - -exit; - diff --git a/external/perl/Text-Template-1.46/t/08-exported.t b/external/perl/Text-Template-1.46/t/08-exported.t deleted file mode 100644 index ef9cfafdee..0000000000 --- a/external/perl/Text-Template-1.46/t/08-exported.t +++ /dev/null @@ -1,75 +0,0 @@ -#!perl -# -# test apparatus for Text::Template module -# still incomplete. - -use Text::Template 'fill_in_file', 'fill_in_string'; - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..6\n"; - -$n=1; -$Q::n = $Q::n = 119; - -# (1) Test fill_in_string -$out = fill_in_string('The value of $n is {$n}.', PACKAGE => 'Q' ); -print +($out eq 'The value of $n is 119.' ? '' : 'not '), "ok $n\n"; -$n++; - -# (2) Test fill_in_file -$TEMPFILE = "tt$$"; -open F, "> $TEMPFILE" or die "Couldn't open test file: $!; aborting"; -print F 'The value of $n is {$n}.', "\n"; -close F or die "Couldn't write test file: $!; aborting"; -$R::n = $R::n = 8128; - -$out = fill_in_file($TEMPFILE, PACKAGE => 'R'); -print +($out eq "The value of \$n is 8128.\n" ? '' : 'not '), "ok $n\n"; -$n++; - -# (3) Jonathan Roy reported this bug: -open F, "> $TEMPFILE" or die "Couldn't open test file: $!; aborting"; -print F "With a message here? [% \$var %]\n"; -close F or die "Couldn't close test file: $!; aborting"; -$out = fill_in_file($TEMPFILE, DELIMITERS => ['[%', '%]'], - HASH => { "var" => \"It is good!" }); -print +($out eq "With a message here? It is good!\n" ? '' : 'not '), "ok $n\n"; -$n++; - -# (4) It probably occurs in fill_this_in also: -$out = - Text::Template->fill_this_in("With a message here? [% \$var %]\n", - DELIMITERS => ['[%', '%]'], - HASH => { "var" => \"It is good!" }); -print +($out eq "With a message here? It is good!\n" ? '' : 'not '), "ok $n\n"; -$n++; - -# (5) This test failed in 1.25. It was supplied by Donald L. Greer Jr. -# Note that it's different from (1) in that there's no explicit -# package=> argument. -use vars qw($string $foo $r); -$string='Hello {$foo}'; -$foo="Don"; -$r = fill_in_string($string); -print (($r eq 'Hello Don' ? '' : 'not '), 'ok ', $n++, "\n"); - -# (6) This test failed in 1.25. It's a variation on (5) -package Q2; -use Text::Template 'fill_in_string'; -use vars qw($string $foo $r); -$string='Hello {$foo}'; -$foo="Don"; -$r = fill_in_string($string); -print (($r eq 'Hello Don' ? '' : 'not '), 'ok ', $main::n++, "\n"); - -package main; - -END { $TEMPFILE && unlink $TEMPFILE } - -exit; - diff --git a/external/perl/Text-Template-1.46/t/09-error.t b/external/perl/Text-Template-1.46/t/09-error.t deleted file mode 100644 index 40f9fac6cb..0000000000 --- a/external/perl/Text-Template-1.46/t/09-error.t +++ /dev/null @@ -1,63 +0,0 @@ -#!perl -# -# test apparatus for Text::Template module -# still incomplete. - -use Text::Template; - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..5\n"; -$n = 1; - -# (1-2) Missing source -eval { - Text::Template->new(); -}; -unless ($@ =~ /^\QUsage: Text::Template::new(TYPE => ..., SOURCE => ...)/) { - print STDERR $@; - print "not "; -} -print "ok $n\n"; -$n++; - -eval { - Text::Template->new(TYPE => 'FILE'); -}; -if ($@ =~ /^\QUsage: Text::Template::new(TYPE => ..., SOURCE => ...)/) { - print "ok $n\n"; -} else { - print STDERR $@; - print "not ok $n\n"; -} -$n++; - -# (3) Invalid type -eval { - Text::Template->new(TYPE => 'wlunch', SOURCE => 'fish food'); -}; -if ($@ =~ /^\QIllegal value `WLUNCH' for TYPE parameter/) { - print "ok $n\n"; -} else { - print STDERR $@; - print "not ok $n\n"; -} -$n++; - -# (4-5) File does not exist -my $o = Text::Template->new(TYPE => 'file', - SOURCE => 'this file does not exist'); -print $o ? "not ok $n\n" : "ok $n\n"; -$n++; -print defined($Text::Template::ERROR) - && $Text::Template::ERROR =~ /^Couldn't open file/ - ? "ok $n\n" : "not ok $n\n"; -$n++; - - -exit; - diff --git a/external/perl/Text-Template-1.46/t/10-delimiters.t b/external/perl/Text-Template-1.46/t/10-delimiters.t deleted file mode 100644 index f74d591cc7..0000000000 --- a/external/perl/Text-Template-1.46/t/10-delimiters.t +++ /dev/null @@ -1,99 +0,0 @@ -#!perl -# -# Tests for user-specified delimiter functions -# These tests first appeared in version 1.20. - -use Text::Template; - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..18\n"; -$n = 1; - -# (1) Try a simple delimiter: <<..>> -# First with the delimiters specified at object creation time -$V = $V = 119; -$template = q{The value of $V is <<$V>>.}; -$result = q{The value of $V is 119.}; -$template1 = Text::Template->new(TYPE => STRING, - SOURCE => $template, - DELIMITERS => ['<<', '>>'] - ) - or die "Couldn't construct template object: $Text::Template::ERROR; aborting"; -$text = $template1->fill_in(); -print +($text eq $result ? '' : 'not '), "ok $n\n"; -$n++; - -# (2) Now with delimiter choice deferred until fill-in time. -$template1 = Text::Template->new(TYPE => STRING, SOURCE => $template); -$text = $template1->fill_in(DELIMITERS => ['<<', '>>']); -print +($text eq $result ? '' : 'not '), "ok $n\n"; -$n++; - -# (3) Now we'll try using regex metacharacters -# First with the delimiters specified at object creation time -$template = q{The value of $V is [$V].}; -$template1 = Text::Template->new(TYPE => STRING, - SOURCE => $template, - DELIMITERS => ['[', ']'] - ) - or die "Couldn't construct template object: $Text::Template::ERROR; aborting"; -$text = $template1->fill_in(); -print +($text eq $result ? '' : 'not '), "ok $n\n"; -$n++; - -# (4) Now with delimiter choice deferred until fill-in time. -$template1 = Text::Template->new(TYPE => STRING, SOURCE => $template); -$text = $template1->fill_in(DELIMITERS => ['[', ']']); -print +($text eq $result ? '' : 'not '), "ok $n\n"; -$n++; - - - -# (5-18) Make sure \ is working properly -# (That is to say, it is ignored.) -# These tests are similar to those in 01-basic.t. -my @tests = ('{""}' => '', # (5) - - # Backslashes don't matter - '{"}"}' => undef, - '{"\\}"}' => undef, # One backslash - '{"\\\\}"}' => undef, # Two backslashes - '{"\\\\\\}"}' => undef, # Three backslashes - '{"\\\\\\\\}"}' => undef, # Four backslashes (10) - '{"\\\\\\\\\\}"}' => undef, # Five backslashes - - # Backslashes are always passed directly to Perl - '{"x20"}' => 'x20', - '{"\\x20"}' => ' ', # One backslash - '{"\\\\x20"}' => '\\x20', # Two backslashes - '{"\\\\\\x20"}' => '\\ ', # Three backslashes (15) - '{"\\\\\\\\x20"}' => '\\\\x20', # Four backslashes - '{"\\\\\\\\\\x20"}' => '\\\\ ', # Five backslashes - '{"\\x20\\}"}' => undef, # (18) - ); - -my $i; -for ($i=0; $i<@tests; $i+=2) { - my $tmpl = Text::Template->new(TYPE => 'STRING', - SOURCE => $tests[$i], - DELIMITERS => ['{', '}'], - ); - my $text = $tmpl->fill_in; - my $result = $tests[$i+1]; - my $ok = (! defined $text && ! defined $result - || $text eq $result); - unless ($ok) { - print STDERR "($n) expected .$result., got .$text.\n"; - } - print +($ok ? '' : 'not '), "ok $n\n"; - $n++; -} - - -exit; - diff --git a/external/perl/Text-Template-1.46/t/11-prepend.t b/external/perl/Text-Template-1.46/t/11-prepend.t deleted file mode 100644 index fe242e5898..0000000000 --- a/external/perl/Text-Template-1.46/t/11-prepend.t +++ /dev/null @@ -1,94 +0,0 @@ -#!perl -# -# Tests for PREPEND features -# These tests first appeared in version 1.22. - -use Text::Template; - -die "This is the test program for Text::Template version 1.46 -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -print "1..9\n"; -my $n = 1; - - at Emptyclass1::ISA = 'Text::Template'; - at Emptyclass2::ISA = 'Text::Template'; - -my $tin = q{The value of $foo is: {$foo}}; - -Text::Template->always_prepend(q{$foo = "global"}); - -$tmpl1 = Text::Template->new(TYPE => 'STRING', - SOURCE => $tin, - ); - -$tmpl2 = Text::Template->new(TYPE => 'STRING', - SOURCE => $tin, - PREPEND => q{$foo = "template"}, - ); - -$tmpl1->compile; -$tmpl2->compile; - -$t1 = $tmpl1->fill_in(PACKAGE => 'T1'); -$t2 = $tmpl2->fill_in(PACKAGE => 'T2'); -$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T3'); - -($t1 eq 'The value of $foo is: global') or print "not "; -print "ok $n\n"; $n++; -($t2 eq 'The value of $foo is: template') or print "not "; -print "ok $n\n"; $n++; -($t3 eq 'The value of $foo is: fillin') or print "not "; -print "ok $n\n"; $n++; - -Emptyclass1->always_prepend(q{$foo = 'Emptyclass global';}); -$tmpl1 = Emptyclass1->new(TYPE => 'STRING', - SOURCE => $tin, - ); - -$tmpl2 = Emptyclass1->new(TYPE => 'STRING', - SOURCE => $tin, - PREPEND => q{$foo = "template"}, - ); - -$tmpl1->compile; -$tmpl2->compile; - -$t1 = $tmpl1->fill_in(PACKAGE => 'T4'); -$t2 = $tmpl2->fill_in(PACKAGE => 'T5'); -$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T6'); - -($t1 eq 'The value of $foo is: Emptyclass global') or print "not "; -print "ok $n\n"; $n++; -($t2 eq 'The value of $foo is: template') or print "not "; -print "ok $n\n"; $n++; -($t3 eq 'The value of $foo is: fillin') or print "not "; -print "ok $n\n"; $n++; - -$tmpl1 = Emptyclass2->new(TYPE => 'STRING', - SOURCE => $tin, - ); - -$tmpl2 = Emptyclass2->new(TYPE => 'STRING', - SOURCE => $tin, - PREPEND => q{$foo = "template"}, - ); - -$tmpl1->compile; -$tmpl2->compile; - -$t1 = $tmpl1->fill_in(PACKAGE => 'T4'); -$t2 = $tmpl2->fill_in(PACKAGE => 'T5'); -$t3 = $tmpl2->fill_in(PREPEND => q{$foo = "fillin"}, PACKAGE => 'T6'); - -($t1 eq 'The value of $foo is: global') or print "not "; -print "ok $n\n"; $n++; -($t2 eq 'The value of $foo is: template') or print "not "; -print "ok $n\n"; $n++; -($t3 eq 'The value of $foo is: fillin') or print "not "; -print "ok $n\n"; $n++; - - diff --git a/external/perl/Text-Template-1.46/t/12-preprocess.t b/external/perl/Text-Template-1.46/t/12-preprocess.t deleted file mode 100644 index 60b6b0c65b..0000000000 --- a/external/perl/Text-Template-1.46/t/12-preprocess.t +++ /dev/null @@ -1,52 +0,0 @@ -#!perl -# -# Tests for PREPROCESSOR features -# These tests first appeared in version 1.25. - -use Text::Template::Preprocess; - -die "This is the test program for Text::Template::Preprocess version 1.46. -You are using version $Text::Template::Preprocess::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::Preprocess::VERSION == 1.46; - -$TMPFILE = "tt$$"; - -print "1..8\n"; -my $n = 1; - -my $py = sub { tr/x/y/ }; -my $pz = sub { tr/x/z/ }; - -my $t = 'xxx The value of $x is {$x}'; -my $outx = 'xxx The value of $x is 119'; -my $outy = 'yyy The value of $y is 23'; -my $outz = 'zzz The value of $z is 5'; -open TF, "> $TMPFILE" or die "Couldn't open test file: $!; aborting"; -print TF $t; -close TF; - - at result = ($outx, $outy, $outz, $outz); -for my $trial (1, 0) { - for my $test (0 .. 3) { - my $tmpl; - if ($trial == 0) { - $tmpl = new Text::Template::Preprocess - (TYPE => 'STRING', SOURCE => $t) or die; - } else { - open TF, "< $TMPFILE" or die "Couldn't open test file: $!; aborting"; - $tmpl = new Text::Template::Preprocess - (TYPE => 'FILEHANDLE', SOURCE => \*TF) or die; - } - $tmpl->preprocessor($py) if ($test & 1) == 1; - my @args = ((($test & 2) == 2) ? (PREPROCESSOR => $pz) : ()); - my $o = $tmpl->fill_in(@args, - HASH => {x => 119, 'y' => 23, z => 5}); -# print STDERR "$o/$result[$test]\n"; - print +(($o eq $result[$test]) ? '' : 'not '), "ok $n\n"; - $n++; - } -} - -unlink $TMPFILE; diff --git a/external/perl/Text-Template-1.46/t/13-taint.t b/external/perl/Text-Template-1.46/t/13-taint.t deleted file mode 100644 index d92a37463a..0000000000 --- a/external/perl/Text-Template-1.46/t/13-taint.t +++ /dev/null @@ -1,119 +0,0 @@ -#!perl -T -# Tests for taint-mode features - -use lib 'blib/lib'; -use Text::Template; - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -my $r = int(rand(10000)); -my $file = "tt$r"; - -# makes its arguments tainted -sub taint { - for (@_) { - $_ .= substr($0,0,0); # LOD - } -} - - -print "1..21\n"; - -my $n =1; -print "ok ", $n++, "\n"; - -my $template = 'The value of $n is {$n}.'; - -open T, "> $file" or die "Couldn't write temporary file $file: $!"; -print T $template, "\n"; -close T or die "Couldn't finish temporary file $file: $!"; - -sub should_fail { - my $obj = Text::Template->new(@_); - eval {$obj->fill_in()}; - if ($@) { - print "ok $n # $@\n"; - } else { - print "not ok $n # (didn't fail)\n"; - } - $n++; -} - -sub should_work { - my $obj = Text::Template->new(@_); - eval {$obj->fill_in()}; - if ($@) { - print "not ok $n # $@\n"; - } else { - print "ok $n\n"; - } - $n++; -} - -sub should_be_tainted { - if (Text::Template::_is_clean($_[0])) { - print "not ok $n\n"; $n++; return; - } - print "ok $n\n"; $n++; return; -} - -sub should_be_clean { - unless (Text::Template::_is_clean($_[0])) { - print "not ok $n\n"; $n++; return; - } - print "ok $n\n"; $n++; return; -} - -# Tainted filename should die with and without UNTAINT option -# untainted filename should die without UNTAINT option -# filehandle should die without UNTAINT option -# string and array with tainted data should die either way - -# (2)-(7) -my $tfile = $file; -taint($tfile); -should_be_tainted($tfile); -should_be_clean($file); -should_fail TYPE => 'file', SOURCE => $tfile; -should_fail TYPE => 'file', SOURCE => $tfile, UNTAINT => 1; -should_fail TYPE => 'file', SOURCE => $file; -should_work TYPE => 'file', SOURCE => $file, UNTAINT => 1; - -# (8-9) -open H, "< $file" or die "Couldn't open $file for reading: $!; aborting"; -should_fail TYPE => 'filehandle', SOURCE => \*H; -close H; -open H, "< $file" or die "Couldn't open $file for reading: $!; aborting"; -should_work TYPE => 'filehandle', SOURCE => \*H, UNTAINT => 1; -close H; - -# (10-15) -my $ttemplate = $template; -taint($ttemplate); -should_be_tainted($ttemplate); -should_be_clean($template); -should_fail TYPE => 'string', SOURCE => $ttemplate; -should_fail TYPE => 'string', SOURCE => $ttemplate, UNTAINT => 1; -should_work TYPE => 'string', SOURCE => $template; -should_work TYPE => 'string', SOURCE => $template, UNTAINT => 1; - -# (16-19) -my $array = [ $template ]; -my $tarray = [ $ttemplate ]; -should_fail TYPE => 'array', SOURCE => $tarray; -should_fail TYPE => 'array', SOURCE => $tarray, UNTAINT => 1; -should_work TYPE => 'array', SOURCE => $array; -should_work TYPE => 'array', SOURCE => $array, UNTAINT => 1; - -# (20-21) Test _unconditionally_untaint utility function -Text::Template::_unconditionally_untaint($ttemplate); -should_be_clean($ttemplate); -Text::Template::_unconditionally_untaint($tfile); -should_be_clean($tfile); - -END { unlink $file } - diff --git a/external/perl/Text-Template-1.46/t/14-broken.t b/external/perl/Text-Template-1.46/t/14-broken.t deleted file mode 100644 index d362395cfb..0000000000 --- a/external/perl/Text-Template-1.46/t/14-broken.t +++ /dev/null @@ -1,82 +0,0 @@ -#!perl -# test apparatus for Text::Template module - -use Text::Template; - -print "1..5\n"; - -$n=1; - -die "This is the test program for Text::Template version 1.46. -You are using version $Text::Template::VERSION instead. -That does not make sense.\n -Aborting" - unless $Text::Template::VERSION == 1.46; - -# (1) basic error delivery -{ my $r = Text::Template->new(TYPE => 'string', - SOURCE => '{1/0}', - )->fill_in(); - if ($r eq q{Program fragment delivered error ``Illegal division by zero at template line 1.''}) { - print "ok $n\n"; - } else { - print "not ok $n\n# $r\n"; - } - $n++; -} - -# (2) BROKEN sub called in ->new? -{ my $r = Text::Template->new(TYPE => 'string', - SOURCE => '{1/0}', - BROKEN => sub {'---'}, - )->fill_in(); - if ($r eq q{---}) { - print "ok $n\n"; - } else { - print "not ok $n\n# $r\n"; - } - $n++; -} - -# (3) BROKEN sub called in ->fill_in? -{ my $r = Text::Template->new(TYPE => 'string', - SOURCE => '{1/0}', - )->fill_in(BROKEN => sub {'---'}); - if ($r eq q{---}) { - print "ok $n\n"; - } else { - print "not ok $n\n# $r\n"; - } - $n++; -} - -# (4) BROKEN sub passed correct args when called in ->new? -{ my $r = Text::Template->new(TYPE => 'string', - SOURCE => '{1/0}', - BROKEN => sub { my %a = @_; - qq{$a{lineno},$a{error},$a{text}} - }, - )->fill_in(); - if ($r eq qq{1,Illegal division by zero at template line 1.\n,1/0}) { - print "ok $n\n"; - } else { - print "not ok $n\n# $r\n"; - } - $n++; -} - -# (5) BROKEN sub passed correct args when called in ->fill_in? -{ my $r = Text::Template->new(TYPE => 'string', - SOURCE => '{1/0}', - )->fill_in(BROKEN => - sub { my %a = @_; - qq{$a{lineno},$a{error},$a{text}} - }); - if ($r eq qq{1,Illegal division by zero at template line 1.\n,1/0}) { - print "ok $n\n"; - } else { - print "not ok $n\n# $r\n"; - } - $n++; -} - diff --git a/external/perl/Text-Template-1.56/Changes b/external/perl/Text-Template-1.56/Changes new file mode 100644 index 0000000000..3c50179ad8 --- /dev/null +++ b/external/perl/Text-Template-1.56/Changes @@ -0,0 +1,301 @@ +Revision history for Text::Template + +1.56 2019-07-09 + - Fix typos in Changes + +1.55 2019-02-25 + - Improve AppVeyor tests for older Perls (Thanks Roy Ivy) + - Check for Test::More 0.94 and skip tests if not installed where + done_testing() is used (Thanks Roy Ivy). + - Improve workaround for broken Win32 File::Temp taint failure (Thanks Roy Ivy). + - Skip/todo tests which fail under Devel::Cover (Thanks Roy Ivy) + - Add checks and skip_all checks for non-core test modules (Thanks Roy Ivy) + +1.54 2019-01-13 + - Fix tempfile creation during tests on Win32 + +1.53 2018-05-02 + - Add support for decoding template files via ENCODING constructor arg + [github #11] + - Docs cleanup: replace indirect-object style examples and use class method + style constructor calls in the POD docs + - Docs cleanup: remove hard tabs from POD, replace dated, unfair synopsis + [github #5], convert "THANKS" section to a POD list + +1.52 2018-03-19 + - Fix possible 'Subroutine ... redefined' warning (Github #10) + +1.51 2018-03-04 + - Add test for nested tags breakage that happened in v1.46 + - Turn off strict+warnings in sections where template code is eval'ed + [github #9] + +1.50 2018-02-10 + *** Revert support for identical start/end delimiters (e.g.: @@foo@@, XXfooXX) + due to breakage with nested tags (see + https://github.com/mschout/perl-text-template/issues/8). Will revisit + this in a future release. + +1.49 2018-02-07 + - Fix failing tests in v1.48 under perl < 5.8.9 + +1.48 2018-02-07 + - remove COPYING and Artistic files from the dist. These are replaced by + the Dist::Zilla generated LICENSE file. + - use strict/warnings (thanks Mohammad S Anwar) + - remove $VERSION checks from tests. This makes it easier to run the test + with Dist::Zilla and avoids maintenance issue of updating the tests for + each release (Thanks Andrew Ruder). + - Allow precompiled templates to work with preprocessing [#29928] (Thanks + Nik LaBelle) + - Add "strict" option to fill_in(). This adds "use strict" and "use vars + (...)" to the prepend section, and only the keys of the HASH option are + allowed in the template. (Thanks Desmond Daignault, Kivanc Yazan, CJM) + [55696] + - Fix templates with inline comments without newline after comment for perl + < 5.18 [34292] + - Don't use bareword file handles + - use three arg form of open() + - Fix BROKEN behaviour so that it returns the text accumulated so far on + undef as documented [28974] + - Source code cleanups + - Minimum perl version is now 5.8.0 + - Allow start/end delimiters to be identical (e.g.: @@foo@@, XXfooXX) + (Thanks mirod) [46639] + - Fix + document the FILENAME parameter to fill_in() (Thanks VDB) [106093] + - Test suite cleanups: + + turn on strict/warnings for all tests + + run tests through perltidy and formatting cleanup + + remove number prefixes from test names + + use Test::More instead of generating TAP by hand + + use three-arg form of open() + + don't use indirect object syntax + + don't use bareword file handles + + use File::Temp to generate temporary files + +1.47 2017-02-27 + - Fix longstanding memory leak in _scrubpkg() [#22031] + - Fix various spelling errors [#86872] + +NOTE: Changes for versions prior to 1.47 have been imported from README + +1.46 2013-02-11 + - Thanks to Rik Signes, there is a new + Text::Template->append_text_to_output method, which Text::Template always + uses whenever it wants to emit output. You can subclass this to get + control over the output, for example for postprocessing. + - A spurious warning is no longer emitted when the TYPE parameter to ->new + is omitted. + +1.45 2008-04-16 + +1.44 2003-04-29 + - This is a maintenance release. There are no feature changes. + - _scrubpkg, which was responsible for eptying out temporary packages after + the module had done with them, wasn't always working; the result was + memory leaks in long-running applications. This should be fixed now, and + there is a test in the test suite for it. + - Minor changes to the test suite to prevent spurious errors. + - Minor documentation changes. + +1.43 2002-03-25 + - The ->new method now fails immediately and sets $Text::Template::ERROR if + the file that is named by a filename argument does not exist or cannot be + opened for some other reason. Formerly, the constructor would succeed + and the ->fill_in call would fail. + +1.42 2001-11-05 + - This is a maintenance release. There are no feature changes. + - Fixed a bug relating to use of UNTAINT under perl 5.005_03 and possibly + other versions. + - Taint-related tests are now more comprehensive. + +1.41 2001-09-04 + - This is a maintenance release. There are no feature changes. + - Tests now work correctly on Windows systems and possibly on other + non-unix systems. + +1.40 2001-08-30 + *** INCOMPATIBLE CHANGE *** + - The format of the default error message has changed. It used to look + like: + + Program fragment at line 30 delivered error ``Illegal division by zero'' + + It now looks like: + + Program fragment delivered error ``Illegal division by zero at catalog.tmpl line 37'' + + Note that the default message used to report the line number at which the + program fragment began; it now reports the line number at which the error + actually occurred. + + *** INCOMPATIBLE CHANGE *** + - The format of the default error message has changed. It used to look like: + + Program fragment at line 30 delivered error ``Illegal division by zero'' + + It now looks like: + + Program fragment delivered error ``Illegal division by zero at catalog.tmpl line 37'' + + - Note that the default message used to report the line number at which the + program fragment began; it now reports the line number at which the error + actually occurred. + - New UNTAINT option tells the module that it is safe to 'eval' code even + though it has come from a file or filehandle. + - Code added to prevent memory leaks when filling many templates. Thanks + to Itamar Almeida de Carvalho. + - Bug fix: $OUT was not correctly initialized when used in conjunction + with SAFE. + - You may now use a glob ref when passing a filehandle to the ->new + function. Formerly, a glob was required. + - New subclass: Text::Template::Preprocess. Just like Text::Template, but + you may supply a PREPROCESS option in the constructor or the fill_in + call; this is a function which receives each code fragment prior to + evaluation, and which may modify and return the fragment; the modified + fragment is what is evaluated. + - Error messages passed to BROKEN subroutines will now report the correct + line number of the template at which the error occurred: + + Illegal division by zero at template line 37. + + - If the template comes from a file, the filename will be reported as well: + + Illegal division by zero at catalog.tmpl line 37. + + - New UNTAINT option tells the module that it is safe to eval template code + even if it has come from a file or filehandle, disabling taint checking + in these cases. + - Code added to prevent memory leaks when filling many templates. Thanks to + Itamar Almeida de Carvalho. + - Bug fix: $OUT was not always correctly initialized when used in + conjunction with SAFE. + - You may now use a glob ref when passing a filehandle to the new function. + Formerly, a glob was required. + - Error messages passed to BROKEN subroutines will now report the correct + line number of the template at which the error occurred: + + Illegal division by zero at template line 37. + + If the template comes from a file, the filename will be reported as well: + + Illegal division by zero at catalog.tmpl line 37. + + - New subclass: Text::Template::Preprocess. Just like Text::Template, but + you may supply a PREPROCESS option in the fill_in call; this is a + function which receives each code fragment prior to evaluation, and which + may modify and return the fragment; the modified fragment is what is + evaluated. + +1.31 2001-02-05 + - Maintenance and bug fix release + - fill_in_string was failing. Thanks to Donald L. Greer Jr. for the test case. + +1.23 1999-12-21 + - Small bug fix: DELIMITER and other arguments were being ignored in calls + to fill_in_file and fill_this_in. (Thanks to Jonathan Roy for reporting + this.) + +1.22 + - You can now specify that certain Perl statements be prepended to the + beginning of every program fragment in a template, either per template, + or for all templates, or for the duration of only one call to fill_in. + This is useful, for example, if you want to enable `strict' checks in + your templates but you don't want to manually add `use strict' to the + front of every program fragment everywhere. + +1.20 1999-03-08 + - You can now specify that the program fragment delimiters are strings + other than { and }. This has three interesting effects: First, it + changes the delimiter strings. Second, it disables the special meaning + of \, so you have to be really, really sure that the delimiters will not + appear in your templates. And third, because of the simplifications + introduced by the elimination of \ processing, template parsing is 20-25% + faster. See the manual section on `Alternative Delimiters'. + - Fixed bug having to do with undefined values in HASH options. In + particular, Text::Template no longer generates a warning if you try to + give a variable an undefined value. + +1.12 1999-02-28 + - I forgot to say that Text::Template ISA Exporter, so the exported + functions never got exported. Duhhh! + - Template TYPEs are now case-insensitive. The `new' method now diagnoses + attempts to use an invalid TYPE. + - More tests for these things. + +1.11 1999-02-25 + - Fixed a bug in the way backslashes were processed. The 1.10 behavior was + incompatible with the beta versions and was also inconvenient. (`\n' in + templates was replaced with `n' before it was given to Perl for + evaluation.) The new behavior is also incompatible with the beta + versions, but it is only a little bit incompatible, and it is probably + better. + - Documentation for the new behavior, and tests for the bug. + +1.10 1999-02-13 + - New OUTPUT option delivers template results directly to a filehandle + instead of making them into a string. Saves space and time. + - PACKAGE and HASH now work intelligently with SAFE. + - Fragments may now output data directly to the template, rather than + having to arrange to return it as a return value at the end. This means + that where you used to have to write this: + + { my $blist = ''; + foreach $i (@items) { + $blist .= qq{ * $i\n}; + } + $blist; + } + + You can now write this instead, because $OUT is special. + + { foreach $i (@items) { + $OUT.= " * $i\n"; + } + } + + (`A spoonful of sugar makes the medicine go down.') + - Fixed some small bugs. Worked around a bug in Perl that does the wrong + thing with $x = when $x contains a glob. + - More documentation. Errors fixed. + - Lots more tests. + +1.03 1999-02-06 + - Code added to support HASH option to fill_in. (Incl. `_gensym' + function.) + - Documentation for HASH. + - New test file for HASH. + - Note about failure of lexical variables to propagate into templates. Why + does this surprise people? + - Bug fix: program fragments are evaluated in an environment with `no + strict' by default. Otherwise, you get a lot of `Global symbol "$v" + requires explicit package name' failures. Why didn't the test program + pick this up? Because the only variable the test program ever used was + `$a', which is exempt. Duhhhhh. + - Fixed the test program. + - Various minor documentation fixes. + +1.00 1999-02-05 + This is a complete rewrite. The new version delivers better functionality + but is only 2/3 as long, which I think is a good sign. It is supposed to be + 100% backward-compatible with the previous versions. With one cosmetic + change, it passes the test suite that the previous versions passed. If you + have compatibility problems, please mail me immediately. + + - At least twice as fast + - Better support for filling out the same template more than once + - Now supports evaluation of program fragments in Safe compartments. + (Thanks, Jonathan!) + - Better argument syntax + - More convenience functions + - The parser is much better and simpler + - Once a template is parsed, the parsed version is stored so that + it needn't be parsed again. + - BROKEN function behavior is rationalized. You can now pass an + arbitrary argument to your BROKEN function, or return a value + from it to the main program. + - Documentation overhauled. + +Previous Versions + - Maintained by Mark Jason Dominus (MJD) diff --git a/external/perl/Text-Template-1.46/INSTALL b/external/perl/Text-Template-1.56/INSTALL similarity index 100% rename from external/perl/Text-Template-1.46/INSTALL rename to external/perl/Text-Template-1.56/INSTALL diff --git a/external/perl/Text-Template-1.56/LICENSE b/external/perl/Text-Template-1.56/LICENSE new file mode 100644 index 0000000000..718b860a23 --- /dev/null +++ b/external/perl/Text-Template-1.56/LICENSE @@ -0,0 +1,379 @@ +This software is copyright (c) 2013 by Mark Jason Dominus . + +This is free software; you can redistribute it and/or modify it under +the same terms as the Perl 5 programming language system itself. + +Terms of the Perl programming language system itself + +a) the GNU General Public License as published by the Free + Software Foundation; either version 1, or (at your option) any + later version, or +b) the "Artistic License" + +--- The GNU General Public License, Version 1, February 1989 --- + +This software is Copyright (c) 2013 by Mark Jason Dominus . + +This is free software, licensed under: + + The GNU General Public License, Version 1, February 1989 + + GNU GENERAL PUBLIC LICENSE + Version 1, February 1989 + + Copyright (C) 1989 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The license agreements of most software companies try to keep users +at the mercy of those companies. By contrast, our General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. The +General Public License applies to the Free Software Foundation's +software and to any other program whose authors commit to using it. +You can use it for your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Specifically, the General Public License is designed to make +sure that you have the freedom to give away or sell copies of free +software, that you receive source code or can get it if you want it, +that you can change the software or use pieces of it in new free +programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of a such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must tell them their rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any program or other work which +contains a notice placed by the copyright holder saying it may be +distributed under the terms of this General Public License. The +"Program", below, refers to any such program or work, and a "work based +on the Program" means either the Program or any work containing the +Program or a portion of it, either verbatim or with modifications. Each +licensee is addressed as "you". + + 1. You may copy and distribute verbatim copies of the Program's source +code as you receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice and +disclaimer of warranty; keep intact all the notices that refer to this +General Public License and to the absence of any warranty; and give any +other recipients of the Program a copy of this General Public License +along with the Program. You may charge a fee for the physical act of +transferring a copy. + + 2. You may modify your copy or copies of the Program or any portion of +it, and copy and distribute such modifications under the terms of Paragraph +1 above, provided that you also do the following: + + a) cause the modified files to carry prominent notices stating that + you changed the files and the date of any change; and + + b) cause the whole of any work that you distribute or publish, that + in whole or in part contains the Program or any part thereof, either + with or without modifications, to be licensed at no charge to all + third parties under the terms of this General Public License (except + that you may choose to grant warranty protection to some or all + third parties, at your option). + + c) If the modified program normally reads commands interactively when + run, you must cause it, when started running for such interactive use + in the simplest and most usual way, to print or display an + announcement including an appropriate copyright notice and a notice + that there is no warranty (or else, saying that you provide a + warranty) and that users may redistribute the program under these + conditions, and telling the user how to view a copy of this General + Public License. + + d) You may charge a fee for the physical act of transferring a + copy, and you may at your option offer warranty protection in + exchange for a fee. + +Mere aggregation of another independent work with the Program (or its +derivative) on a volume of a storage or distribution medium does not bring +the other work under the scope of these terms. + + 3. You may copy and distribute the Program (or a portion or derivative of +it, under Paragraph 2) in object code or executable form under the terms of +Paragraphs 1 and 2 above provided that you also do one of the following: + + a) accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of + Paragraphs 1 and 2 above; or, + + b) accompany it with a written offer, valid for at least three + years, to give any third party free (except for a nominal charge + for the cost of distribution) a complete machine-readable copy of the + corresponding source code, to be distributed under the terms of + Paragraphs 1 and 2 above; or, + + c) accompany it with the information you received as to where the + corresponding source code may be obtained. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form alone.) + +Source code for a work means the preferred form of the work for making +modifications to it. For an executable file, complete source code means +all the source code for all modules it contains; but, as a special +exception, it need not include source code for modules which are standard +libraries that accompany the operating system on which the executable +file runs, or for standard header files or definitions files that +accompany that operating system. + + 4. You may not copy, modify, sublicense, distribute or transfer the +Program except as expressly provided under this General Public License. +Any attempt otherwise to copy, modify, sublicense, distribute or transfer +the Program is void, and will automatically terminate your rights to use +the Program under this License. However, parties who have received +copies, or rights to use copies, from you under this General Public +License will not have their licenses terminated so long as such parties +remain in full compliance. + + 5. By copying, distributing or modifying the Program (or any work based +on the Program) you indicate your acceptance of this license to do so, +and all its terms and conditions. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the original +licensor to copy, distribute or modify the Program subject to these +terms and conditions. You may not impose any further restrictions on the +recipients' exercise of the rights granted herein. + + 7. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of the license which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +the license, you may choose any version ever published by the Free Software +Foundation. + + 8. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + Appendix: How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to humanity, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + + To do so, attach the following notices to the program. It is safest to +attach them to the start of each source file to most effectively convey +the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 1, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19xx name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the +appropriate parts of the General Public License. Of course, the +commands you use may be called something other than `show w' and `show +c'; they could even be mouse-clicks or menu items--whatever suits your +program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + program `Gnomovision' (a program to direct compilers to make passes + at assemblers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +That's all there is to it! + + +--- The Artistic License 1.0 --- + +This software is Copyright (c) 2013 by Mark Jason Dominus . + +This is free software, licensed under: + + The Artistic License 1.0 + +The Artistic License + +Preamble + +The intent of this document is to state the conditions under which a Package +may be copied, such that the Copyright Holder maintains some semblance of +artistic control over the development of the package, while giving the users of +the package the right to use and distribute the Package in a more-or-less +customary fashion, plus the right to make reasonable modifications. + +Definitions: + + - "Package" refers to the collection of files distributed by the Copyright + Holder, and derivatives of that collection of files created through + textual modification. + - "Standard Version" refers to such a Package if it has not been modified, + or has been modified in accordance with the wishes of the Copyright + Holder. + - "Copyright Holder" is whoever is named in the copyright or copyrights for + the package. + - "You" is you, if you're thinking about copying or distributing this Package. + - "Reasonable copying fee" is whatever you can justify on the basis of media + cost, duplication charges, time of people involved, and so on. (You will + not be required to justify it to the Copyright Holder, but only to the + computing community at large as a market that must bear the fee.) + - "Freely Available" means that no fee is charged for the item itself, though + there may be fees involved in handling the item. It also means that + recipients of the item may redistribute it under the same conditions they + received it. + +1. You may make and give away verbatim copies of the source form of the +Standard Version of this Package without restriction, provided that you +duplicate all of the original copyright notices and associated disclaimers. + +2. You may apply bug fixes, portability fixes and other modifications derived +from the Public Domain or from the Copyright Holder. A Package modified in such +a way shall still be considered the Standard Version. + +3. You may otherwise modify your copy of this Package in any way, provided that +you insert a prominent notice in each changed file stating how and when you +changed that file, and provided that you do at least ONE of the following: + + a) place your modifications in the Public Domain or otherwise make them + Freely Available, such as by posting said modifications to Usenet or an + equivalent medium, or placing the modifications on a major archive site + such as ftp.uu.net, or by allowing the Copyright Holder to include your + modifications in the Standard Version of the Package. + + b) use the modified Package only within your corporation or organization. + + c) rename any non-standard executables so the names do not conflict with + standard executables, which must also be provided, and provide a separate + manual page for each non-standard executable that clearly documents how it + differs from the Standard Version. + + d) make other distribution arrangements with the Copyright Holder. + +4. You may distribute the programs of this Package in object code or executable +form, provided that you do at least ONE of the following: + + a) distribute a Standard Version of the executables and library files, + together with instructions (in the manual page or equivalent) on where to + get the Standard Version. + + b) accompany the distribution with the machine-readable source of the Package + with your modifications. + + c) accompany any non-standard executables with their corresponding Standard + Version executables, giving the non-standard executables non-standard + names, and clearly documenting the differences in manual pages (or + equivalent), together with instructions on where to get the Standard + Version. + + d) make other distribution arrangements with the Copyright Holder. + +5. You may charge a reasonable copying fee for any distribution of this +Package. You may charge any fee you choose for support of this Package. You +may not charge a fee for this Package itself. However, you may distribute this +Package in aggregate with other (possibly commercial) programs as part of a +larger (possibly commercial) software distribution provided that you do not +advertise this Package as a product of your own. + +6. The scripts and library files supplied as input to or produced as output +from the programs of this Package do not automatically fall under the copyright +of this Package, but belong to whomever generated them, and may be sold +commercially, and may be aggregated with this Package. + +7. C or perl subroutines supplied by you and linked into this Package shall not +be considered part of this Package. + +8. The name of the Copyright Holder may not be used to endorse or promote +products derived from this software without specific prior written permission. + +9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + +The End + diff --git a/external/perl/Text-Template-1.56/MANIFEST b/external/perl/Text-Template-1.56/MANIFEST new file mode 100644 index 0000000000..7f07faaa49 --- /dev/null +++ b/external/perl/Text-Template-1.56/MANIFEST @@ -0,0 +1,34 @@ +# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.012. +Changes +INSTALL +LICENSE +MANIFEST +META.json +META.yml +Makefile.PL +README +SIGNATURE +lib/Text/Template.pm +lib/Text/Template/Preprocess.pm +t/author-pod-syntax.t +t/author-signature.t +t/basic.t +t/broken.t +t/delimiters.t +t/error.t +t/exported.t +t/hash.t +t/inline-comment.t +t/nested-tags.t +t/ofh.t +t/out.t +t/prepend.t +t/preprocess.t +t/rt29928.t +t/safe.t +t/safe2.t +t/safe3.t +t/strict.t +t/taint.t +t/template-encoding.t +t/warnings.t diff --git a/external/perl/Text-Template-1.56/META.json b/external/perl/Text-Template-1.56/META.json new file mode 100644 index 0000000000..2d41ada9a0 --- /dev/null +++ b/external/perl/Text-Template-1.56/META.json @@ -0,0 +1,83 @@ +{ + "abstract" : "Expand template text with embedded Perl", + "author" : [ + "Michael Schout " + ], + "dynamic_config" : 0, + "generated_by" : "Dist::Zilla version 6.012, CPAN::Meta::Converter version 2.150010", + "license" : [ + "perl_5" + ], + "meta-spec" : { + "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", + "version" : 2 + }, + "name" : "Text-Template", + "prereqs" : { + "configure" : { + "requires" : { + "ExtUtils::MakeMaker" : "0", + "perl" : "5.008" + } + }, + "develop" : { + "requires" : { + "Dist::Zilla" : "5", + "Dist::Zilla::PluginBundle::MSCHOUT" : "0", + "Software::License::Perl_5" : "0", + "Test::Pod" : "1.41", + "Test::Signature" : "0" + } + }, + "runtime" : { + "requires" : { + "Carp" : "0", + "Encode" : "0", + "Exporter" : "0", + "base" : "0", + "perl" : "5.008", + "strict" : "0", + "warnings" : "0" + } + }, + "test" : { + "requires" : { + "File::Temp" : "0", + "Safe" : "0", + "Test::More" : "0", + "Test::More::UTF8" : "0", + "Test::Warnings" : "0", + "lib" : "0", + "perl" : "5.008", + "utf8" : "0", + "vars" : "0" + } + } + }, + "provides" : { + "Text::Template" : { + "file" : "lib/Text/Template.pm", + "version" : "1.56" + }, + "Text::Template::Preprocess" : { + "file" : "lib/Text/Template/Preprocess.pm", + "version" : "1.56" + } + }, + "release_status" : "stable", + "resources" : { + "bugtracker" : { + "web" : "https://github.com/mschout/perl-text-template/issues" + }, + "homepage" : "https://github.com/mschout/perl-text-template", + "repository" : { + "type" : "git", + "url" : "https://github.com/mschout/perl-text-template.git", + "web" : "https://github.com/mschout/perl-text-template" + } + }, + "version" : "1.56", + "x_generated_by_perl" : "v5.26.2", + "x_serialization_backend" : "Cpanel::JSON::XS version 4.04" +} + diff --git a/external/perl/Text-Template-1.56/META.yml b/external/perl/Text-Template-1.56/META.yml new file mode 100644 index 0000000000..0310ce6e21 --- /dev/null +++ b/external/perl/Text-Template-1.56/META.yml @@ -0,0 +1,46 @@ +--- +abstract: 'Expand template text with embedded Perl' +author: + - 'Michael Schout ' +build_requires: + File::Temp: '0' + Safe: '0' + Test::More: '0' + Test::More::UTF8: '0' + Test::Warnings: '0' + lib: '0' + perl: '5.008' + utf8: '0' + vars: '0' +configure_requires: + ExtUtils::MakeMaker: '0' + perl: '5.008' +dynamic_config: 0 +generated_by: 'Dist::Zilla version 6.012, CPAN::Meta::Converter version 2.150010' +license: perl +meta-spec: + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: '1.4' +name: Text-Template +provides: + Text::Template: + file: lib/Text/Template.pm + version: '1.56' + Text::Template::Preprocess: + file: lib/Text/Template/Preprocess.pm + version: '1.56' +requires: + Carp: '0' + Encode: '0' + Exporter: '0' + base: '0' + perl: '5.008' + strict: '0' + warnings: '0' +resources: + bugtracker: https://github.com/mschout/perl-text-template/issues + homepage: https://github.com/mschout/perl-text-template + repository: https://github.com/mschout/perl-text-template.git +version: '1.56' +x_generated_by_perl: v5.26.2 +x_serialization_backend: 'YAML::Tiny version 1.73' diff --git a/external/perl/Text-Template-1.56/Makefile.PL b/external/perl/Text-Template-1.56/Makefile.PL new file mode 100644 index 0000000000..15b421be1f --- /dev/null +++ b/external/perl/Text-Template-1.56/Makefile.PL @@ -0,0 +1,71 @@ +# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v6.012. +use strict; +use warnings; + +use 5.008; + +use ExtUtils::MakeMaker; + +my %WriteMakefileArgs = ( + "ABSTRACT" => "Expand template text with embedded Perl", + "AUTHOR" => "Michael Schout ", + "CONFIGURE_REQUIRES" => { + "ExtUtils::MakeMaker" => 0 + }, + "DISTNAME" => "Text-Template", + "LICENSE" => "perl", + "MIN_PERL_VERSION" => "5.008", + "NAME" => "Text::Template", + "PREREQ_PM" => { + "Carp" => 0, + "Encode" => 0, + "Exporter" => 0, + "base" => 0, + "strict" => 0, + "warnings" => 0 + }, + "TEST_REQUIRES" => { + "File::Temp" => 0, + "Safe" => 0, + "Test::More" => 0, + "Test::More::UTF8" => 0, + "Test::Warnings" => 0, + "lib" => 0, + "utf8" => 0, + "vars" => 0 + }, + "VERSION" => "1.56", + "test" => { + "TESTS" => "t/*.t" + } +); + + +my %FallbackPrereqs = ( + "Carp" => 0, + "Encode" => 0, + "Exporter" => 0, + "File::Temp" => 0, + "Safe" => 0, + "Test::More" => 0, + "Test::More::UTF8" => 0, + "Test::Warnings" => 0, + "base" => 0, + "lib" => 0, + "strict" => 0, + "utf8" => 0, + "vars" => 0, + "warnings" => 0 +); + + +unless ( eval { ExtUtils::MakeMaker->VERSION(6.63_03) } ) { + delete $WriteMakefileArgs{TEST_REQUIRES}; + delete $WriteMakefileArgs{BUILD_REQUIRES}; + $WriteMakefileArgs{PREREQ_PM} = \%FallbackPrereqs; +} + +delete $WriteMakefileArgs{CONFIGURE_REQUIRES} + unless eval { ExtUtils::MakeMaker->VERSION(6.52) }; + +WriteMakefile(%WriteMakefileArgs); diff --git a/external/perl/Text-Template-1.56/README b/external/perl/Text-Template-1.56/README new file mode 100644 index 0000000000..5f62ac7186 --- /dev/null +++ b/external/perl/Text-Template-1.56/README @@ -0,0 +1,62 @@ + +Text::Template v1.46 + +This is a library for generating form letters, building HTML pages, or +filling in templates generally. A `template' is a piece of text that +has little Perl programs embedded in it here and there. When you +`fill in' a template, you evaluate the little programs and replace +them with their values. + +Here's an example of a template: + + Dear {$title} {$lastname}, + + It has come to our attention that you are delinquent in your + {$monthname[$last_paid_month]} payment. Please remit + ${sprintf("%.2f", $amount)} immediately, or your patellae may + be needlessly endangered. + + Love, + + Mark "{nickname(rand 20)}" Dominus + + +The result of filling in this template is a string, which might look +something like this: + + Dear Mr. Gates, + + It has come to our attention that you are delinquent in your + February payment. Please remit + $392.12 immediately, or your patellae may + be needlessly endangered. + + + Love, + + Mark "Vizopteryx" Dominus + +You can store a template in a file outside your program. People can +modify the template without modifying the program. You can separate +the formatting details from the main code, and put the formatting +parts of the program into the template. That prevents code bloat and +encourages functional separation. + +You can fill in the template in a `Safe' compartment. This means that +if you don't trust the person who wrote the code in the template, you +won't have to worry that they are tampering with your program when you +execute it. + +---------------------------------------------------------------- + +Text::Template was originally released some time in late 1995 or early +1996. After three years of study and investigation, I rewrote it from +scratch in January 1999. The new version, 1.0, was much faster, +delivered better functionality and was almost 100% backward-compatible +with the previous beta versions. + +I have added a number of useful features and conveniences since the +1.0 release, while still retaining backward compatibility. With one +merely cosmetic change, the current version of Text::Template passes +the test suite that the old beta versions passed. + diff --git a/external/perl/Text-Template-1.56/SIGNATURE b/external/perl/Text-Template-1.56/SIGNATURE new file mode 100644 index 0000000000..c7cb7d3f35 --- /dev/null +++ b/external/perl/Text-Template-1.56/SIGNATURE @@ -0,0 +1,65 @@ +This file contains message digests of all files listed in MANIFEST, +signed via the Module::Signature module, version 0.81. + +To verify the content in this distribution, first make sure you have +Module::Signature installed, then type: + + % cpansign -v + +It will check each file's integrity, as well as the signature's +validity. If "==> Signature verified OK! <==" is not displayed, +the distribution may already have been compromised, and you should +not run its Makefile.PL or Build.PL. + +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +SHA1 8ba1381d3fc8d81457c35e5aff52b8e55d57be7c Changes +SHA1 b457bd56a70b838ccc55d183ab09de64b6996958 INSTALL +SHA1 f12894289cb0f379f24b8d63e2e761dbcba1b216 LICENSE +SHA1 2c21cb13f53da41c4b30011aca9014db2de46862 MANIFEST +SHA1 ea82a70dfcffe05202868dfe02826aaf1f6e0229 META.json +SHA1 9ad7419fb6209e81652da42967995c8fb8f1826b META.yml +SHA1 f7634b46dde2cf8c6f31fe46327d15151d654a2c Makefile.PL +SHA1 b94aaad0a0bf2c323061bfefb9cf1fd532f14e7b README +SHA1 090d77972c087a8905fa85522854afbf4ccc999b lib/Text/Template.pm +SHA1 ca5251a021e46b60603f10e757d689e52fde1feb lib/Text/Template/Preprocess.pm +SHA1 8efad25309730a4d501fb40fc03eda4697303372 t/author-pod-syntax.t +SHA1 19cc343f8a85c6805bbeb02580487483a6283887 t/author-signature.t +SHA1 ae085010c9f08576ef8584f224e38e6a98c1c178 t/basic.t +SHA1 006feb1a0b1e5780db52aa79bd38933664a8339a t/broken.t +SHA1 dee8cef1fcd43ce5de462018f8539d4a0fbc460f t/delimiters.t +SHA1 304955c4280159ec3a4c0f2717dcff9c887bb487 t/error.t +SHA1 c862dfc08e00e76b3f2aee953583d3cc8e5524a2 t/exported.t +SHA1 50ef92bda3b6b5cbd5a9307e6f17ce49ee8f245c t/hash.t +SHA1 d5dc210684aec8bb2c4817af96597c86047169c1 t/inline-comment.t +SHA1 31ff85f423178f2d6638d35edf859d73f63dd5c7 t/nested-tags.t +SHA1 62ae0720aa86146bccfa23d2c903fa142cb86d50 t/ofh.t +SHA1 68093417d49a2afdfcd4642bacea04466039b734 t/out.t +SHA1 a8b21fdca0f1d243775a00758105e0fcc58022aa t/prepend.t +SHA1 4e7e00eccede7c3231e93ef0f3cb011423be4eb5 t/preprocess.t +SHA1 a52d61ef92e6a88d694db0be4893b88417a72f9c t/rt29928.t +SHA1 5186ff459c6042af11bca92decd271887c7b2eae t/safe.t +SHA1 aa0c9ff96d66c1f74fc7ac73ce173c9f741f552e t/safe2.t +SHA1 b50a51577c0f2c13c9a48113dc7f061385a02219 t/safe3.t +SHA1 16d3abf7588da4c0056c6c6b7818470c8601577c t/strict.t +SHA1 f325ebf739e2aec3ae62427aef0c4e86de58ad29 t/taint.t +SHA1 4dac28585388482f1719f404cc357991af77e345 t/template-encoding.t +SHA1 ce1da9bf88d6ea62d7c756f0d730dfb3c5888b6e t/warnings.t +-----BEGIN PGP SIGNATURE----- + +iQJFBAEBCAAvFiEE2EtuRfhGgngE8PsARAzvLrlUzY4FAl0kljYRHG1zY2hvdXRA +Y3Bhbi5vcmcACgkQRAzvLrlUzY6BdRAAlu/LI+71ax6OJfn6O6SslZCKdIfef1+P +UQ3eQCzbUOK1hP9p6TNOMFv0xPew7a1jSsM/wLjryXKLqGIclonBopRisZjCSaFa +DSH+5k4A9TWKo7n08C3nydVZPTfHXLEO6tHIH2umDHjMyC1gDkApjvSqH53OCtoV +vUTqQn9c6MxmuIWus1gjVynTvXWtBmaqrvTuQENFUXsGH5gVVbEr0VNIyt6Ip3p5 +HnRe8UdykFJZvfhEhH1pbt2j513m9Bqce0eSb/eshraFugx7coD3gk2EXqp8eVzK +84vPEcNC8Moii8+qg48VDh9wBq1u/cba2U7PcVjj3lRk/pAni31XnlXLPWJ0dZLF +fR4glE86ESTGSyI2wGDxyEdev+e64sk7geYmL388kqtpqkKWvALmQkKUJg0T0ppp +LYv31DrsP4QM1duv46y3wVbqUPeQlKBOU81vfyAonrD02tRZjwRpCD67CZ9WSgZu +el85yPneIIijYEOzV8GYHKNiiZKpu2uidKCe+MFGxBtXe9hyi9x95tuyi9/pu2FB +YjbGJ8Wb4xhS7zdDWZb/axfwbcGMVml6a6xA98jVkwjHhPvKsf3qWVZZPtWneeN0 +pGNpMta73wQxrp5/W1GfvBfPVlsker6SAARg2NMwS9Wmp+ZuD6gdJ+aN0/PPtNUd +HQJJFjr/xo4= +=nx9E +-----END PGP SIGNATURE----- diff --git a/external/perl/Text-Template-1.46/lib/Text/Template.pm b/external/perl/Text-Template-1.56/lib/Text/Template.pm similarity index 60% rename from external/perl/Text-Template-1.46/lib/Text/Template.pm rename to external/perl/Text-Template-1.56/lib/Text/Template.pm index dc4f3bac77..be38c73ce4 100644 --- a/external/perl/Text-Template-1.46/lib/Text/Template.pm +++ b/external/perl/Text-Template-1.56/lib/Text/Template.pm @@ -5,486 +5,613 @@ # # Copyright 2013 M. J. Dominus. # You may copy and distribute this program under the -# same terms as Perl iteself. +# same terms as Perl itself. # If in doubt, write to mjd-perl-template+ at plover.com for a license. # -# Version 1.46 package Text::Template; -require 5.004; -use Exporter; - at ISA = qw(Exporter); - at EXPORT_OK = qw(fill_in_file fill_in_string TTerror); -use vars '$ERROR'; +$Text::Template::VERSION = '1.56'; +# ABSTRACT: Expand template text with embedded Perl + use strict; +use warnings; + +require 5.008; + +use base 'Exporter'; + +our @EXPORT_OK = qw(fill_in_file fill_in_string TTerror); +our $ERROR; -$Text::Template::VERSION = '1.46'; my %GLOBAL_PREPEND = ('Text::Template' => ''); sub Version { - $Text::Template::VERSION; + $Text::Template::VERSION; } sub _param { - my $kk; - my ($k, %h) = @_; - for $kk ($k, "\u$k", "\U$k", "-$k", "-\u$k", "-\U$k") { - return $h{$kk} if exists $h{$kk}; - } - return; + my ($k, %h) = @_; + + for my $kk ($k, "\u$k", "\U$k", "-$k", "-\u$k", "-\U$k") { + return $h{$kk} if exists $h{$kk}; + } + + return undef; } -sub always_prepend -{ - my $pack = shift; - my $old = $GLOBAL_PREPEND{$pack}; - $GLOBAL_PREPEND{$pack} = shift; - $old; +sub always_prepend { + my $pack = shift; + + my $old = $GLOBAL_PREPEND{$pack}; + + $GLOBAL_PREPEND{$pack} = shift; + + $old; } { - my %LEGAL_TYPE; - BEGIN { - %LEGAL_TYPE = map {$_=>1} qw(FILE FILEHANDLE STRING ARRAY); - } - sub new { - my $pack = shift; - my %a = @_; - my $stype = uc(_param('type', %a) || "FILE"); - my $source = _param('source', %a); - my $untaint = _param('untaint', %a); - my $prepend = _param('prepend', %a); - my $alt_delim = _param('delimiters', %a); - my $broken = _param('broken', %a); - unless (defined $source) { - require Carp; - Carp::croak("Usage: $ {pack}::new(TYPE => ..., SOURCE => ...)"); + my %LEGAL_TYPE; + + BEGIN { + %LEGAL_TYPE = map { $_ => 1 } qw(FILE FILEHANDLE STRING ARRAY); } - unless ($LEGAL_TYPE{$stype}) { - require Carp; - Carp::croak("Illegal value `$stype' for TYPE parameter"); + + sub new { + my ($pack, %a) = @_; + + my $stype = uc(_param('type', %a) || "FILE"); + my $source = _param('source', %a); + my $untaint = _param('untaint', %a); + my $prepend = _param('prepend', %a); + my $alt_delim = _param('delimiters', %a); + my $broken = _param('broken', %a); + my $encoding = _param('encoding', %a); + + unless (defined $source) { + require Carp; + Carp::croak("Usage: $ {pack}::new(TYPE => ..., SOURCE => ...)"); + } + + unless ($LEGAL_TYPE{$stype}) { + require Carp; + Carp::croak("Illegal value `$stype' for TYPE parameter"); + } + + my $self = { + TYPE => $stype, + PREPEND => $prepend, + UNTAINT => $untaint, + BROKEN => $broken, + ENCODING => $encoding, + (defined $alt_delim ? (DELIM => $alt_delim) : ()) + }; + + # Under 5.005_03, if any of $stype, $prepend, $untaint, or $broken + # are tainted, all the others become tainted too as a result of + # sharing the expression with them. We install $source separately + # to prevent it from acquiring a spurious taint. + $self->{SOURCE} = $source; + + bless $self => $pack; + return unless $self->_acquire_data; + + $self; } - my $self = {TYPE => $stype, - PREPEND => $prepend, - UNTAINT => $untaint, - BROKEN => $broken, - (defined $alt_delim ? (DELIM => $alt_delim) : ()), - }; - # Under 5.005_03, if any of $stype, $prepend, $untaint, or $broken - # are tainted, all the others become tainted too as a result of - # sharing the expression with them. We install $source separately - # to prevent it from acquiring a spurious taint. - $self->{SOURCE} = $source; - - bless $self => $pack; - return unless $self->_acquire_data; - - $self; - } } # Convert template objects of various types to type STRING, # in which the template data is embedded in the object itself. sub _acquire_data { - my ($self) = @_; - my $type = $self->{TYPE}; - if ($type eq 'STRING') { - # nothing necessary - } elsif ($type eq 'FILE') { - my $data = _load_text($self->{SOURCE}); - unless (defined $data) { - # _load_text already set $ERROR - return undef; + my $self = shift; + + my $type = $self->{TYPE}; + + if ($type eq 'STRING') { + # nothing necessary } - if ($self->{UNTAINT} && _is_clean($self->{SOURCE})) { - _unconditionally_untaint($data); + elsif ($type eq 'FILE') { + my $data = _load_text($self->{SOURCE}); + unless (defined $data) { + + # _load_text already set $ERROR + return undef; + } + + if ($self->{UNTAINT} && _is_clean($self->{SOURCE})) { + _unconditionally_untaint($data); + } + + if (defined $self->{ENCODING}) { + require Encode; + $data = Encode::decode($self->{ENCODING}, $data, &Encode::FB_CROAK); + } + + $self->{TYPE} = 'STRING'; + $self->{FILENAME} = $self->{SOURCE}; + $self->{SOURCE} = $data; } - $self->{TYPE} = 'STRING'; - $self->{FILENAME} = $self->{SOURCE}; - $self->{SOURCE} = $data; - } elsif ($type eq 'ARRAY') { - $self->{TYPE} = 'STRING'; - $self->{SOURCE} = join '', @{$self->{SOURCE}}; - } elsif ($type eq 'FILEHANDLE') { - $self->{TYPE} = 'STRING'; - local $/; - my $fh = $self->{SOURCE}; - my $data = <$fh>; # Extra assignment avoids bug in Solaris perl5.00[45]. - if ($self->{UNTAINT}) { - _unconditionally_untaint($data); + elsif ($type eq 'ARRAY') { + $self->{TYPE} = 'STRING'; + $self->{SOURCE} = join '', @{ $self->{SOURCE} }; + } + elsif ($type eq 'FILEHANDLE') { + $self->{TYPE} = 'STRING'; + local $/; + my $fh = $self->{SOURCE}; + my $data = <$fh>; # Extra assignment avoids bug in Solaris perl5.00[45]. + if ($self->{UNTAINT}) { + _unconditionally_untaint($data); + } + $self->{SOURCE} = $data; } - $self->{SOURCE} = $data; - } else { - # This should have been caught long ago, so it represents a - # drastic `can't-happen' sort of failure - my $pack = ref $self; - die "Can only acquire data for $pack objects of subtype STRING, but this is $type; aborting"; - } - $self->{DATA_ACQUIRED} = 1; + else { + # This should have been caught long ago, so it represents a + # drastic `can't-happen' sort of failure + my $pack = ref $self; + die "Can only acquire data for $pack objects of subtype STRING, but this is $type; aborting"; + } + + $self->{DATA_ACQUIRED} = 1; } sub source { - my ($self) = @_; - $self->_acquire_data unless $self->{DATA_ACQUIRED}; - return $self->{SOURCE}; + my $self = shift; + + $self->_acquire_data unless $self->{DATA_ACQUIRED}; + + return $self->{SOURCE}; } sub set_source_data { - my ($self, $newdata) = @_; - $self->{SOURCE} = $newdata; - $self->{DATA_ACQUIRED} = 1; - $self->{TYPE} = 'STRING'; - 1; + my ($self, $newdata, $type) = @_; + + $self->{SOURCE} = $newdata; + $self->{DATA_ACQUIRED} = 1; + $self->{TYPE} = $type || 'STRING'; + + 1; } sub compile { - my $self = shift; - - return 1 if $self->{TYPE} eq 'PREPARSED'; - - return undef unless $self->_acquire_data; - unless ($self->{TYPE} eq 'STRING') { - my $pack = ref $self; - # This should have been caught long ago, so it represents a - # drastic `can't-happen' sort of failure - die "Can only compile $pack objects of subtype STRING, but this is $self->{TYPE}; aborting"; - } - - my @tokens; - my $delim_pats = shift() || $self->{DELIM}; - - - - my ($t_open, $t_close) = ('{', '}'); - my $DELIM; # Regex matches a delimiter if $delim_pats - if (defined $delim_pats) { - ($t_open, $t_close) = @$delim_pats; - $DELIM = "(?:(?:\Q$t_open\E)|(?:\Q$t_close\E))"; - @tokens = split /($DELIM|\n)/, $self->{SOURCE}; - } else { - @tokens = split /(\\\\(?=\\*[{}])|\\[{}]|[{}\n])/, $self->{SOURCE}; - } - my $state = 'TEXT'; - my $depth = 0; - my $lineno = 1; - my @content; - my $cur_item = ''; - my $prog_start; - while (@tokens) { - my $t = shift @tokens; - next if $t eq ''; - if ($t eq $t_open) { # Brace or other opening delimiter - if ($depth == 0) { - push @content, [$state, $cur_item, $lineno] if $cur_item ne ''; - $cur_item = ''; - $state = 'PROG'; - $prog_start = $lineno; - } else { - $cur_item .= $t; - } - $depth++; - } elsif ($t eq $t_close) { # Brace or other closing delimiter - $depth--; - if ($depth < 0) { - $ERROR = "Unmatched close brace at line $lineno"; - return undef; - } elsif ($depth == 0) { - push @content, [$state, $cur_item, $prog_start] if $cur_item ne ''; - $state = 'TEXT'; - $cur_item = ''; - } else { - $cur_item .= $t; - } - } elsif (!$delim_pats && $t eq '\\\\') { # precedes \\\..\\\{ or \\\..\\\} - $cur_item .= '\\'; - } elsif (!$delim_pats && $t =~ /^\\([{}])$/) { # Escaped (literal) brace? - $cur_item .= $1; - } elsif ($t eq "\n") { # Newline - $lineno++; - $cur_item .= $t; - } else { # Anything else - $cur_item .= $t; + my $self = shift; + + return 1 if $self->{TYPE} eq 'PREPARSED'; + + return undef unless $self->_acquire_data; + + unless ($self->{TYPE} eq 'STRING') { + my $pack = ref $self; + + # This should have been caught long ago, so it represents a + # drastic `can't-happen' sort of failure + die "Can only compile $pack objects of subtype STRING, but this is $self->{TYPE}; aborting"; } - } - if ($state eq 'PROG') { - $ERROR = "End of data inside program text that began at line $prog_start"; - return undef; - } elsif ($state eq 'TEXT') { - push @content, [$state, $cur_item, $lineno] if $cur_item ne ''; - } else { - die "Can't happen error #1"; - } - - $self->{TYPE} = 'PREPARSED'; - $self->{SOURCE} = \@content; - 1; + my @tokens; + my $delim_pats = shift() || $self->{DELIM}; + + my ($t_open, $t_close) = ('{', '}'); + my $DELIM; # Regex matches a delimiter if $delim_pats + + if (defined $delim_pats) { + ($t_open, $t_close) = @$delim_pats; + $DELIM = "(?:(?:\Q$t_open\E)|(?:\Q$t_close\E))"; + @tokens = split /($DELIM|\n)/, $self->{SOURCE}; + } + else { + @tokens = split /(\\\\(?=\\*[{}])|\\[{}]|[{}\n])/, $self->{SOURCE}; + } + + my $state = 'TEXT'; + my $depth = 0; + my $lineno = 1; + my @content; + my $cur_item = ''; + my $prog_start; + + while (@tokens) { + my $t = shift @tokens; + + next if $t eq ''; + + if ($t eq $t_open) { # Brace or other opening delimiter + if ($depth == 0) { + push @content, [ $state, $cur_item, $lineno ] if $cur_item ne ''; + $cur_item = ''; + $state = 'PROG'; + $prog_start = $lineno; + } + else { + $cur_item .= $t; + } + $depth++; + } + elsif ($t eq $t_close) { # Brace or other closing delimiter + $depth--; + if ($depth < 0) { + $ERROR = "Unmatched close brace at line $lineno"; + return undef; + } + elsif ($depth == 0) { + push @content, [ $state, $cur_item, $prog_start ] if $cur_item ne ''; + $state = 'TEXT'; + $cur_item = ''; + } + else { + $cur_item .= $t; + } + } + elsif (!$delim_pats && $t eq '\\\\') { # precedes \\\..\\\{ or \\\..\\\} + $cur_item .= '\\'; + } + elsif (!$delim_pats && $t =~ /^\\([{}])$/) { # Escaped (literal) brace? + $cur_item .= $1; + } + elsif ($t eq "\n") { # Newline + $lineno++; + $cur_item .= $t; + } + else { # Anything else + $cur_item .= $t; + } + } + + if ($state eq 'PROG') { + $ERROR = "End of data inside program text that began at line $prog_start"; + return undef; + } + elsif ($state eq 'TEXT') { + push @content, [ $state, $cur_item, $lineno ] if $cur_item ne ''; + } + else { + die "Can't happen error #1"; + } + + $self->{TYPE} = 'PREPARSED'; + $self->{SOURCE} = \@content; + + 1; } sub prepend_text { - my ($self) = @_; - my $t = $self->{PREPEND}; - unless (defined $t) { - $t = $GLOBAL_PREPEND{ref $self}; + my $self = shift; + + my $t = $self->{PREPEND}; + unless (defined $t) { - $t = $GLOBAL_PREPEND{'Text::Template'}; + $t = $GLOBAL_PREPEND{ ref $self }; + unless (defined $t) { + $t = $GLOBAL_PREPEND{'Text::Template'}; + } } - } - $self->{PREPEND} = $_[1] if $#_ >= 1; - return $t; + + $self->{PREPEND} = $_[1] if $#_ >= 1; + + return $t; } sub fill_in { - my $fi_self = shift; - my %fi_a = @_; - - unless ($fi_self->{TYPE} eq 'PREPARSED') { - my $delims = _param('delimiters', %fi_a); - my @delim_arg = (defined $delims ? ($delims) : ()); - $fi_self->compile(@delim_arg) - or return undef; - } - - my $fi_varhash = _param('hash', %fi_a); - my $fi_package = _param('package', %fi_a) ; - my $fi_broken = - _param('broken', %fi_a) || $fi_self->{BROKEN} || \&_default_broken; - my $fi_broken_arg = _param('broken_arg', %fi_a) || []; - my $fi_safe = _param('safe', %fi_a); - my $fi_ofh = _param('output', %fi_a); - my $fi_eval_package; - my $fi_scrub_package = 0; - my $fi_filename = _param('filename') || $fi_self->{FILENAME} || 'template'; - - my $fi_prepend = _param('prepend', %fi_a); - unless (defined $fi_prepend) { - $fi_prepend = $fi_self->prepend_text; - } - - if (defined $fi_safe) { - $fi_eval_package = 'main'; - } elsif (defined $fi_package) { - $fi_eval_package = $fi_package; - } elsif (defined $fi_varhash) { - $fi_eval_package = _gensym(); - $fi_scrub_package = 1; - } else { - $fi_eval_package = caller; - } - - my $fi_install_package; - if (defined $fi_varhash) { - if (defined $fi_package) { - $fi_install_package = $fi_package; - } elsif (defined $fi_safe) { - $fi_install_package = $fi_safe->root; - } else { - $fi_install_package = $fi_eval_package; # The gensymmed one + my ($fi_self, %fi_a) = @_; + + unless ($fi_self->{TYPE} eq 'PREPARSED') { + my $delims = _param('delimiters', %fi_a); + my @delim_arg = (defined $delims ? ($delims) : ()); + $fi_self->compile(@delim_arg) + or return undef; } - _install_hash($fi_varhash => $fi_install_package); - } - - if (defined $fi_package && defined $fi_safe) { - no strict 'refs'; - # Big fat magic here: Fix it so that the user-specified package - # is the default one available in the safe compartment. - *{$fi_safe->root . '::'} = \%{$fi_package . '::'}; # LOD - } - - my $fi_r = ''; - my $fi_item; - foreach $fi_item (@{$fi_self->{SOURCE}}) { - my ($fi_type, $fi_text, $fi_lineno) = @$fi_item; - if ($fi_type eq 'TEXT') { - $fi_self->append_text_to_output( - text => $fi_text, - handle => $fi_ofh, - out => \$fi_r, - type => $fi_type, - ); - } elsif ($fi_type eq 'PROG') { - no strict; - my $fi_lcomment = "#line $fi_lineno $fi_filename"; - my $fi_progtext = - "package $fi_eval_package; $fi_prepend;\n$fi_lcomment\n$fi_text;"; - my $fi_res; - my $fi_eval_err = ''; - if ($fi_safe) { - $fi_safe->reval(q{undef $OUT}); - $fi_res = $fi_safe->reval($fi_progtext); - $fi_eval_err = $@; - my $OUT = $fi_safe->reval('$OUT'); - $fi_res = $OUT if defined $OUT; - } else { - my $OUT; - $fi_res = eval $fi_progtext; - $fi_eval_err = $@; - $fi_res = $OUT if defined $OUT; - } - # If the value of the filled-in text really was undef, - # change it to an explicit empty string to avoid undefined - # value warnings later. - $fi_res = '' unless defined $fi_res; - - if ($fi_eval_err) { - $fi_res = $fi_broken->(text => $fi_text, - error => $fi_eval_err, - lineno => $fi_lineno, - arg => $fi_broken_arg, - ); - if (defined $fi_res) { - $fi_self->append_text_to_output( - text => $fi_res, - handle => $fi_ofh, - out => \$fi_r, - type => $fi_type, - ); - } else { - return $fi_res; # Undefined means abort processing - } - } else { - $fi_self->append_text_to_output( - text => $fi_res, - handle => $fi_ofh, - out => \$fi_r, - type => $fi_type, - ); - } - } else { - die "Can't happen error #2"; + my $fi_varhash = _param('hash', %fi_a); + my $fi_package = _param('package', %fi_a); + my $fi_broken = _param('broken', %fi_a) || $fi_self->{BROKEN} || \&_default_broken; + my $fi_broken_arg = _param('broken_arg', %fi_a) || []; + my $fi_safe = _param('safe', %fi_a); + my $fi_ofh = _param('output', %fi_a); + my $fi_filename = _param('filename', %fi_a) || $fi_self->{FILENAME} || 'template'; + my $fi_strict = _param('strict', %fi_a); + my $fi_prepend = _param('prepend', %fi_a); + + my $fi_eval_package; + my $fi_scrub_package = 0; + + unless (defined $fi_prepend) { + $fi_prepend = $fi_self->prepend_text; + } + + if (defined $fi_safe) { + $fi_eval_package = 'main'; + } + elsif (defined $fi_package) { + $fi_eval_package = $fi_package; + } + elsif (defined $fi_varhash) { + $fi_eval_package = _gensym(); + $fi_scrub_package = 1; + } + else { + $fi_eval_package = caller; + } + + my @fi_varlist; + my $fi_install_package; + + if (defined $fi_varhash) { + if (defined $fi_package) { + $fi_install_package = $fi_package; + } + elsif (defined $fi_safe) { + $fi_install_package = $fi_safe->root; + } + else { + $fi_install_package = $fi_eval_package; # The gensymmed one + } + @fi_varlist = _install_hash($fi_varhash => $fi_install_package); + if ($fi_strict) { + $fi_prepend = "use vars qw(@fi_varlist);$fi_prepend" if @fi_varlist; + $fi_prepend = "use strict;$fi_prepend"; + } } - } - _scrubpkg($fi_eval_package) if $fi_scrub_package; - defined $fi_ofh ? 1 : $fi_r; + if (defined $fi_package && defined $fi_safe) { + no strict 'refs'; + + # Big fat magic here: Fix it so that the user-specified package + # is the default one available in the safe compartment. + *{ $fi_safe->root . '::' } = \%{ $fi_package . '::' }; # LOD + } + + my $fi_r = ''; + my $fi_item; + foreach $fi_item (@{ $fi_self->{SOURCE} }) { + my ($fi_type, $fi_text, $fi_lineno) = @$fi_item; + if ($fi_type eq 'TEXT') { + $fi_self->append_text_to_output( + text => $fi_text, + handle => $fi_ofh, + out => \$fi_r, + type => $fi_type,); + } + elsif ($fi_type eq 'PROG') { + no strict; + + my $fi_lcomment = "#line $fi_lineno $fi_filename"; + my $fi_progtext = "package $fi_eval_package; $fi_prepend;\n$fi_lcomment\n$fi_text;\n;"; + my $fi_res; + my $fi_eval_err = ''; + + if ($fi_safe) { + no strict; + no warnings; + + $fi_safe->reval(q{undef $OUT}); + $fi_res = $fi_safe->reval($fi_progtext); + $fi_eval_err = $@; + my $OUT = $fi_safe->reval('$OUT'); + $fi_res = $OUT if defined $OUT; + } + else { + no strict; + no warnings; + + my $OUT; + $fi_res = eval $fi_progtext; + $fi_eval_err = $@; + $fi_res = $OUT if defined $OUT; + } + + # If the value of the filled-in text really was undef, + # change it to an explicit empty string to avoid undefined + # value warnings later. + $fi_res = '' unless defined $fi_res; + + if ($fi_eval_err) { + $fi_res = $fi_broken->( + text => $fi_text, + error => $fi_eval_err, + lineno => $fi_lineno, + arg => $fi_broken_arg,); + if (defined $fi_res) { + $fi_self->append_text_to_output( + text => $fi_res, + handle => $fi_ofh, + out => \$fi_r, + type => $fi_type,); + } + else { + return $fi_r; # Undefined means abort processing + } + } + else { + $fi_self->append_text_to_output( + text => $fi_res, + handle => $fi_ofh, + out => \$fi_r, + type => $fi_type,); + } + } + else { + die "Can't happen error #2"; + } + } + + _scrubpkg($fi_eval_package) if $fi_scrub_package; + + defined $fi_ofh ? 1 : $fi_r; } sub append_text_to_output { - my ($self, %arg) = @_; + my ($self, %arg) = @_; - if (defined $arg{handle}) { - print { $arg{handle} } $arg{text}; - } else { - ${ $arg{out} } .= $arg{text}; - } + if (defined $arg{handle}) { + print { $arg{handle} } $arg{text}; + } + else { + ${ $arg{out} } .= $arg{text}; + } - return; + return; } sub fill_this_in { - my $pack = shift; - my $text = shift; - my $templ = $pack->new(TYPE => 'STRING', SOURCE => $text, @_) - or return undef; - $templ->compile or return undef; - my $result = $templ->fill_in(@_); - $result; + my ($pack, $text) = splice @_, 0, 2; + + my $templ = $pack->new(TYPE => 'STRING', SOURCE => $text, @_) + or return undef; + + $templ->compile or return undef; + + my $result = $templ->fill_in(@_); + + $result; } sub fill_in_string { - my $string = shift; - my $package = _param('package', @_); - push @_, 'package' => scalar(caller) unless defined $package; - Text::Template->fill_this_in($string, @_); + my $string = shift; + + my $package = _param('package', @_); + + push @_, 'package' => scalar(caller) unless defined $package; + + Text::Template->fill_this_in($string, @_); } sub fill_in_file { - my $fn = shift; - my $templ = Text::Template->new(TYPE => 'FILE', SOURCE => $fn, @_) - or return undef; - $templ->compile or return undef; - my $text = $templ->fill_in(@_); - $text; + my $fn = shift; + my $templ = Text::Template->new(TYPE => 'FILE', SOURCE => $fn, @_) or return undef; + + $templ->compile or return undef; + + my $text = $templ->fill_in(@_); + + $text; } sub _default_broken { - my %a = @_; - my $prog_text = $a{text}; - my $err = $a{error}; - my $lineno = $a{lineno}; - chomp $err; -# $err =~ s/\s+at .*//s; - "Program fragment delivered error ``$err''"; + my %a = @_; + + my $prog_text = $a{text}; + my $err = $a{error}; + my $lineno = $a{lineno}; + + chomp $err; + + # $err =~ s/\s+at .*//s; + "Program fragment delivered error ``$err''"; } sub _load_text { - my $fn = shift; - local *F; - unless (open F, $fn) { - $ERROR = "Couldn't open file $fn: $!"; - return undef; - } - local $/; - ; + my $fn = shift; + + open my $fh, '<', $fn or do { + $ERROR = "Couldn't open file $fn: $!"; + return undef; + }; + + local $/; + + <$fh>; } sub _is_clean { - my $z; - eval { ($z = join('', @_)), eval '#' . substr($z,0,0); 1 } # LOD + my $z; + + eval { ($z = join('', @_)), eval '#' . substr($z, 0, 0); 1 } # LOD } sub _unconditionally_untaint { - for (@_) { - ($_) = /(.*)/s; - } + for (@_) { + ($_) = /(.*)/s; + } } { - my $seqno = 0; - sub _gensym { - __PACKAGE__ . '::GEN' . $seqno++; - } - sub _scrubpkg { - my $s = shift; - $s =~ s/^Text::Template:://; - no strict 'refs'; - my $hash = $Text::Template::{$s."::"}; - foreach my $key (keys %$hash) { - undef $hash->{$key}; + my $seqno = 0; + + sub _gensym { + __PACKAGE__ . '::GEN' . $seqno++; + } + + sub _scrubpkg { + my $s = shift; + + $s =~ s/^Text::Template:://; + + no strict 'refs'; + + my $hash = $Text::Template::{ $s . "::" }; + + foreach my $key (keys %$hash) { + undef $hash->{$key}; + } + + %$hash = (); + + delete $Text::Template::{ $s . "::" }; } - } } - + # Given a hashful of variables (or a list of such hashes) # install the variables into the specified package, # overwriting whatever variables were there before. sub _install_hash { - my $hashlist = shift; - my $dest = shift; - if (UNIVERSAL::isa($hashlist, 'HASH')) { - $hashlist = [$hashlist]; - } - my $hash; - foreach $hash (@$hashlist) { - my $name; - foreach $name (keys %$hash) { - my $val = $hash->{$name}; - no strict 'refs'; - local *SYM = *{"$ {dest}::$name"}; - if (! defined $val) { - delete ${"$ {dest}::"}{$name}; - } elsif (ref $val) { - *SYM = $val; - } else { - *SYM = \$val; - } + my $hashlist = shift; + my $dest = shift; + + if (UNIVERSAL::isa($hashlist, 'HASH')) { + $hashlist = [$hashlist]; } - } + + my @varlist; + + for my $hash (@$hashlist) { + for my $name (keys %$hash) { + my $val = $hash->{$name}; + + no strict 'refs'; + no warnings 'redefine'; + + local *SYM = *{"$ {dest}::$name"}; + + if (!defined $val) { + delete ${"$ {dest}::"}{$name}; + my $match = qr/^.\Q$name\E$/; + @varlist = grep { $_ !~ $match } @varlist; + } + elsif (ref $val) { + *SYM = $val; + push @varlist, do { + if (UNIVERSAL::isa($val, 'ARRAY')) { '@' } + elsif (UNIVERSAL::isa($val, 'HASH')) { '%' } + else { '$' } + } + . $name; + } + else { + *SYM = \$val; + push @varlist, '$' . $name; + } + } + } + + @varlist; } sub TTerror { $ERROR } 1; +__END__ -=head1 NAME +=pod + +=encoding UTF-8 + +=head1 NAME Text::Template - Expand template text with embedded Perl =head1 VERSION -This file documents C version B<1.46> +version 1.56 =head1 SYNOPSIS @@ -510,8 +637,8 @@ This file documents C version B<1.46> # Pass many variables explicitly $hash = { recipient => 'Abed-Nego', friends => [ 'me', 'you' ], - enemies => { loathsome => 'Bill Gates', - fearsome => 'Larry Ellison' }, + enemies => { loathsome => 'Saruman', + fearsome => 'Sauron' }, }; $text = $template->fill_in(HASH => $hash, ...); # $recipient is Abed-Nego, @@ -568,56 +695,53 @@ encourages functional separation. Here's an example of a template, which we'll suppose is stored in the file C: - Dear {$title} {$lastname}, - - It has come to our attention that you are delinquent in your - {$monthname[$last_paid_month]} payment. Please remit - ${sprintf("%.2f", $amount)} immediately, or your patellae may - be needlessly endangered. + Dear {$title} {$lastname}, - Love, + It has come to our attention that you are delinquent in your + {$monthname[$last_paid_month]} payment. Please remit + ${sprintf("%.2f", $amount)} immediately, or your patellae may + be needlessly endangered. - Mark "Vizopteryx" Dominus + Love, + Mark "Vizopteryx" Dominus The result of filling in this template is a string, which might look something like this: - Dear Mr. Gates, + Dear Mr. Smith, - It has come to our attention that you are delinquent in your - February payment. Please remit - $392.12 immediately, or your patellae may - be needlessly endangered. + It has come to our attention that you are delinquent in your + February payment. Please remit + $392.12 immediately, or your patellae may + be needlessly endangered. - Love, + Love, - Mark "Vizopteryx" Dominus + Mark "Vizopteryx" Dominus Here is a complete program that transforms the example template into the example result, and prints it out: - use Text::Template; + use Text::Template; - my $template = Text::Template->new(SOURCE => 'formletter.tmpl') - or die "Couldn't construct template: $Text::Template::ERROR"; + my $template = Text::Template->new(SOURCE => 'formletter.tmpl') + or die "Couldn't construct template: $Text::Template::ERROR"; - my @monthname = qw(January February March April May June - July August September October November December); - my %vars = (title => 'Mr.', - firstname => 'Bill', - lastname => 'Gates', - last_paid_month => 1, # February - amount => 392.12, - monthname => \@monthname, - ); + my @monthname = qw(January February March April May June + July August September October November December); + my %vars = (title => 'Mr.', + firstname => 'John', + lastname => 'Smith', + last_paid_month => 1, # February + amount => 392.12, + monthname => \@monthname); - my $result = $template->fill_in(HASH => \%vars); - - if (defined $result) { print $result } - else { die "Couldn't fill in template: $Text::Template::ERROR" } + my $result = $template->fill_in(HASH => \%vars); + if (defined $result) { print $result } + else { die "Couldn't fill in template: $Text::Template::ERROR" } =head2 Philosophy @@ -654,18 +778,18 @@ A backslash C<\> in front of a brace (or another backslash that is in front of a brace) escapes its special meaning. The result of filling out this template: - \{ The sum of 1 and 2 is {1+2} \} + \{ The sum of 1 and 2 is {1+2} \} is - { The sum of 1 and 2 is 3 } + { The sum of 1 and 2 is 3 } If you have an unmatched brace, C will return a failure code and a warning about where the problem is. Backslashes that do not precede a brace are passed through unchanged. If you have a template like this: - { "String that ends in a newline.\n" } + { "String that ends in a newline.\n" } The backslash inside the string is passed through to Perl unchanged, so the C<\n> really does turn into a newline. See the note at the end @@ -675,37 +799,37 @@ C option. (See L<"Alternative Delimiters">, below.) Each program fragment should be a sequence of Perl statements, which are evaluated the usual way. The result of the last statement -executed will be evaluted in scalar context; the result of this +executed will be evaluated in scalar context; the result of this statement is a string, which is interpolated into the template in place of the program fragment itself. The fragments are evaluated in order, and side effects from earlier fragments will persist into later fragments: - {$x = @things; ''}The Lord High Chamberlain has gotten {$x} - things for me this year. - { $diff = $x - 17; - $more = 'more' - if ($diff == 0) { - $diff = 'no'; - } elsif ($diff < 0) { - $more = 'fewer'; - } - ''; - } - That is {$diff} {$more} than he gave me last year. + {$x = @things; ''}The Lord High Chamberlain has gotten {$x} + things for me this year. + { $diff = $x - 17; + $more = 'more' + if ($diff == 0) { + $diff = 'no'; + } elsif ($diff < 0) { + $more = 'fewer'; + } + ''; + } + That is {$diff} {$more} than he gave me last year. The value of C<$x> set in the first line will persist into the next fragment that begins on the third line, and the values of C<$diff> and C<$more> set in the second fragment will persist and be interpolated into the last line. The output will look something like this: - The Lord High Chamberlain has gotten 42 - things for me this year. + The Lord High Chamberlain has gotten 42 + things for me this year. - That is 25 more than he gave me last year. + That is 25 more than he gave me last year. -That is all the syntax there is. +That is all the syntax there is. =head2 The C<$OUT> variable @@ -714,21 +838,21 @@ motivation for it: Suppose you are going to pass an array, C<@items>, into the template, and you want the template to generate a bulleted list with a header, like this: - Here is a list of the things I have got for you since 1907: - * Ivory - * Apes - * Peacocks - * ... + Here is a list of the things I have got for you since 1907: + * Ivory + * Apes + * Peacocks + * ... One way to do it is with a template like this: - Here is a list of the things I have got for you since 1907: - { my $blist = ''; - foreach $i (@items) { - $blist .= qq{ * $i\n}; - } - $blist; - } + Here is a list of the things I have got for you since 1907: + { my $blist = ''; + foreach $i (@items) { + $blist .= qq{ * $i\n}; + } + $blist; + } Here we construct the list in a variable called C<$blist>, which we return at the end. This is a little cumbersome. There is a shortcut. @@ -740,11 +864,11 @@ behavior, of replacing the fragment with its return value, is disabled; instead the fragment is replaced with the value of C<$OUT>. This means that you can write the template above like this: - Here is a list of the things I have got for you since 1907: - { foreach $i (@items) { - $OUT .= " * $i\n"; - } - } + Here is a list of the things I have got for you since 1907: + { foreach $i (@items) { + $OUT .= " * $i\n"; + } + } C<$OUT> is reinitialized to the empty string at the start of each program fragment. It is private to C, so @@ -758,11 +882,11 @@ variable C<$Text::Template::ERROR> to contain an explanation of what went wrong. For example, if you try to create a template from a file that does not exist, C<$Text::Template::ERROR> will contain something like: - Couldn't open file xyz.tmpl: No such file or directory + Couldn't open file xyz.tmpl: No such file or directory =head2 C - $template = new Text::Template ( TYPE => ..., SOURCE => ... ); + $template = Text::Template->new( TYPE => ..., SOURCE => ... ); This creates and returns a new template object. C returns C and sets C<$Text::Template::ERROR> if it can't create the @@ -771,7 +895,7 @@ come from. C says what kind of object the source is. The most common type of source is a file: - new Text::Template ( TYPE => 'FILE', SOURCE => $filename ); + Text::Template->new( TYPE => 'FILE', SOURCE => $filename ); This reads the template from the specified file. The filename is opened with the Perl C command, so it can be a pipe or anything @@ -780,18 +904,18 @@ else that makes sense with C. The C can also be C, in which case the C should be a string: - new Text::Template ( TYPE => 'STRING', - SOURCE => "This is the actual template!" ); + Text::Template->new( TYPE => 'STRING', + SOURCE => "This is the actual template!" ); The C can be C, in which case the source should be a reference to an array of strings. The concatenation of these strings is the template: - new Text::Template ( TYPE => 'ARRAY', - SOURCE => [ "This is ", "the actual", + Text::Template->new( TYPE => 'ARRAY', + SOURCE => [ "This is ", "the actual", " template!", ] - ); + ); The C can be FILEHANDLE, in which case the source should be an open filehandle (such as you got from the C or C @@ -799,22 +923,21 @@ packages, or a glob, or a reference to a glob). In this case C will read the text from the filehandle up to end-of-file, and that text is the template: - # Read template source code from STDIN: - new Text::Template ( TYPE => 'FILEHANDLE', - SOURCE => \*STDIN ); - + # Read template source code from STDIN: + Text::Template->new ( TYPE => 'FILEHANDLE', + SOURCE => \*STDIN ); If you omit the C attribute, it's taken to be C. C is required. If you omit it, the program will abort. The words C and C can be spelled any of the following ways: - TYPE SOURCE - Type Source - type source - -TYPE -SOURCE - -Type -Source - -type -source + TYPE SOURCE + Type Source + type source + -TYPE -SOURCE + -Type -Source + -type -source Pick a style you like and stick with it. @@ -828,6 +951,18 @@ string is the string that signals the beginning of each program fragment, and the second string is the string that signals the end of each program fragment. See L<"Alternative Delimiters">, below. +=item C + +You may also add a C option. If this option is present, and the +C is a C, then the data will be decoded from the given encoding +using the L module. You can use any encoding that L recognizes. +E.g.: + + Text::Template->new( + TYPE => 'FILE', + ENCODING => 'UTF-8', + SOURCE => 'xyz.tmpl'); + =item C If your program is running in taint mode, you may have problems if @@ -865,7 +1000,7 @@ overridden in the arguments to C. See L> below. =head2 C - $template->compile() + $template->compile() Loads all the template text from the template's source, parses and compiles it. If successful, returns true; otherwise returns false and @@ -881,7 +1016,7 @@ Delimiters">, below. =head2 C - $template->fill_in(OPTIONS); + $template->fill_in(OPTIONS); Fills in a template. Returns the resulting text if successful. Otherwise, returns C and sets C<$Text::Template::ERROR>. @@ -891,17 +1026,17 @@ write the key names in any of the six usual styles as above; this means that where this manual says C (for example) you can actually use any of - PACKAGE Package package -PACKAGE -Package -package + PACKAGE Package package -PACKAGE -Package -package Pick a style you like and stick with it. The all-lowercase versions may yield spurious warnings about - Ambiguous use of package => resolved to "package" + Ambiguous use of package => resolved to "package" so you might like to avoid them and use the capitalized versions. At present, there are eight legal options: C, C, -C, C, C, C, and C. +C, C, C, C, C, and C. =over 4 @@ -911,7 +1046,7 @@ C specifies the name of a package in which the program fragments should be evaluated. The default is to use the package from which C was called. For example, consider this template: - The value of the variable x is {$x}. + The value of the variable x is {$x}. If you use C<$template-Efill_in(PACKAGE =E 'R')> , then the C<$x> in the template is actually replaced with the value of C<$R::x>. If you @@ -927,26 +1062,25 @@ See the section at the end on `Security'. Here's an example of using C: - Your Royal Highness, + Your Royal Highness, - Enclosed please find a list of things I have gotten - for you since 1907: + Enclosed please find a list of things I have gotten + for you since 1907: - { foreach $item (@items) { + { foreach $item (@items) { $item_no++; - $OUT .= " $item_no. \u$item\n"; - } - } + $OUT .= " $item_no. \u$item\n"; + } + } - Signed, - Lord High Chamberlain + Signed, + Lord High Chamberlain We want to pass in an array which will be assigned to the array C<@items>. Here's how to do that: - - @items = ('ivory', 'apes', 'peacocks', ); - $template->fill_in(); + @items = ('ivory', 'apes', 'peacocks', ); + $template->fill_in(); This is not very safe. The reason this isn't as safe is that if you had a variable named C<$item_no> in scope in your program at the point @@ -963,8 +1097,8 @@ are safe. But if you use the C option, you will probably be safe even if the template does I declare its variables with C: - @Q::items = ('ivory', 'apes', 'peacocks', ); - $template->fill_in(PACKAGE => 'Q'); + @Q::items = ('ivory', 'apes', 'peacocks', ); + $template->fill_in(PACKAGE => 'Q'); In this case the template will clobber the variable C<$Q::item_no>, which is not related to the one your program was using. @@ -982,10 +1116,13 @@ C provides an alternative. The value for C should be a reference to a hash that maps variable names to values. For example, - $template->fill_in(HASH => { recipient => "The King", - items => ['gold', 'frankincense', 'myrrh'], - object => \$self, - }); + $template->fill_in( + HASH => { + recipient => "The King", + items => ['gold', 'frankincense', 'myrrh'], + object => \$self, + } + ); will fill out the template and use C<"The King"> as the value of C<$recipient> and the list of items as the value of C<@items>. Note @@ -1024,11 +1161,11 @@ that array. If the I is a reference to a hash, then C<%key> is set to that hash. Similarly if I is any other kind of reference. This means that - var => "foo" + var => "foo" and - var => \"foo" + var => \"foo" have almost exactly the same effect. (The difference is that in the former case, the value is copied, and in the latter case it is @@ -1039,7 +1176,7 @@ aliased.) In particular, if you want the template to get an object or any kind, you must pass a reference to it: - $template->fill_in(HASH => { database_handle => \$dbh, ... }); + $template->fill_in(HASH => { database_handle => \$dbh, ... }); If you do this, the template will have a variable C<$database_handle> which is the database handle object. If you leave out the C<\>, the @@ -1065,16 +1202,18 @@ of variables. For example, one set of variables might be the defaults for a fill-in form, and the second set might be the user inputs, which override the defaults when they are present: - $template->fill_in(HASH => [\%defaults, \%user_input]); + $template->fill_in(HASH => [\%defaults, \%user_input]); You can also use this to set two variables with the same name: - $template->fill_in(HASH => [{ v => "The King" }, - { v => [1,2,3] }, - ] - ); + $template->fill_in( + HASH => [ + { v => "The King" }, + { v => [1,2,3] } + ] + ); -This sets C<$v> to C<"The King"> and C<@v> to C<(1,2,3)>. +This sets C<$v> to C<"The King"> and C<@v> to C<(1,2,3)>. =item C @@ -1100,19 +1239,19 @@ fragment that cased the error. If you don't specify a C function, C supplies a default one that returns something like - Program fragment delivered error ``Illegal division by 0 at - template line 37'' + Program fragment delivered error ``Illegal division by 0 at + template line 37'' (Note that the format of this message has changed slightly since version 1.31.) The return value of the C function is interpolated into the template at the place the error occurred, so that this template: - (3+4)*5 = { 3+4)*5 } + (3+4)*5 = { 3+4)*5 } yields this result: - (3+4)*5 = Program fragment delivered error ``syntax error at template line 1'' + (3+4)*5 = Program fragment delivered error ``syntax error at template line 1'' If you specify a value for the C attribute, it should be a reference to a function that C can call instead of the @@ -1156,23 +1295,24 @@ The C function could also use the C as a reference to store an error message or some other information that it wants to communicate back to the caller. For example: - $error = ''; + $error = ''; - sub my_broken { - my %args = @_; - my $err_ref = $args{arg}; - ... - $$err_ref = "Some error message"; - return undef; - } + sub my_broken { + my %args = @_; + my $err_ref = $args{arg}; + ... + $$err_ref = "Some error message"; + return undef; + } - $template->fill_in(BROKEN => \&my_broken, - BROKEN_ARG => \$error, - ); + $template->fill_in( + BROKEN => \&my_broken, + BROKEN_ARG => \$error + ); - if ($error) { - die "It didn't work: $error"; - } + if ($error) { + die "It didn't work: $error"; + } If one of the program fragments in the template fails, it will call the C function, C, and pass it the C, @@ -1181,6 +1321,29 @@ message into C<$error> this way. Then the function that called C can see if C has left an error message for it to find, and proceed accordingly. +=item C + +If you give C a C option, then this is the file name that +you loaded the template source from. This only affects the error message that +is given for template errors. If you loaded the template from C for +example, and pass C as the C parameter, errors will look +like C<... at foo.txt line N> rather than C<... at template line N>. + +Note that this does NOT have anything to do with loading a template from the +given filename. See C for that. + +For example: + + my $template = Text::Template->new( + TYPE => 'string', + SOURCE => 'The value is {1/0}'); + + $template->fill_in(FILENAME => 'foo.txt') or die $Text::Template::ERROR; + +will die with an error that contains + + Illegal division by zero at at foo.txt line 1 + =item C If you give C a C option, its value should be a safe @@ -1213,7 +1376,7 @@ the C option to C, the value should be a filehandle. The generated text will be printed to this filehandle as it is constructed. For example: - $template->fill_in(OUTPUT => \*STDOUT, ...); + $template->fill_in(OUTPUT => \*STDOUT, ...); fills in the C<$template> as usual, but the results are immediately printed to STDOUT. This may result in the output appearing more @@ -1260,17 +1423,17 @@ any results. An example: - $Q::name = 'Donald'; - $Q::amount = 141.61; - $Q::part = 'hyoid bone'; + $Q::name = 'Donald'; + $Q::amount = 141.61; + $Q::part = 'hyoid bone'; - $text = Text::Template->fill_this_in( <<'EOM', PACKAGE => Q); - Dear {$name}, - You owe me \\${sprintf('%.2f', $amount)}. - Pay or I will break your {$part}. - Love, - Grand Vizopteryx of Irkutsk. - EOM + $text = Text::Template->fill_this_in( <<'EOM', PACKAGE => Q); + Dear {$name}, + You owe me \\${sprintf('%.2f', $amount)}. + Pay or I will break your {$part}. + Love, + Grand Vizopteryx of Irkutsk. + EOM Notice how we included the template in-line in the program by using a `here document' with the CE> notation. @@ -1290,14 +1453,14 @@ four years ago and it is too late to change it. C is exactly like C except that it is not a method and you can omit the C> and just say - print fill_in_string(<<'EOM', ...); - Dear {$name}, - ... - EOM + print fill_in_string(<<'EOM', ...); + Dear {$name}, + ... + EOM To use C, you need to say - use Text::Template 'fill_in_string'; + use Text::Template 'fill_in_string'; at the top of your program. You should probably use C instead of C. @@ -1306,7 +1469,7 @@ C instead of C. If you import C, you can say - $text = fill_in_file(filename, ...); + $text = fill_in_file(filename, ...); The C<...> are passed to C as above. The filename is the name of the file that contains the template you want to fill in. It @@ -1323,7 +1486,7 @@ People always ask for this. ``Why don't you have an include function?'' they want to know. The short answer is this is Perl, and Perl already has an include function. If you want it, you can just put - {qx{cat filename}} + {qx{cat filename}} into your template. VoilE. @@ -1331,19 +1494,19 @@ If you don't want to use C, you can write a little four-line function that opens a file and dumps out its contents, and call it from the template. I wrote one for you. In the template, you can say - {Text::Template::_load_text(filename)} + {Text::Template::_load_text(filename)} If that is too verbose, here is a trick. Suppose the template package that you are going to be mentioning in the C call is package C. Then in the main program, write - *Q::include = \&Text::Template::_load_text; + *Q::include = \&Text::Template::_load_text; This imports the C<_load_text> function into package C with the name C. From then on, any template that you fill in with package C can say - {include(filename)} + {include(filename)} to insert the text from the named file at that point. If you are using the C option instead, just put C @@ -1354,7 +1517,7 @@ Suppose you don't want to insert a plain text file, but rather you want to include one template within another? Just use C in the template itself: - {Text::Template::fill_in_file(filename)} + {Text::Template::fill_in_file(filename)} You can do the same importing trick if this is too much to type. @@ -1364,8 +1527,8 @@ You can do the same importing trick if this is too much to type. People are frequently surprised when this doesn't work: - my $recipient = 'The King'; - my $text = fill_in_file('formletter.tmpl'); + my $recipient = 'The King'; + my $text = fill_in_file('formletter.tmpl'); The text C doesn't get into the form letter. Why not? Because C<$recipient> is a C variable, and the whole point of @@ -1378,13 +1541,12 @@ private variable, and in this case you don't want the variable to be private. Put the variables into package variables in some other package, and use the C option to C: - $Q::recipient = $recipient; - my $text = fill_in_file('formletter.tmpl', PACKAGE => 'Q'); - + $Q::recipient = $recipient; + my $text = fill_in_file('formletter.tmpl', PACKAGE => 'Q'); or pass the names and values in a hash with the C option: - my $text = fill_in_file('formletter.tmpl', HASH => { recipient => $recipient }); + my $text = fill_in_file('formletter.tmpl', HASH => { recipient => $recipient }); =head2 Security Matters @@ -1397,19 +1559,19 @@ rest of your program and wreck something. Nevertheless, there's really no way (except with C) to protect against a template that says - { $Important::Secret::Security::Enable = 0; - # Disable security checks in this program - } + { $Important::Secret::Security::Enable = 0; + # Disable security checks in this program + } or - { $/ = "ho ho ho"; # Sabotage future uses of . - # $/ is always a global variable - } + { $/ = "ho ho ho"; # Sabotage future uses of . + # $/ is always a global variable + } or even - { system("rm -rf /") } + { system("rm -rf /") } so B go filling in templates unless you're sure you know what's in them. If you're worried, or you can't trust the person who wrote @@ -1437,7 +1599,7 @@ an alternative set of delimiters with the C option. For example, if you would like code fragments to be delimited by C<[@--> and C<--@]> instead of C<{> and C<}>, use - ... DELIMITERS => [ '[@--', '--@]' ], ... + ... DELIMITERS => [ '[@--', '--@]' ], ... Note that these delimiters are I, not regexes. (I tried for regexes, but it complicates the lexical analysis too much.) @@ -1450,16 +1612,16 @@ as they nest properly. This means that if for some reason you absolutely must have a program fragment that mentions one of the delimiters, like this: - [@-- - print "Oh no, a delimiter: --@]\n" - --@] + [@-- + print "Oh no, a delimiter: --@]\n" + --@] you may be able to make it work by doing this instead: - [@-- - # Fake matching delimiter in a comment: [@-- - print "Oh no, a delimiter: --@]\n" - --@] + [@-- + # Fake matching delimiter in a comment: [@-- + print "Oh no, a delimiter: --@]\n" + --@] It may be safer to choose delimiters that begin with a newline character. @@ -1476,22 +1638,22 @@ undeclared variables and the like. But each code fragment is a separate lexical scope, so you have to turn on C at the top of each and every code fragment: - { use strict; - use vars '$foo'; - $foo = 14; - ... - } + { use strict; + use vars '$foo'; + $foo = 14; + ... + } - ... + ... - { # we forgot to put `use strict' here - my $result = $boo + 12; # $boo is misspelled and should be $foo - # No error is raised on `$boo' - } + { # we forgot to put `use strict' here + my $result = $boo + 12; # $boo is misspelled and should be $foo + # No error is raised on `$boo' + } Because we didn't put C at the top of the second fragment, it was only active in the first fragment, and we didn't get any -C checking in the second fragment. Then we mispelled C<$foo> +C checking in the second fragment. Then we misspelled C<$foo> and the error wasn't caught. C version 1.22 and higher has a new feature to make @@ -1500,44 +1662,71 @@ added to the beginning of each program fragment. When you make a call to C, you can specify a - PREPEND => 'some perl statements here' + PREPEND => 'some perl statements here' option; the statements will be prepended to each program fragment for that one call only. Suppose that the C call included a - PREPEND => 'use strict;' + PREPEND => 'use strict;' option, and that the template looked like this: - { use vars '$foo'; - $foo = 14; - ... - } + { use vars '$foo'; + $foo = 14; + ... + } - ... + ... - { my $result = $boo + 12; # $boo is misspelled and should be $foo - ... - } + { my $result = $boo + 12; # $boo is misspelled and should be $foo + ... + } The code in the second fragment would fail, because C<$boo> has not been declared. C was implied, even though you did not write it explicitly, because the C option added it for you automatically. -There are two other ways to do this. At the time you create the +There are three other ways to do this. At the time you create the template object with C, you can also supply a C option, in which case the statements will be prepended each time you fill in that template. If the C call has its own C option, this overrides the one specified at the time you created the template. Finally, you can make the class method call - Text::Template->always_prepend('perl statements'); + Text::Template->always_prepend('perl statements'); If you do this, then call calls to C for I template will attach the perl statements to the beginning of each program fragment, except where overridden by C options to C or C. +An alternative to adding "use strict;" to the PREPEND option, you can +pass STRICT => 1 to fill_in when also passing the HASH option. + +Suppose that the C call included both + + HASH => {$foo => ''} and + STRICT => 1 + +options, and that the template looked like this: + + { + $foo = 14; + ... + } + + ... + + { my $result = $boo + 12; # $boo is misspelled and should be $foo + ... + } + +The code in the second fragment would fail, because C<$boo> has not +been declared. C was implied, even though you did not +write it explicitly, because the C option added it for you +automatically. Any variable referenced in the template that is not in the +C option will be an error. + =head2 Prepending in Derived Classes This section is technical, and you should skip it on the first few @@ -1553,7 +1742,7 @@ first one that it finds. In a subclass of C, this last possibility is ambiguous. Suppose C is a subclass of C. Should - Text::Template->always_prepend(...); + Text::Template->always_prepend(...); affect objects in class C? The answer is that you can have it either way. @@ -1567,11 +1756,11 @@ which the template object belongs. If it doesn't find any value, it looks in C<$GLOBAL_PREPEND{'Text::Template'}>. This means that objects in class C I be affected by - Text::Template->always_prepend(...); + Text::Template->always_prepend(...); I there is also a call to - Derived->always_prepend(...); + Derived->always_prepend(...); So when you're designing your derived class, you can arrange to have your objects ignore C calls by simply @@ -1586,8 +1775,8 @@ method to get an arbitrary effect. Jennifer D. St Clair asks: - > Most of my pages contain JavaScript and Stylesheets. - > How do I change the template identifier? + > Most of my pages contain JavaScript and Stylesheets. + > How do I change the template identifier? Jennifer is worried about the braces in the JavaScript being taken as the delimiters of the Perl program fragments. Of course, disaster @@ -1600,61 +1789,60 @@ some reason, there are two easy workarounds: 1. You can put C<\> in front of C<{>, C<}>, or C<\> to remove its special meaning. So, for example, instead of - if (br== "n3") { - // etc. - } + if (br== "n3") { + // etc. + } you can put - if (br== "n3") \{ - // etc. - \} + if (br== "n3") \{ + // etc. + \} and it'll come out of the template engine the way you want. But here is another method that is probably better. To see how it works, first consider what happens if you put this into a template: - { 'foo' } + { 'foo' } Since it's in braces, it gets evaluated, and obviously, this is going to turn into - foo + foo So now here's the trick: In Perl, C is the same as C<'...'>. So if we wrote - {q{foo}} + {q{foo}} it would turn into - foo + foo So for your JavaScript, just write - {q{if (br== "n3") { - // etc. - }} - } + {q{if (br== "n3") { + // etc. + }} + } and it'll come out as - if (br== "n3") { - // etc. - } + if (br== "n3") { + // etc. + } which is what you want. - -=head2 Shut Up! +head2 Shut Up! People sometimes try to put an initialization section at the top of their templates, like this: - { ... - $var = 17; - } + { ... + $var = 17; + } Then they complain because there is a C<17> at the top of the output that they didn't want to have there. @@ -1667,18 +1855,18 @@ and have the recipient filled in. To prevent the 17 from appearing in the output is very simple: - { ... - $var = 17; - ''; - } + { ... + $var = 17; + ''; + } Now the last expression evaluated yields the empty string, which is invisible. If you don't like the way this looks, use - { ... - $var = 17; - ($SILENTLY); - } + { ... + $var = 17; + ($SILENTLY); + } instead. Presumably, C<$SILENTLY> has no value, so nothing will be interpolated. This is what is known as a `trick'. @@ -1727,29 +1915,28 @@ C<\}> signal a literal brace. Examples: - \{ foo \} + \{ foo \} is I evaluated, because the C<\> before the braces signals that they should be taken literally. The result in the output looks like this: - { foo } - + { foo } This is a syntax error: - { "foo}" } + { "foo}" } because C thinks that the code ends at the first C<}>, and then gets upset when it sees the second one. To make this work correctly, use - { "foo\}" } + { "foo\}" } This passes C<"foo}"> to Perl for evaluation. Note there's no C<\> in the evaluated code. If you really want a C<\> in the evaluated code, use - { "foo\\\}" } + { "foo\\\}" } This passes C<"foo\}"> to Perl for evaluation. @@ -1769,20 +1956,20 @@ If it really, really bothers you, you can import a function called C that returns the current value of the C<$ERROR> variable. So you can say: - use Text::Template 'TTerror'; + use Text::Template 'TTerror'; - my $template = new Text::Template (SOURCE => $filename); - unless ($template) { - my $err = TTerror; - die "Couldn't make template: $err; aborting"; - } + my $template = Text::Template->new(SOURCE => $filename); + unless ($template) { + my $err = TTerror; + die "Couldn't make template: $err; aborting"; + } I don't see what benefit this has over just doing this: - use Text::Template; + use Text::Template; - my $template = new Text::Template (SOURCE => $filename) - or die "Couldn't make template: $Text::Template::ERROR; aborting"; + my $template = Text::Template->new(SOURCE => $filename) + or die "Couldn't make template: $Text::Template::ERROR; aborting"; But if it makes you happy to do it that way, go ahead. @@ -1796,12 +1983,12 @@ into their template output. It's totally straightforward. Just call the C functions from inside the template: - { $q->checkbox_group(NAME => 'toppings', - LINEBREAK => true, - COLUMNS => 3, - VALUES => \@toppings, - ); - } + { $q->checkbox_group(NAME => 'toppings', + LINEBREAK => true, + COLUMNS => 3, + VALUES => \@toppings, + ); + } =head2 Automatic preprocessing of program fragments @@ -1819,124 +2006,302 @@ method. It is passed a list of pairs with these entries: text - the text that will be appended type - where the text came from: TEXT for literal text, PROG for code -=head2 Author +=head1 HISTORY -Mark Jason Dominus, Plover Systems +Originally written by Mark Jason Dominus, Plover Systems (versions 0.01 - 1.46) -Please send questions and other remarks about this software to -C +Maintainership transferred to Michael Schout Emschout at cpan.orgE in version +1.47 -You can join a very low-volume (E10 messages per year) mailing -list for announcements about this package. Send an empty note to -C to join. +=head1 THANKS -For updates, visit C. +Many thanks to the following people for offering support, +encouragement, advice, bug reports, and all the other good stuff. -=head2 Support? +=over 4 -This software is version 1.46. It may have bugs. Suggestions and bug -reports are always welcome. Send them to -C. (That is my address, not the address -of the mailing list. The mailing list address is a secret.) +=item * -=head1 LICENSE +Andrew G Wood - Text::Template version 1.46 - Copyright 2013 Mark Jason Dominus +=item * - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License as - published by the Free Software Foundation; either version 2 of the - License, or (at your option) any later version. You may also can - redistribute it and/or modify it under the terms of the Perl - Artistic License. +Andy Wardley - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +=item * - You should have received copies of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +Ant?nio Arag?o +=item * -=head1 THANKS +Archie Warnock -Many thanks to the following people for offering support, -encouragement, advice, bug reports, and all the other good stuff. +=item * + +Bek Oberin + +=item * + +Bob Dougherty + +=item * + +Brian C. Shensky + +=item * + +Chris Nandor + +=item * + +Chris Wesley + +=item * + +Chris.Brezil + +=item * + +Daini Xie + +=item * + +Dan Franklin + +=item * + +Daniel LaLiberte + +=item * + +David H. Adler + +=item * + +David Marshall + +=item * + +Dennis Taylor + +=item * + +Donald L. Greer Jr. + +=item * + +Dr. Frank Bucolo + +=item * + +Fred Steinberg + +=item * + +Gene Damon + +=item * + +Hans Persson + +=item * + +Hans Stoop + +=item * + +Itamar Almeida de Carvalho + +=item * + +James H. Thompson + +=item * + +James Mastros + +=item * + +Jarko Hietaniemi + +=item * + +Jason Moore + +=item * + +Jennifer D. St Clair + +=item * + +Joel Appelbaum + +=item * + +Joel Meulenberg + +=item * + +Jonathan Roy + +=item * + +Joseph Cheek + +=item * + +Juan E. Camacho + +=item * + +Kevin Atteson + +=item * + +Kevin Madsen + +=item * + +Klaus Arnhold + +=item * + +Larry Virden + +=item * + +Lieven Tomme + +=item * + +Lorenzo Valdettaro + +=item * + +Marek Grac + +=item * + +Matt Womer + +=item * + +Matt X. Hunter + +=item * + +Michael G Schwern + +=item * + +Michael J. Suzio + +=item * -David H. Adler / -Joel Appelbaum / -Klaus Arnhold / -AntEnio AragEo / -Kevin Atteson / -Chris.Brezil / -Mike Brodhead / -Tom Brown / -Dr. Frank Bucolo / -Tim Bunce / -Juan E. Camacho / -Itamar Almeida de Carvalho / -Joseph Cheek / -Gene Damon / -San Deng / -Bob Dougherty / -Marek Grac / -Dan Franklin / -gary at dls.net / -Todd A. Green / -Donald L. Greer Jr. / -Michelangelo Grigni / -Zac Hansen / -Tom Henry / -Jarko Hietaniemi / -Matt X. Hunter / -Robert M. Ioffe / -Daniel LaLiberte / -Reuven M. Lerner / -Trip Lilley / -Yannis Livassof / -Val Luck / -Kevin Madsen / -David Marshall / -James Mastros / -Joel Meulenberg / -Jason Moore / -Sergey Myasnikov / -Chris Nandor / -Bek Oberin / -Steve Palincsar / -Ron Pero / -Hans Persson / -Sean Roehnelt / -Jonathan Roy / -Shabbir J. Safdar / -Jennifer D. St Clair / -Uwe Schneider / -Randal L. Schwartz / -Michael G Schwern / -Yonat Sharon / -Brian C. Shensky / -Niklas Skoglund / -Tom Snee / -Fred Steinberg / -Hans Stoop / -Michael J. Suzio / -Dennis Taylor / -James H. Thompson / -Shad Todd / -Lieven Tomme / -Lorenzo Valdettaro / -Larry Virden / -Andy Wardley / -Archie Warnock / -Chris Wesley / -Matt Womer / -Andrew G Wood / -Daini Xie / Michaely Yeung +=item * + +Michelangelo Grigni + +=item * + +Mike Brodhead + +=item * + +Niklas Skoglund + +=item * + +Randal L. Schwartz + +=item * + +Reuven M. Lerner + +=item * + +Robert M. Ioffe + +=item * + +Ron Pero + +=item * + +San Deng + +=item * + +Sean Roehnelt + +=item * + +Sergey Myasnikov + +=item * + +Shabbir J. Safdar + +=item * + +Shad Todd + +=item * + +Steve Palincsar + +=item * + +Tim Bunce + +=item * + +Todd A. Green + +=item * + +Tom Brown + +=item * + +Tom Henry + +=item * + +Tom Snee + +=item * + +Trip Lilley + +=item * + +Uwe Schneider + +=item * + +Val Luck + +=item * + +Yannis Livassof + +=item * + +Yonat Sharon + +=item * + +Zac Hansen + +=item * + +gary at dls.net + +=back + Special thanks to: =over 2 @@ -1970,4 +2335,29 @@ use it as if it were a regular variable. There are not quite enough tests in the test suite. +=head1 SOURCE + +The development version is on github at L +and may be cloned from L + +=head1 BUGS + +Please report any bugs or feature requests on the bugtracker website +L + +When submitting a bug or request, please include a test-file or a +patch to an existing test-file that illustrates the bug or desired +feature. + +=head1 AUTHOR + +Michael Schout + +=head1 COPYRIGHT AND LICENSE + +This software is copyright (c) 2013 by Mark Jason Dominus . + +This is free software; you can redistribute it and/or modify it under +the same terms as the Perl 5 programming language system itself. + =cut diff --git a/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm b/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm similarity index 64% rename from external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm rename to external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm index 1e41037bd3..4fea67b383 100644 --- a/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm +++ b/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm @@ -1,40 +1,59 @@ package Text::Template::Preprocess; +$Text::Template::Preprocess::VERSION = '1.56'; +# ABSTRACT: Expand template text with embedded Perl + +use strict; +use warnings; + use Text::Template; - at ISA = qw(Text::Template); -$Text::Template::Preprocess::VERSION = 1.46; +our @ISA = qw(Text::Template); sub fill_in { - my $self = shift; - my (%args) = @_; - my $pp = $args{PREPROCESSOR} || $self->{PREPROCESSOR} ; - if ($pp) { - local $_ = $self->source(); -# print "# fill_in: before <$_>\n"; - &$pp; -# print "# fill_in: after <$_>\n"; - $self->set_source_data($_); - } - $self->SUPER::fill_in(@_); + my $self = shift; + my (%args) = @_; + + my $pp = $args{PREPROCESSOR} || $self->{PREPROCESSOR}; + + if ($pp) { + local $_ = $self->source(); + my $type = $self->{TYPE}; + + # print "# fill_in: before <$_>\n"; + &$pp; + + # print "# fill_in: after <$_>\n"; + $self->set_source_data($_, $type); + } + + $self->SUPER::fill_in(@_); } sub preprocessor { - my ($self, $pp) = @_; - my $old_pp = $self->{PREPROCESSOR}; - $self->{PREPROCESSOR} = $pp if @_ > 1; # OK to pass $pp=undef - $old_pp; + my ($self, $pp) = @_; + + my $old_pp = $self->{PREPROCESSOR}; + + $self->{PREPROCESSOR} = $pp if @_ > 1; # OK to pass $pp=undef + + $old_pp; } 1; +__END__ -=head1 NAME +=pod + +=encoding UTF-8 + +=head1 NAME Text::Template::Preprocess - Expand template text with embedded Perl =head1 VERSION -This file documents C version B<1.46> +version 1.56 =head1 SYNOPSIS @@ -78,7 +97,6 @@ C. One possible purpose: If your files contain a lot of JavaScript, like this: - Plain text here... { perl code }